THC-AMAP

Previous page
Table of content
Next page

THC-AMAP

Nmap began as a network mapping tool, a port scanner. Amap is a next -generation port scanner that attempts to identify the actual service listening on a port rather than assuming a service has been assigned to its default port. This is identical to nmap's sV (version detection) capability.

THC-Amap is available from http://thc.org/thc-amap/. It installs with the usual GNU process (./configure, make, make install) under Unix-based systems including Mac OS X and even works in Cygwin. Although nmap has a greater user base and perhaps a larger group of developers behind it, amap is actively maintained and popular in its own right.

Implementation

Amap interrogates ports with various alphanumeric and hexadecimal triggers. This interrogation is done after the TCP handshake has been completed. Much of nmap's port scanning relied on manipulating TCP flags and options that could be spoofed. With amap, you must interact with the unknown service. Spoofed and decoy traffic is not a concern here.

Amap has four "modes" of execution as detailed in Table 4-3. Modes cannot be combined.

Table 4-3: THC-Amap Scan Modes

Mode Option

Description

-A

Identify the service associated with the port. This identification is based on an analysis of responses to various triggers sent by amap.

-B

Report banners. Does not perform identification or submit triggers to the service.

-P

Conduct a port scan. Amap performs full connect scans . Use nmap for advanced options if you just want to discover ports.

-W

Download the latest fingerprint files from http://www.thc.org/thc-amap.

Examine Banners

Without a tool like amap, service identification largely relies on default ports, human-readable banners, and using an array of clients to test the connection. Protocols that use text-based interfaces for all or part of their communication are easy to identify. For example, the following services are easily deduced by a Netcat connection: 

 [Paris:~] mike% nc smtp.mail.yahoo.com 25 220 smtp109.mail.sc5.yahoo.com ESMTP ^C punt! [Paris:~] mike% nc ftp.ibiblio.org 21 220 ProFTPD Server (Bring it on...) ^C punt! [Paris:~] mike% nc 10.0.1.5 22 SSH-1.99-OpenSSH_3.8.1p1 ^C punt!

Not only do we have an initial hint at the service from the port numbers , but the responses correlate with what we expect from SMTP, FTP, and SSH. Now, consider what happens if we try this against a web server: 

 [Paris:~] mike% nc 10.0.1.32 80 ^C punt! [Paris:~] mike% nc 10.0.1.32 443 (connection immediately closes)

Some protocols require a nudge, or trigger, before the service responds. In the case of a web server (HTTP), we need to issue a HEAD command: 

 [Paris:~] mike% nc 10.0.1.32 80 HEAD / HTTP/1.0 HTTP/1.1 200 OK Date: Tue, 28 Jun 2005 10:17:57 GMT Server: Apache/2.0.54 Last-Modified: Tue, 08 Feb 2005 13:42:23 GMT ETag: "ce55-e-1e54adc0" Accept-Ranges: bytes Content-Length: 14 Connection: close Content-Type: text/html; charset=ISO-8859-1

This provides us with the hint that the web server is probably Apache 2.0.54, but we can't be sure because Apache's banners are trivial to modify.

So, not all protocols return a banner without a trigger and not all banners can be trusted. Then there's the problem of how to deal with binary protocols like SSL or Microsoft Terminal Server. If you wish to merely obtain a banner and do not want to send triggers to gain a better confidence about a service, then use the B option: 

 [Paris:~] mike% amap -B 10.0.1.32 22 80 amap v5.1 (www.thc.org/thc-amap) started at  2005-06-28 21:08:40 - BANNER mode Banner on 10.0.1.32:22/tcp : SSH-2.0-OpenSSH_3.6.1p2\n amap v5.1 finished at 2005-06-28 21:08:41

Notice that we tried two ports, 22 and 80, but a banner only came back for 22. That's because port 80 (which we know to be a web server) requires a trigger before showing a banner.

Map a Service

Amap uses its mapping mode ( -A ) by default. This means it sends a series of triggers from the appdefs.trig file and analyzes the service's response for matches in the appdefs.resp file. Triggers can be alphanumeric, binary, or a combination. Thus, triggers range from unnecessary (as in the case of FTP or SMTP) to simple (HTTP, Nessus) to complex (Oracle TNS listener, SSL, Microsoft SQL Server). Amap collects all of the responses and finds the best match. 

 [Paris:~] mike% amap -A 10.0.1.32 22 80 amap v5.1 (www.thc.org/thc-amap) started at  2005-06-28 21:19:01 - MAPPING mode Protocol on 10.0.1.32:22/tcp matches ssh Protocol on 10.0.1.32:22/tcp matches ssh-openssh Protocol on 10.0.1.32:80/tcp matches http Protocol on 10.0.1.32:80/tcp matches http-apache-2 Unidentified ports: none. amap v5.1 finished at 2005-06-28 21:19:10

Usually, services only respond to a particular protocol handshake. So, the trigger for SSL shouldn't elicit a response from a DNS service and the DNS trigger shouldn't elicit a response from SSL. In actual practice, services have bugs , respond in unexpected manners, and may not be very stable. Many of amap's triggers contain hexadecimal values (0x00, 0x0a, 0xff, etc.) that can cause a service to crash. If you wish to be more careful with scans, use the H option to omit triggers that have been marked as potentially harmful .

Try the v or d options to print more verbose information during amap's execution if you suspect errors or are simply curious about what it's doing.

Determine UDP Services A tool like amap is well-suited for UDP port enumeration and identification. Most UDP services expect a very specific packet content before they will respond, if at all. Use the u option for amap to interpret ports as UDP: 

 [Paris:~] mike% amap -A -u 10.0.1.32 161 amap v5.1 (www.thc.org/thc-amap) started at  2005-06-28 21:32:06 - MAPPING mode Protocol on 10.0.1.32:161/udp matches snmp-public Unidentified ports: none. amap v5.1 finished at 2005-06-28 21:32:12

In fact, nmap's version detection ( -sV ) works quite well for UDP services, too. 

