Security Basics
don't understand the output of nmap -sV Dec 14 2013 12:50AM
Lentes, Bernd (bernd lentes helmholtz-muenchen de) (1 replies)
Re: don't understand the output of nmap -sV Dec 19 2013 07:59PM
Luther Blissett (lblissett paranoici org)
On Sat, 2013-12-14 at 01:50 +0100, Lentes, Bernd wrote:
> Hi,
>
> i try to check if a SNMP service is available. I did the following:
>
> pc59093:~ # nmap -sU -sV -p161,162 pc53200
>
> The response was:
>
> Starting Nmap 4.75 ( http://nmap.org ) at 2013-12-13 21:59 CET
> Interesting ports on pc53200.xxxxxxxxxxxxx:
> PORT STATE SERVICE VERSION
> 161/udp open snmp SNMPv3 server
> 162/udp open snmp SNMPv3 server
> 2 services unrecognized despite returning data. If you know the service/version, please submit the following fingerprints at http://www.insecure.org/cgi-bin/servicefp-submit.cgi :
> ==============NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)==============
> SF-Port161-UDP:V=4.75%I=7%D=12/13%Time=52AB752E%P=x86_64-suse-linux-gnu%
r(
> SF:SNMPv3GetRequest,73,"0q\x02\x01\x030\x0f\x02\x02Ji\x02\x03\0\xff\xe3\
x0
> SF:4\x01\0\x02\x01\x03\x04\$0\"\x04\x11\x80\0\x1f\x88\x80\xc0d\xa6d7\xcb
\x
> SF:89H\0\0\0\0\x02\x02\x03\x19\x02\x03\x01i\xf2\x04\0\x04\0\x04\x0005\x0
4> SF:x11\x80\0\x1f\x88\x80\xc0d\xa6d7\xcb\x89H\0\0\0\0\x04\0\xa8\x1e\x02\x
02
> SF:7\xf0\x02\x01\0\x02\x01\x000\x120\x10\x06\n\+\x06\x01\x06\x03\x0f\x01
\x
> SF:01\x04\0A\x02\x01\n");
> ==============NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)==============
> SF-Port162-UDP:V=4.75%I=7%D=12/13%Time=52AB7551%P=x86_64-suse-linux-gnu%
r(
> SF:SNMPv3GetRequest,56,"0T\x02\x01\x030\x0e\x02\x02Ji\x02\x02\x05\xdc\x0
4> SF:x01\0\x02\x01\x03\x04\x1a0\x18\x04\x07initial\x02\x01\x01\x02\x04\0\x
b2
> SF:\x1d\x06\x04\0\x04\0\x04\x000#\x04\0\x04\0\xa8\x1d\x02\x027\xf0\x02\x
01
> SF:\0\x02\x01\x000\x110\x0f\x06\n\+\x06\x01\x06\x03\x0f\x01\x01\x04\0A\x
01
> SF:\0");
>
> Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .
> Nmap done: 1 IP address (1 host up) scanned in 46.56 seconds
>
>
> On one hand, the response said it's a SNMPv3 server. On the other hand nmap said it can't recognize the service.
> That does not make sense to me.
>
> Thanks for any help

I'd say nmap just gave you a probable guess on the service running on
those ports according to the "SNMPv3" string found on the fingerprint.
However, since this specific fingerprint does not match nmap's fp
database, it alerts you to confirm that the service is really this and
to feedback community by sending your results. Once you and others have
done this nmap can grow it's certainty of service version.

--
010
001
111
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAABAgAGBQJSs1AuAAoJEITtjxBIvmPm88sP/1ihxxegp2objU9171zwReMC
24SM0IfFYtuN3bQsCLOKirNR4kMRXaStZndnjtvof4ysoG0CS5XpDj8FzUnWw5yI
GnQkJ5wJ3Wgp9WJIOZ5crazqDq5YG9AVjT4mQnKWVDSwEFRHzfnFs1V8sB0kISi4
Ow4JURBOOqgKQ/QAhQR+tkw5u/V2h25S5609pwNHA39GydN+/651P2gax2MKtTGb
pBCOzG8yugBo7XbiP5aBTmlvHZhu6lLm719bMpRX0wJLfpmCLv47rI4C6oJ1t2/S
9uXo8DrJZZF5lwOLYeRPeEIjsSwdLiI+KNKPtkeJT9OoGkk3Uoh1tdXFpjQBn5UL
AZt+jcd+25fm500egKllvlaF0igToIsIpsaUF7V3I73FiFRmHV5c5SmJFZlhZSUE
utyCJr2cOcW7Tp3u9kn7AYiuR2NrZO8A0XyN2VxrwObvY1SabqyBDOtsqM87rpl8
l+bu4r7fHRCHBgdUFDvpNwlfgGxVRW0pOSZdvlvd30tSU9g1prvjaoVIzA9zQgmk
Wj7xPt1yVCG16Nam3FweiS2DUgnvCQT4XkaZ8vEnwyMd1SDVMclvBs7HG9FG7AJO
gerxoSkACh0U9X0gliTOf7fxh6wm9MSbqkpq+WK+P2UGssB+jONXxwRTEL3KsJDW
eJW85klvgOEf3kWOS8Ty
=rFML
-----END PGP SIGNATURE-----

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus