Home page logo

nmap-dev logo Nmap Development mailing list archives

Re: NMAP Discrepancy
From: David Fifield <david () bamsoftware com>
Date: Tue, 24 May 2011 09:36:59 -0700

On Tue, May 24, 2011 at 02:36:58PM +0300, Toni Ruottu wrote:
Try adding --version-trace to the command line, and tell us if you are
able to figure it out.

On Tue, May 24, 2011 at 2:33 PM, Michael Lubinski
<michael.lubinski () gmail com> wrote:
Anybody know why NMAP reports differences every so often with the same port.
-3389/tcp  open  microsoft-rdp Microsoft Terminal Service
+3389/tcp  open

This is running on a Win7 box, with NMAP 5.51.

The same scan is run every time, sometimes it displays the service (using
the -sV switch) and sometimes not?

It's strange that the service name is blank instead of "microsoft-rdp?",
which is what it would be if none of the service probes matched. It
could be a bug in the service database.

Toni's suggestion is good, but I would use -d2 instead of
--version-trace so that you don't see a bunch of Nsock messages. The
lines you are looking for are like this:

Scanning 2 services on scanme.nmap.org (
Starting probes against new service: (tcp)
Starting probes against new service: (tcp)
Service scan sending probe NULL to (tcp)
Service scan sending probe NULL to (tcp)
Service scan match (Probe NULL matched with NULL line 2487): is ssh.  Version: |OpenSSH|5.3p1 Debian 
3ubuntu6|protocol 2.0|
Service scan sending probe GetRequest to (tcp)
Service scan match (Probe GetRequest matched with GetRequest line 4688): is http.  Version: |Apache 
Completed Service scan at 09:35, 6.04s elapsed (2 services on 1 host)

You should see either a "matched" line with a line number, or else see
all the probes be tested with no result.

David Fifield
Sent through the nmap-dev mailing list
Archived at http://seclists.org/nmap-dev/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]