 [Paris:~] mike% nmap -sU 10.0.1.32 -sV -p 161 Starting nmap 3.81 (http://www.insecure.org/nmap/) at  2005-06-28 21:32 PDT Interesting ports on 10.0.1.32: PORT    STATE SERVICE VERSION 161/udp open  snmp    SNMPv1 server (public) Nmap finished: 1 IP address (1 host up) scanned in 0.609 seconds

Combine Nmap and Amap Even though amap contains a subset of the capability in nmap, the two can be effectively combined. Amap can read nmap's output files ( -oG or the deprecated oM ) with the i option. This lets you use both tools to validate the services on a host. 

 [Paris:~] mike% nmap -sV 10.0.1.32 -oG test.txt ; amap -i test.txt Starting nmap 3.81 (http://www.insecure.org/nmap/) at 2005-06-28 21:41 PDT Interesting ports on 10.0.1.32: (The 1658 ports scanned but not shown below are in state: closed) PORT     STATE SERVICE VERSION 22/tcp   open  ssh     OpenSSH 3.6.1p2 (protocol 2.0) 80/tcp   open  http    Apache httpd 2.0.53 199/tcp  open  smux    Linux SNMP multiplexer 3306/tcp open  mysql? 8080/tcp open  http    Apache httpd 2.0.53 ((Unix)) 1 service unrecognized despite returning data. If you know the  service/version, please submit the following fingerprint at  http://www.insecure.org/cgi-bin/servicefp-submit.cgi : SF-Port3306-TCP:V=3.81%D=6/28%Time=42C22674%P=powerpc-apple-darwin7.7.0%r(SF:NULL,3C,"8 
 [Paris:~] mike% nmap -sV 10.0.1.32 -oG test.txt ; amap -i test.txt Starting nmap 3.81 (http://www.insecure.org/nmap/) at 2005-06-28 21:41 PDT Interesting ports on 10.0.1.32: (The 1658 ports scanned but not shown below are in state: closed) PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 3.6.1p2 (protocol 2.0) 80/tcp open http Apache httpd 2.0.53 199/tcp open smux Linux SNMP multiplexer 3306/tcp open mysql? 8080/tcp open http Apache httpd 2.0.53 ((Unix)) 1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at http://www.insecure.org/cgi-bin/servicefp-submit.cgi : SF-Port3306-TCP:V=3.81%D=6/28%Time=42C22674%P=powerpc-apple-darwin7.7.0%r(SF:NULL,3C,"8\0\0\0\n5\.0\.3-beta\0\xb8\x08\0\0qj\?=TmJj\0,\xa2\x08\x02\0\ SF:0\0\0\0\0\0\0\0\0\0\0\0\0TGFi`'\?DzY\.w\0")%r(GenericLines,56,"8\0\0\0\ SF:n5\.0\.3-beta\0\xb8\x08\0\0qj\?=TmJj\0,\xa2\x08\x02\0\0\0\0\0\0\0\0\0\0 SF:\0\0\0\0TGFi`'\?DzY\.w\0\x16\0\0\x01\xff\x13\x04#08S01Bad\x20handshake" SF:)%r(LDAPBindReq,3C,"8\0\0\0\n5\.0\.3-beta\0\xc4\x08\0\0-d1d&-P,\0,\xa2\ SF:x08\x02\0\0\0\0\0\0\0\0\0\0\0\0\0\0\(#wQnVD1g6sb\0"); Nmap finished: 1 IP address (1 host up) scanned in 10.594 seconds amap v5.1 (www.thc.org/thc-amap) started at 2005-06-28 21:41:29 - MAPPING mode Protocol on 10.0.1.32:22/tcp matches ssh Protocol on 10.0.1.32:22/tcp matches ssh-openssh Protocol on 10.0.1.32:199/tcp matches snmp Protocol on 10.0.1.32:80/tcp matches http Protocol on 10.0.1.32:8080/tcp matches http Protocol on 10.0.1.32:8080/tcp matches http-apache-2 Protocol on 10.0.1.32:3306/tcp matches mysql Protocol on 10.0.1.32:80/tcp matches http-apache-2 Unidentified ports: none. amap v5.1 finished at 2005-06-28 21:41:36 
 
 [Paris:~] mike% nmap -sV 10.0.1.32 -oG test.txt ; amap -i test.txt Starting nmap 3.81 (http://www.insecure.org/nmap/) at 2005-06-28 21:41 PDT Interesting ports on 10.0.1.32: (The 1658 ports scanned but not shown below are in state: closed) PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 3.6.1p2 (protocol 2.0) 80/tcp open http Apache httpd 2.0.53 199/tcp open smux Linux SNMP multiplexer 3306/tcp open mysql? 8080/tcp open http Apache httpd 2.0.53 ((Unix)) 1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at http://www.insecure.org/cgi-bin/servicefp-submit.cgi : SF-Port3306-TCP:V=3.81%D=6/28%Time=42C22674%P=powerpc-apple-darwin7.7.0%r(SF:NULL,3C,"8\0\0\0\n5\.0\.3-beta\0\xb8\x08\0\0qj\?=TmJj\0,\xa2\x08\x02\0\ SF:0\0\0\0\0\0\0\0\0\0\0\0\0TGFi`'\?DzY\.w\0")%r(GenericLines,56,"8\0\0\0\ SF:n5\.0\.3-beta\0\xb8\x08\0\0qj\?=TmJj\0,\xa2\x08\x02\0\0\0\0\0\0\0\0\0\0 SF:\0\0\0\0TGFi`'\?DzY\.w\0\x16\0\0\x01\xff\x13\x04#08S01Bad\x20handshake" SF:)%r(LDAPBindReq,3C,"8\0\0\0\n5\.0\.3-beta\0\xc4\x08\0\0-d1d&-P,\0,\xa2\ SF:x08\x02\0\0\0\0\0\0\0\0\0\0\0\0\0\0\(#wQnVD1g6sb\0"); Nmap finished: 1 IP address (1 host up) scanned in 10.594 seconds amap v5.1 (www.thc.org/thc-amap) started at 2005-06-28 21:41:29 - MAPPING mode Protocol on 10.0.1.32:22/tcp matches ssh Protocol on 10.0.1.32:22/tcp matches ssh-openssh Protocol on 10.0.1.32:199/tcp matches snmp Protocol on 10.0.1.32:80/tcp matches http Protocol on 10.0.1.32:8080/tcp matches http Protocol on 10.0.1.32:8080/tcp matches http-apache-2 Protocol on 10.0.1.32:3306/tcp matches mysql Protocol on 10.0.1.32:80/tcp matches http-apache-2 Unidentified ports: none. amap v5.1 finished at 2005-06-28 21:41:36 
 
