help interpreting the nmap output

From: Ivan Fratric (hacky_2001_at_hotmail.com)
Date: 12/14/04

  • Next message: Nick Owen: "Re: Open source access-controller?" 
    To: security-basics@securityfocus.com
Date: Tue, 14 Dec 2004 18:43:12 +0000

    Hi,

    I'm running nmap on Windows XP. Normally, it works fine (when I use it to
    scan a computer for which I know what services it's running) and returns
    detailed info on the services installed.
    However, I tried to run it on a web server on the Internet and I have
    trouble getting all the info.
    Using -A -T4 options on a server and I receive the following reply

    (The 1441 ports scanned but not shown below are in state: filtered)
    PORT STATE SERVICE VERSION
    5/tcp closed rje
    14/tcp closed unknown
    21/tcp open ftp?
    22/tcp closed ssh
    23/tcp open telnet?
    26/tcp closed unknown
    44/tcp closed mpm-flags
    53/tcp closed domain
    61/tcp closed ni-mail
    63/tcp closed via-ftp
    66/tcp closed sql*net
    79/tcp closed finger
    80/tcp open http?
    93/tcp closed dcp
    107/tcp closed rtelnet
    113/tcp closed auth
    131/tcp closed cisco-tna
    143/tcp closed imap
    144/tcp closed news
    166/tcp closed s-net
    168/tcp closed rsvd
    169/tcp closed send
    176/tcp closed genrad-mux
    177/tcp closed xdmcp
    179/tcp closed bgp
    188/tcp closed mumps
    194/tcp closed irc
    199/tcp closed smux
    200/tcp closed src
    204/tcp closed at-echo
    207/tcp closed at-7
    209/tcp closed tam
    210/tcp closed z39.50
    220/tcp closed imap3
    222/tcp closed rsh-spx
    225/tcp closed unknown
    227/tcp closed unknown
    228/tcp closed unknown
    234/tcp closed unknown
    245/tcp closed link
    256/tcp closed FW1-secureremote
    260/tcp closed openport
    265/tcp closed maybeFW1
    272/tcp closed unknown
    276/tcp closed unknown
    277/tcp closed unknown
    279/tcp closed unknown
    281/tcp closed personal-link
    307/tcp closed unknown
    308/tcp closed novastorbakcup
    320/tcp closed unknown
    321/tcp closed pip
    325/tcp closed unknown
    332/tcp closed unknown
    348/tcp closed csi-sgwp
    355/tcp closed datex-asn
    359/tcp closed tenebris_nts
    360/tcp closed scoi2odialog
    364/tcp closed aurora-cmgr
    389/tcp closed ldap
    404/tcp closed nced
    411/tcp closed rmt
    418/tcp closed hyper-g
    423/tcp closed opc-job-start
    426/tcp closed smartsdp
    434/tcp closed mobileip-agent
    436/tcp closed dna-cml
    437/tcp closed comscm
    442/tcp closed cvc_hostd
    443/tcp open https?
    449/tcp closed as-servermap
    472/tcp closed ljk-login
    487/tcp closed saft
    496/tcp closed pim-rp-disc
    504/tcp closed citadel
    506/tcp closed ohimsrv
    509/tcp closed snare
    524/tcp closed ncp
    533/tcp closed netwall
    537/tcp closed nmsp
    547/tcp closed dhcpv6-server
    554/tcp closed rtsp
    560/tcp closed rmonitor
    575/tcp closed vemmi
    578/tcp closed ipdd
    582/tcp closed scc-security
    586/tcp closed password-chg
    601/tcp closed unknown
    612/tcp closed unknown
    623/tcp closed unknown
    626/tcp closed unknown
    630/tcp closed unknown
    635/tcp closed unknown
    636/tcp closed ldapssl
    638/tcp closed unknown
    644/tcp closed unknown
    659/tcp closed unknown
    675/tcp closed unknown
    677/tcp closed unknown
    678/tcp closed unknown
    686/tcp closed unknown
    688/tcp closed unknown
    714/tcp closed unknown
    716/tcp closed unknown
    721/tcp closed unknown
    724/tcp closed unknown
    725/tcp closed unknown
    729/tcp closed netviewdm1
    743/tcp closed unknown
    766/tcp closed unknown
    781/tcp closed hp-collector
    790/tcp closed unknown
    793/tcp closed unknown
    795/tcp closed unknown
    803/tcp closed unknown
    805/tcp closed unknown
    819/tcp closed unknown
    844/tcp closed unknown
    847/tcp closed unknown
    848/tcp closed unknown
    852/tcp closed unknown
    857/tcp closed unknown
    884/tcp closed unknown
    888/tcp closed accessbuilder
    901/tcp closed samba-swat