 [Paris:~] mike% nmap -sV 10.0.1.32 -oG test.txt ; amap -i test.txt Starting nmap 3.81 (http://www.insecure.org/nmap/) at 2005-06-28 21:41 PDT Interesting ports on 10.0.1.32: (The 1658 ports scanned but not shown below are in state: closed) PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 3.6.1p2 (protocol 2.0) 80/tcp open http Apache httpd 2.0.53 199/tcp open smux Linux SNMP multiplexer 3306/tcp open mysql? 8080/tcp open http Apache httpd 2.0.53 ((Unix)) 1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at http://www.insecure.org/cgi-bin/servicefp-submit.cgi : SF-Port3306-TCP:V=3.81%D=6/28%Time=42C22674%P=powerpc-apple-darwin7.7.0%r(SF:NULL,3C,"8\0\0\0\n5\.0\.3-beta\0\xb8\x08\0\0qj\?=TmJj\0,\xa2\x08\x02\0\ SF:0\0\0\0\0\0\0\0\0\0\0\0\0TGFi`'\?DzY\.w\0")%r(GenericLines,56,"8\0\0\0\ SF:n5\.0\.3-beta\0\xb8\x08\0\0qj\?=TmJj\0,\xa2\x08\x02\0\0\0\0\0\0\0\0\0\0 SF:\0\0\0\0TGFi`'\?DzY\.w\0\x16\0\0\x01\xff\x13\x04#08S01Bad\x20handshake" SF:)%r(LDAPBindReq,3C,"8\0\0\0\n5\.0\.3-beta\0\xc4\x08\0\0-d1d&-P,\0,\xa2\ SF:x08\x02\0\0\0\0\0\0\0\0\0\0\0\0\0\0\(#wQnVD1g6sb\0"); Nmap finished: 1 IP address (1 host up) scanned in 10.594 seconds amap v5.1 (www.thc.org/thc-amap) started at 2005-06-28 21:41:29 - MAPPING mode Protocol on 10.0.1.32:22/tcp matches ssh Protocol on 10.0.1.32:22/tcp matches ssh-openssh Protocol on 10.0.1.32:199/tcp matches snmp Protocol on 10.0.1.32:80/tcp matches http Protocol on 10.0.1.32:8080/tcp matches http Protocol on 10.0.1.32:8080/tcp matches http-apache-2 Protocol on 10.0.1.32:3306/tcp matches mysql Protocol on 10.0.1.32:80/tcp matches http-apache-2 Unidentified ports: none. amap v5.1 finished at 2005-06-28 21:41:36 
 \n5\.0\.3-beta 
 [Paris:~] mike% nmap -sV 10.0.1.32 -oG test.txt ; amap -i test.txt Starting nmap 3.81 (http://www.insecure.org/nmap/) at 2005-06-28 21:41 PDT Interesting ports on 10.0.1.32: (The 1658 ports scanned but not shown below are in state: closed) PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 3.6.1p2 (protocol 2.0) 80/tcp open http Apache httpd 2.0.53 199/tcp open smux Linux SNMP multiplexer 3306/tcp open mysql? 8080/tcp open http Apache httpd 2.0.53 ((Unix)) 1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at http://www.insecure.org/cgi-bin/servicefp-submit.cgi : SF-Port3306-TCP:V=3.81%D=6/28%Time=42C22674%P=powerpc-apple-darwin7.7.0%r(SF:NULL,3C,"8\0\0\0\n5\.0\.3-beta\0\xb8\x08\0\0qj\?=TmJj\0,\xa2\x08\x02\0\ SF:0\0\0\0\0\0\0\0\0\0\0\0\0TGFi`'\?DzY\.w\0")%r(GenericLines,56,"8\0\0\0\ SF:n5\.0\.3-beta\0\xb8\x08\0\0qj\?=TmJj\0,\xa2\x08\x02\0\0\0\0\0\0\0\0\0\0 SF:\0\0\0\0TGFi`'\?DzY\.w\0\x16\0\0\x01\xff\x13\x04#08S01Bad\x20handshake" SF:)%r(LDAPBindReq,3C,"8\0\0\0\n5\.0\.3-beta\0\xc4\x08\0\0-d1d&-P,\0,\xa2\ SF:x08\x02\0\0\0\0\0\0\0\0\0\0\0\0\0\0\(#wQnVD1g6sb\0"); Nmap finished: 1 IP address (1 host up) scanned in 10.594 seconds amap v5.1 (www.thc.org/thc-amap) started at 2005-06-28 21:41:29 - MAPPING mode Protocol on 10.0.1.32:22/tcp matches ssh Protocol on 10.0.1.32:22/tcp matches ssh-openssh Protocol on 10.0.1.32:199/tcp matches snmp Protocol on 10.0.1.32:80/tcp matches http Protocol on 10.0.1.32:8080/tcp matches http Protocol on 10.0.1.32:8080/tcp matches http-apache-2 Protocol on 10.0.1.32:3306/tcp matches mysql Protocol on 10.0.1.32:80/tcp matches http-apache-2 Unidentified ports: none. amap v5.1 finished at 2005-06-28 21:41:36 
 \xb8\x08 
 [Paris:~] mike% nmap -sV 10.0.1.32 -oG test.txt ; amap -i test.txt Starting nmap 3.81 (http://www.insecure.org/nmap/) at 2005-06-28 21:41 PDT Interesting ports on 10.0.1.32: (The 1658 ports scanned but not shown below are in state: closed) PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 3.6.1p2 (protocol 2.0) 80/tcp open http Apache httpd 2.0.53 199/tcp open smux Linux SNMP multiplexer 3306/tcp open mysql? 8080/tcp open http Apache httpd 2.0.53 ((Unix)) 1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at http://www.insecure.org/cgi-bin/servicefp-submit.cgi : SF-Port3306-TCP:V=3.81%D=6/28%Time=42C22674%P=powerpc-apple-darwin7.7.0%r(SF:NULL,3C,"8\0\0\0\n5\.0\.3-beta\0\xb8\x08\0\0qj\?=TmJj\0,\xa2\x08\x02\0\ SF:0\0\0\0\0\0\0\0\0\0\0\0\0TGFi`'\?DzY\.w\0")%r(GenericLines,56,"8\0\0\0\ SF:n5\.0\.3-beta\0\xb8\x08\0\0qj\?=TmJj\0,\xa2\x08\x02\0\0\0\0\0\0\0\0\0\0 SF:\0\0\0\0TGFi`'\?DzY\.w\0\x16\0\0\x01\xff\x13\x04#08S01Bad\x20handshake" SF:)%r(LDAPBindReq,3C,"8\0\0\0\n5\.0\.3-beta\0\xc4\x08\0\0-d1d&-P,\0,\xa2\ SF:x08\x02\0\0\0\0\0\0\0\0\0\0\0\0\0\0\(#wQnVD1g6sb\0"); Nmap finished: 1 IP address (1 host up) scanned in 10.594 seconds amap v5.1 (www.thc.org/thc-amap) started at 2005-06-28 21:41:29 - MAPPING mode Protocol on 10.0.1.32:22/tcp matches ssh Protocol on 10.0.1.32:22/tcp matches ssh-openssh Protocol on 10.0.1.32:199/tcp matches snmp Protocol on 10.0.1.32:80/tcp matches http Protocol on 10.0.1.32:8080/tcp matches http Protocol on 10.0.1.32:8080/tcp matches http-apache-2 Protocol on 10.0.1.32:3306/tcp matches mysql Protocol on 10.0.1.32:80/tcp matches http-apache-2 Unidentified ports: none. amap v5.1 finished at 2005-06-28 21:41:36 
 
 [Paris:~] mike% nmap -sV 10.0.1.32 -oG test.txt ; amap -i test.txt Starting nmap 3.81 (http://www.insecure.org/nmap/) at 2005-06-28 21:41 PDT Interesting ports on 10.0.1.32: (The 1658 ports scanned but not shown below are in state: closed) PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 3.6.1p2 (protocol 2.0) 80/tcp open http Apache httpd 2.0.53 199/tcp open smux Linux SNMP multiplexer 3306/tcp open mysql? 8080/tcp open http Apache httpd 2.0.53 ((Unix)) 1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at http://www.insecure.org/cgi-bin/servicefp-submit.cgi : SF-Port3306-TCP:V=3.81%D=6/28%Time=42C22674%P=powerpc-apple-darwin7.7.0%r(SF:NULL,3C,"8\0\0\0\n5\.0\.3-beta\0\xb8\x08\0\0qj\?=TmJj\0,\xa2\x08\x02\0\ SF:0\0\0\0\0\0\0\0\0\0\0\0\0TGFi`'\?DzY\.w\0")%r(GenericLines,56,"8\0\0\0\ SF:n5\.0\.3-beta\0\xb8\x08\0\0qj\?=TmJj\0,\xa2\x08\x02\0\0\0\0\0\0\0\0\0\0 SF:\0\0\0\0TGFi`'\?DzY\.w\0\x16\0\0\x01\xff\x13\x04#08S01Bad\x20handshake" SF:)%r(LDAPBindReq,3C,"8\0\0\0\n5\.0\.3-beta\0\xc4\x08\0\0-d1d&-P,\0,\xa2\ SF:x08\x02\0\0\0\0\0\0\0\0\0\0\0\0\0\0\(#wQnVD1g6sb\0"); Nmap finished: 1 IP address (1 host up) scanned in 10.594 seconds amap v5.1 (www.thc.org/thc-amap) started at 2005-06-28 21:41:29 - MAPPING mode Protocol on 10.0.1.32:22/tcp matches ssh Protocol on 10.0.1.32:22/tcp matches ssh-openssh Protocol on 10.0.1.32:199/tcp matches snmp Protocol on 10.0.1.32:80/tcp matches http Protocol on 10.0.1.32:8080/tcp matches http Protocol on 10.0.1.32:8080/tcp matches http-apache-2 Protocol on 10.0.1.32:3306/tcp matches mysql Protocol on 10.0.1.32:80/tcp matches http-apache-2 Unidentified ports: none. amap v5.1 finished at 2005-06-28 21:41:36 
 qj\?=TmJj 
 [Paris:~] mike% nmap -sV 10.0.1.32 -oG test.txt ; amap -i test.txt Starting nmap 3.81 (http://www.insecure.org/nmap/) at 2005-06-28 21:41 PDT Interesting ports on 10.0.1.32: (The 1658 ports scanned but not shown below are in state: closed) PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 3.6.1p2 (protocol 2.0) 80/tcp open http Apache httpd 2.0.53 199/tcp open smux Linux SNMP multiplexer 3306/tcp open mysql? 8080/tcp open http Apache httpd 2.0.53 ((Unix)) 1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at http://www.insecure.org/cgi-bin/servicefp-submit.cgi : SF-Port3306-TCP:V=3.81%D=6/28%Time=42C22674%P=powerpc-apple-darwin7.7.0%r(SF:NULL,3C,"8\0\0\0\n5\.0\.3-beta\0\xb8\x08\0\0qj\?=TmJj\0,\xa2\x08\x02\0\ SF:0\0\0\0\0\0\0\0\0\0\0\0\0TGFi`'\?DzY\.w\0")%r(GenericLines,56,"8\0\0\0\ SF:n5\.0\.3-beta\0\xb8\x08\0\0qj\?=TmJj\0,\xa2\x08\x02\0\0\0\0\0\0\0\0\0\0 SF:\0\0\0\0TGFi`'\?DzY\.w\0\x16\0\0\x01\xff\x13\x04#08S01Bad\x20handshake" SF:)%r(LDAPBindReq,3C,"8\0\0\0\n5\.0\.3-beta\0\xc4\x08\0\0-d1d&-P,\0,\xa2\ SF:x08\x02\0\0\0\0\0\0\0\0\0\0\0\0\0\0\(#wQnVD1g6sb\0"); Nmap finished: 1 IP address (1 host up) scanned in 10.594 seconds amap v5.1 (www.thc.org/thc-amap) started at 2005-06-28 21:41:29 - MAPPING mode Protocol on 10.0.1.32:22/tcp matches ssh Protocol on 10.0.1.32:22/tcp matches ssh-openssh Protocol on 10.0.1.32:199/tcp matches snmp Protocol on 10.0.1.32:80/tcp matches http Protocol on 10.0.1.32:8080/tcp matches http Protocol on 10.0.1.32:8080/tcp matches http-apache-2 Protocol on 10.0.1.32:3306/tcp matches mysql Protocol on 10.0.1.32:80/tcp matches http-apache-2 Unidentified ports: none. amap v5.1 finished at 2005-06-28 21:41:36 
 ,\xa2\x08\x02 
 [Paris:~] mike% nmap -sV 10.0.1.32 -oG test.txt ; amap -i test.txt Starting nmap 3.81 (http://www.insecure.org/nmap/) at 2005-06-28 21:41 PDT Interesting ports on 10.0.1.32: (The 1658 ports scanned but not shown below are in state: closed) PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 3.6.1p2 (protocol 2.0) 80/tcp open http Apache httpd 2.0.53 199/tcp open smux Linux SNMP multiplexer 3306/tcp open mysql? 8080/tcp open http Apache httpd 2.0.53 ((Unix)) 1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at http://www.insecure.org/cgi-bin/servicefp-submit.cgi : SF-Port3306-TCP:V=3.81%D=6/28%Time=42C22674%P=powerpc-apple-darwin7.7.0%r(SF:NULL,3C,"8\0\0\0\n5\.0\.3-beta\0\xb8\x08\0\0qj\?=TmJj\0,\xa2\x08\x02\0\ SF:0\0\0\0\0\0\0\0\0\0\0\0\0TGFi`'\?DzY\.w\0")%r(GenericLines,56,"8\0\0\0\ SF:n5\.0\.3-beta\0\xb8\x08\0\0qj\?=TmJj\0,\xa2\x08\x02\0\0\0\0\0\0\0\0\0\0 SF:\0\0\0\0TGFi`'\?DzY\.w\0\x16\0\0\x01\xff\x13\x04#08S01Bad\x20handshake" SF:)%r(LDAPBindReq,3C,"8\0\0\0\n5\.0\.3-beta\0\xc4\x08\0\0-d1d&-P,\0,\xa2\ SF:x08\x02\0\0\0\0\0\0\0\0\0\0\0\0\0\0\(#wQnVD1g6sb\0"); Nmap finished: 1 IP address (1 host up) scanned in 10.594 seconds amap v5.1 (www.thc.org/thc-amap) started at 2005-06-28 21:41:29 - MAPPING mode Protocol on 10.0.1.32:22/tcp matches ssh Protocol on 10.0.1.32:22/tcp matches ssh-openssh Protocol on 10.0.1.32:199/tcp matches snmp Protocol on 10.0.1.32:80/tcp matches http Protocol on 10.0.1.32:8080/tcp matches http Protocol on 10.0.1.32:8080/tcp matches http-apache-2 Protocol on 10.0.1.32:3306/tcp matches mysql Protocol on 10.0.1.32:80/tcp matches http-apache-2 Unidentified ports: none. amap v5.1 finished at 2005-06-28 21:41:36 
 \ SF:0 
 [Paris:~] mike% nmap -sV 10.0.1.32 -oG test.txt ; amap -i test.txt Starting nmap 3.81 (http://www.insecure.org/nmap/) at 2005-06-28 21:41 PDT Interesting ports on 10.0.1.32: (The 1658 ports scanned but not shown below are in state: closed) PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 3.6.1p2 (protocol 2.0) 80/tcp open http Apache httpd 2.0.53 199/tcp open smux Linux SNMP multiplexer 3306/tcp open mysql? 8080/tcp open http Apache httpd 2.0.53 ((Unix)) 1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at http://www.insecure.org/cgi-bin/servicefp-submit.cgi : SF-Port3306-TCP:V=3.81%D=6/28%Time=42C22674%P=powerpc-apple-darwin7.7.0%r(SF:NULL,3C,"8\0\0\0\n5\.0\.3-beta\0\xb8\x08\0\0qj\?=TmJj\0,\xa2\x08\x02\0\ SF:0\0\0\0\0\0\0\0\0\0\0\0\0TGFi`'\?DzY\.w\0")%r(GenericLines,56,"8\0\0\0\ SF:n5\.0\.3-beta\0\xb8\x08\0\0qj\?=TmJj\0,\xa2\x08\x02\0\0\0\0\0\0\0\0\0\0 SF:\0\0\0\0TGFi`'\?DzY\.w\0\x16\0\0\x01\xff\x13\x04#08S01Bad\x20handshake" SF:)%r(LDAPBindReq,3C,"8\0\0\0\n5\.0\.3-beta\0\xc4\x08\0\0-d1d&-P,\0,\xa2\ SF:x08\x02\0\0\0\0\0\0\0\0\0\0\0\0\0\0\(#wQnVD1g6sb\0"); Nmap finished: 1 IP address (1 host up) scanned in 10.594 seconds amap v5.1 (www.thc.org/thc-amap) started at 2005-06-28 21:41:29 - MAPPING mode Protocol on 10.0.1.32:22/tcp matches ssh Protocol on 10.0.1.32:22/tcp matches ssh-openssh Protocol on 10.0.1.32:199/tcp matches snmp Protocol on 10.0.1.32:80/tcp matches http Protocol on 10.0.1.32:8080/tcp matches http Protocol on 10.0.1.32:8080/tcp matches http-apache-2 Protocol on 10.0.1.32:3306/tcp matches mysql Protocol on 10.0.1.32:80/tcp matches http-apache-2 Unidentified ports: none. amap v5.1 finished at 2005-06-28 21:41:36 
 