    904/tcp closed unknown
    914/tcp closed unknown
    933/tcp closed unknown
    949/tcp closed unknown
    950/tcp closed oftep-rpc
    976/tcp closed unknown
    984/tcp closed unknown
    985/tcp closed unknown
    993/tcp closed imaps
    995/tcp closed pop3s
    999/tcp closed garcon
    1006/tcp closed unknown
    1009/tcp closed unknown
    1011/tcp closed unknown
    1013/tcp closed unknown
    1017/tcp closed unknown
    1040/tcp closed netsaint
    1068/tcp closed instl_bootc
    1084/tcp closed ansoft-lm-2
    1347/tcp closed bbn-mmc
    1352/tcp closed lotusnotes
    1370/tcp closed us-gv
    1374/tcp closed molly
    1376/tcp closed ibm-pps
    1400/tcp closed cadkey-tablet
    1402/tcp closed prm-sm-np
    1410/tcp closed hiq
    1415/tcp closed dbstar
    1419/tcp closed timbuktu-srv3
    1420/tcp closed timbuktu-srv4
    1445/tcp closed proxima-lm
    1450/tcp closed dwf
    1457/tcp closed valisys-lm
    1459/tcp closed proshare1
    1460/tcp closed proshare2
    1481/tcp closed airs
    1483/tcp closed afs
    1484/tcp closed confluent
    1494/tcp closed citrix-ica
    1496/tcp closed liberty-lm
    1499/tcp closed fhc
    1513/tcp closed fujitsu-dtc
    1516/tcp closed vpad
    1527/tcp closed tlisrv
    1534/tcp closed micromuse-lm
    1535/tcp closed ampr-info
    1542/tcp closed gridgen-elmd
    1552/tcp closed pciarray
    1662/tcp closed netview-aix-2
    1665/tcp closed netview-aix-5
    1672/tcp closed netview-aix-12
    1680/tcp closed CarbonCopy
    1720/tcp closed H.323/Q.931
    1723/tcp closed pptp
    1755/tcp closed wms
    1986/tcp closed licensedaemon
    1988/tcp closed tr-rsrb-p2
    1993/tcp closed snmp-tcp-port
    1997/tcp closed gdp-port
    2003/tcp closed cfingerd
    2008/tcp closed conf
    2042/tcp closed isis
    2046/tcp closed sdfunc
    2047/tcp closed dls
    2401/tcp closed cvspserver
    2603/tcp closed ripngd
    2784/tcp closed www-dev
    3000/tcp closed ppp
    3389/tcp closed ms-term-serv
    4333/tcp closed msql
    4672/tcp closed rfa
    4998/tcp closed maybeveritas
    5010/tcp closed telelpathstart
    5145/tcp closed rmonitor_secure
    5191/tcp closed aol-1
    5232/tcp closed sgi-dgl
    5236/tcp closed padl2sim
    5405/tcp closed pcduo
    5530/tcp closed sdserv
    5680/tcp closed canna
    6003/tcp closed X11:3
    6105/tcp closed isdninfo
    6111/tcp closed spc
    6141/tcp closed meta-corp
    6142/tcp closed aspentec-lm
    6588/tcp closed analogx
    7007/tcp closed afs3-bos
    8007/tcp closed ajp12
    8892/tcp closed seosload
    13701/tcp closed VeritasNetbackup
    13717/tcp closed VeritasNetbackup
    19150/tcp closed gkrellmd
    22289/tcp closed wnn6_Cn
    31337/tcp closed Elite
    32773/tcp closed sometimes-rpc9
    32786/tcp closed sometimes-rpc25
    65301/tcp closed pcanywhere
    Too many fingerprints match this host to give specific OS details

    So, why the question marks next to the open protocols? Next I tried
    connecting to the telnet and ftp, but I get disconnected straight away. So I
    tried to get more info on the http and https by calling nmap with -sV -p 80
    or -sV -p 443 options. Since it's a web server it is certainly running those
    services. I get something like

    80/tcp open Apache httpd

    Anyway, no sign of the Apache version. So, how can I find out what version
    of the Apache a server is running? What is the best way to proceed from
    here? TIA

    _________________________________________________________________
    Don't just search. Find. Check out the new MSN Search!
    http://search.msn.com/

  • Next message: Nick Owen: "Re: Open source access-controller?"

    Relevant Pages

    • RE: help interpreting the nmap output
      ... I tried to run it on a web server on the Internet and I have ... 14/tcp closed unknown ... 80/tcp open http? ... 729/tcp closed netviewdm1 ...
      (Security-Basics)
    • Re: Im back from the dead
      ... 24/tcp closed priv-mail ... 25/tcp open smtp ... 26/tcp closed unknown ... 80/tcp open http ...
      (microsoft.public.excel)