 [Paris:~] mike% nmap -sV 10.0.1.32 -oG test.txt ; amap -i test.txt Starting nmap 3.81 (http://www.insecure.org/nmap/) at 2005-06-28 21:41 PDT Interesting ports on 10.0.1.32: (The 1658 ports scanned but not shown below are in state: closed) PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 3.6.1p2 (protocol 2.0) 80/tcp open http Apache httpd 2.0.53 199/tcp open smux Linux SNMP multiplexer 3306/tcp open mysql? 8080/tcp open http Apache httpd 2.0.53 ((Unix)) 1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at http://www.insecure.org/cgi-bin/servicefp-submit.cgi : SF-Port3306-TCP:V=3.81%D=6/28%Time=42C22674%P=powerpc-apple-darwin7.7.0%r(SF:NULL,3C,"8\0\0\0\n5\.0\.3-beta\0\xb8\x08\0\0qj\?=TmJj\0,\xa2\x08\x02\0\ SF:0\0\0\0\0\0\0\0\0\0\0\0\0TGFi`'\?DzY\.w\0")%r(GenericLines,56,"8\0\0\0\ SF:n5\.0\.3-beta\0\xb8\x08\0\0qj\?=TmJj\0,\xa2\x08\x02\0\0\0\0\0\0\0\0\0\0 SF:\0\0\0\0TGFi`'\?DzY\.w\0\x16\0\0\x01\xff\x13\x04#08S01Bad\x20handshake" SF:)%r(LDAPBindReq,3C,"8\0\0\0\n5\.0\.3-beta\0\xc4\x08\0\0-d1d&-P,\0,\xa2\ SF:x08\x02\0\0\0\0\0\0\0\0\0\0\0\0\0\0\(#wQnVD1g6sb\0"); Nmap finished: 1 IP address (1 host up) scanned in 10.594 seconds amap v5.1 (www.thc.org/thc-amap) started at 2005-06-28 21:41:29 - MAPPING mode Protocol on 10.0.1.32:22/tcp matches ssh Protocol on 10.0.1.32:22/tcp matches ssh-openssh Protocol on 10.0.1.32:199/tcp matches snmp Protocol on 10.0.1.32:80/tcp matches http Protocol on 10.0.1.32:8080/tcp matches http Protocol on 10.0.1.32:8080/tcp matches http-apache-2 Protocol on 10.0.1.32:3306/tcp matches mysql Protocol on 10.0.1.32:80/tcp matches http-apache-2 Unidentified ports: none. amap v5.1 finished at 2005-06-28 21:41:36 
 
 [Paris:~] mike% nmap -sV 10.0.1.32 -oG test.txt ; amap -i test.txt Starting nmap 3.81 (http://www.insecure.org/nmap/) at 2005-06-28 21:41 PDT Interesting ports on 10.0.1.32: (The 1658 ports scanned but not shown below are in state: closed) PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 3.6.1p2 (protocol 2.0) 80/tcp open http Apache httpd 2.0.53 199/tcp open smux Linux SNMP multiplexer 3306/tcp open mysql? 8080/tcp open http Apache httpd 2.0.53 ((Unix)) 1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at http://www.insecure.org/cgi-bin/servicefp-submit.cgi : SF-Port3306-TCP:V=3.81%D=6/28%Time=42C22674%P=powerpc-apple-darwin7.7.0%r(SF:NULL,3C,"8\0\0\0\n5\.0\.3-beta\0\xb8\x08\0\0qj\?=TmJj\0,\xa2\x08\x02\0\ SF:0\0\0\0\0\0\0\0\0\0\0\0\0TGFi`'\?DzY\.w\0")%r(GenericLines,56,"8\0\0\0\ SF:n5\.0\.3-beta\0\xb8\x08\0\0qj\?=TmJj\0,\xa2\x08\x02\0\0\0\0\0\0\0\0\0\0 SF:\0\0\0\0TGFi`'\?DzY\.w\0\x16\0\0\x01\xff\x13\x04#08S01Bad\x20handshake" SF:)%r(LDAPBindReq,3C,"8\0\0\0\n5\.0\.3-beta\0\xc4\x08\0\0-d1d&-P,\0,\xa2\ SF:x08\x02\0\0\0\0\0\0\0\0\0\0\0\0\0\0\(#wQnVD1g6sb\0"); Nmap finished: 1 IP address (1 host up) scanned in 10.594 seconds amap v5.1 (www.thc.org/thc-amap) started at 2005-06-28 21:41:29 - MAPPING mode Protocol on 10.0.1.32:22/tcp matches ssh Protocol on 10.0.1.32:22/tcp matches ssh-openssh Protocol on 10.0.1.32:199/tcp matches snmp Protocol on 10.0.1.32:80/tcp matches http Protocol on 10.0.1.32:8080/tcp matches http Protocol on 10.0.1.32:8080/tcp matches http-apache-2 Protocol on 10.0.1.32:3306/tcp matches mysql Protocol on 10.0.1.32:80/tcp matches http-apache-2 Unidentified ports: none. amap v5.1 finished at 2005-06-28 21:41:36 
 
 [Paris:~] mike% nmap -sV 10.0.1.32 -oG test.txt ; amap -i test.txt Starting nmap 3.81 (http://www.insecure.org/nmap/) at 2005-06-28 21:41 PDT Interesting ports on 10.0.1.32: (The 1658 ports scanned but not shown below are in state: closed) PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 3.6.1p2 (protocol 2.0) 80/tcp open http Apache httpd 2.0.53 199/tcp open smux Linux SNMP multiplexer 3306/tcp open mysql? 8080/tcp open http Apache httpd 2.0.53 ((Unix)) 1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at http://www.insecure.org/cgi-bin/servicefp-submit.cgi : SF-Port3306-TCP:V=3.81%D=6/28%Time=42C22674%P=powerpc-apple-darwin7.7.0%r(SF:NULL,3C,"8\0\0\0\n5\.0\.3-beta\0\xb8\x08\0\0qj\?=TmJj\0,\xa2\x08\x02\0\ SF:0\0\0\0\0\0\0\0\0\0\0\0\0TGFi`'\?DzY\.w\0")%r(GenericLines,56,"8\0\0\0\ SF:n5\.0\.3-beta\0\xb8\x08\0\0qj\?=TmJj\0,\xa2\x08\x02\0\0\0\0\0\0\0\0\0\0 SF:\0\0\0\0TGFi`'\?DzY\.w\0\x16\0\0\x01\xff\x13\x04#08S01Bad\x20handshake" SF:)%r(LDAPBindReq,3C,"8\0\0\0\n5\.0\.3-beta\0\xc4\x08\0\0-d1d&-P,\0,\xa2\ SF:x08\x02\0\0\0\0\0\0\0\0\0\0\0\0\0\0\(#wQnVD1g6sb\0"); Nmap finished: 1 IP address (1 host up) scanned in 10.594 seconds amap v5.1 (www.thc.org/thc-amap) started at 2005-06-28 21:41:29 - MAPPING mode Protocol on 10.0.1.32:22/tcp matches ssh Protocol on 10.0.1.32:22/tcp matches ssh-openssh Protocol on 10.0.1.32:199/tcp matches snmp Protocol on 10.0.1.32:80/tcp matches http Protocol on 10.0.1.32:8080/tcp matches http Protocol on 10.0.1.32:8080/tcp matches http-apache-2 Protocol on 10.0.1.32:3306/tcp matches mysql Protocol on 10.0.1.32:80/tcp matches http-apache-2 Unidentified ports: none. amap v5.1 finished at 2005-06-28 21:41:36 
 
 [Paris:~] mike% nmap -sV 10.0.1.32 -oG test.txt ; amap -i test.txt Starting nmap 3.81 (http://www.insecure.org/nmap/) at 2005-06-28 21:41 PDT Interesting ports on 10.0.1.32: (The 1658 ports scanned but not shown below are in state: closed) PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 3.6.1p2 (protocol 2.0) 80/tcp open http Apache httpd 2.0.53 199/tcp open smux Linux SNMP multiplexer 3306/tcp open mysql? 8080/tcp open http Apache httpd 2.0.53 ((Unix)) 1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at http://www.insecure.org/cgi-bin/servicefp-submit.cgi : SF-Port3306-TCP:V=3.81%D=6/28%Time=42C22674%P=powerpc-apple-darwin7.7.0%r(SF:NULL,3C,"8\0\0\0\n5\.0\.3-beta\0\xb8\x08\0\0qj\?=TmJj\0,\xa2\x08\x02\0\ SF:0\0\0\0\0\0\0\0\0\0\0\0\0TGFi`'\?DzY\.w\0")%r(GenericLines,56,"8\0\0\0\ SF:n5\.0\.3-beta\0\xb8\x08\0\0qj\?=TmJj\0,\xa2\x08\x02\0\0\0\0\0\0\0\0\0\0 SF:\0\0\0\0TGFi`'\?DzY\.w\0\x16\0\0\x01\xff\x13\x04#08S01Bad\x20handshake" SF:)%r(LDAPBindReq,3C,"8\0\0\0\n5\.0\.3-beta\0\xc4\x08\0\0-d1d&-P,\0,\xa2\ SF:x08\x02\0\0\0\0\0\0\0\0\0\0\0\0\0\0\(#wQnVD1g6sb\0"); Nmap finished: 1 IP address (1 host up) scanned in 10.594 seconds amap v5.1 (www.thc.org/thc-amap) started at 2005-06-28 21:41:29 - MAPPING mode Protocol on 10.0.1.32:22/tcp matches ssh Protocol on 10.0.1.32:22/tcp matches ssh-openssh Protocol on 10.0.1.32:199/tcp matches snmp Protocol on 10.0.1.32:80/tcp matches http Protocol on 10.0.1.32:8080/tcp matches http Protocol on 10.0.1.32:8080/tcp matches http-apache-2 Protocol on 10.0.1.32:3306/tcp matches mysql Protocol on 10.0.1.32:80/tcp matches http-apache-2 Unidentified ports: none. amap v5.1 finished at 2005-06-28 21:41:36 
 
 [Paris:~] mike% nmap -sV 10.0.1.32 -oG test.txt ; amap -i test.txt Starting nmap 3.81 (http://www.insecure.org/nmap/) at 2005-06-28 21:41 PDT Interesting ports on 10.0.1.32: (The 1658 ports scanned but not shown below are in state: closed) PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 3.6.1p2 (protocol 2.0) 80/tcp open http Apache httpd 2.0.53 199/tcp open smux Linux SNMP multiplexer 3306/tcp open mysql? 8080/tcp open http Apache httpd 2.0.53 ((Unix)) 1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at http://www.insecure.org/cgi-bin/servicefp-submit.cgi : SF-Port3306-TCP:V=3.81%D=6/28%Time=42C22674%P=powerpc-apple-darwin7.7.0%r(SF:NULL,3C,"8\0\0\0\n5\.0\.3-beta\0\xb8\x08\0\0qj\?=TmJj\0,\xa2\x08\x02\0\ SF:0\0\0\0\0\0\0\0\0\0\0\0\0TGFi`'\?DzY\.w\0")%r(GenericLines,56,"8\0\0\0\ SF:n5\.0\.3-beta\0\xb8\x08\0\0qj\?=TmJj\0,\xa2\x08\x02\0\0\0\0\0\0\0\0\0\0 SF:\0\0\0\0TGFi`'\?DzY\.w\0\x16\0\0\x01\xff\x13\x04#08S01Bad\x20handshake" SF:)%r(LDAPBindReq,3C,"8\0\0\0\n5\.0\.3-beta\0\xc4\x08\0\0-d1d&-P,\0,\xa2\ SF:x08\x02\0\0\0\0\0\0\0\0\0\0\0\0\0\0\(#wQnVD1g6sb\0"); Nmap finished: 1 IP address (1 host up) scanned in 10.594 seconds amap v5.1 (www.thc.org/thc-amap) started at 2005-06-28 21:41:29 - MAPPING mode Protocol on 10.0.1.32:22/tcp matches ssh Protocol on 10.0.1.32:22/tcp matches ssh-openssh Protocol on 10.0.1.32:199/tcp matches snmp Protocol on 10.0.1.32:80/tcp matches http Protocol on 10.0.1.32:8080/tcp matches http Protocol on 10.0.1.32:8080/tcp matches http-apache-2 Protocol on 10.0.1.32:3306/tcp matches mysql Protocol on 10.0.1.32:80/tcp matches http-apache-2 Unidentified ports: none. amap v5.1 finished at 2005-06-28 21:41:36 
 
 [Paris:~] mike% nmap -sV 10.0.1.32 -oG test.txt ; amap -i test.txt Starting nmap 3.81 (http://www.insecure.org/nmap/) at 2005-06-28 21:41 PDT Interesting ports on 10.0.1.32: (The 1658 ports scanned but not shown below are in state: closed) PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 3.6.1p2 (protocol 2.0) 80/tcp open http Apache httpd 2.0.53 199/tcp open smux Linux SNMP multiplexer 3306/tcp open mysql? 8080/tcp open http Apache httpd 2.0.53 ((Unix)) 1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at http://www.insecure.org/cgi-bin/servicefp-submit.cgi : SF-Port3306-TCP:V=3.81%D=6/28%Time=42C22674%P=powerpc-apple-darwin7.7.0%r(SF:NULL,3C,"8\0\0\0\n5\.0\.3-beta\0\xb8\x08\0\0qj\?=TmJj\0,\xa2\x08\x02\0\ SF:0\0\0\0\0\0\0\0\0\0\0\0\0TGFi`'\?DzY\.w\0")%r(GenericLines,56,"8\0\0\0\ SF:n5\.0\.3-beta\0\xb8\x08\0\0qj\?=TmJj\0,\xa2\x08\x02\0\0\0\0\0\0\0\0\0\0 SF:\0\0\0\0TGFi`'\?DzY\.w\0\x16\0\0\x01\xff\x13\x04#08S01Bad\x20handshake" SF:)%r(LDAPBindReq,3C,"8\0\0\0\n5\.0\.3-beta\0\xc4\x08\0\0-d1d&-P,\0,\xa2\ SF:x08\x02\0\0\0\0\0\0\0\0\0\0\0\0\0\0\(#wQnVD1g6sb\0"); Nmap finished: 1 IP address (1 host up) scanned in 10.594 seconds amap v5.1 (www.thc.org/thc-amap) started at 2005-06-28 21:41:29 - MAPPING mode Protocol on 10.0.1.32:22/tcp matches ssh Protocol on 10.0.1.32:22/tcp matches ssh-openssh Protocol on 10.0.1.32:199/tcp matches snmp Protocol on 10.0.1.32:80/tcp matches http Protocol on 10.0.1.32:8080/tcp matches http Protocol on 10.0.1.32:8080/tcp matches http-apache-2 Protocol on 10.0.1.32:3306/tcp matches mysql Protocol on 10.0.1.32:80/tcp matches http-apache-2 Unidentified ports: none. amap v5.1 finished at 2005-06-28 21:41:36 
 
 [Paris:~] mike% nmap -sV 10.0.1.32 -oG test.txt ; amap -i test.txt Starting nmap 3.81 (http://www.insecure.org/nmap/) at 2005-06-28 21:41 PDT Interesting ports on 10.0.1.32: (The 1658 ports scanned but not shown below are in state: closed) PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 3.6.1p2 (protocol 2.0) 80/tcp open http Apache httpd 2.0.53 199/tcp open smux Linux SNMP multiplexer 3306/tcp open mysql? 8080/tcp open http Apache httpd 2.0.53 ((Unix)) 1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at http://www.insecure.org/cgi-bin/servicefp-submit.cgi : SF-Port3306-TCP:V=3.81%D=6/28%Time=42C22674%P=powerpc-apple-darwin7.7.0%r(SF:NULL,3C,"8\0\0\0\n5\.0\.3-beta\0\xb8\x08\0\0qj\?=TmJj\0,\xa2\x08\x02\0\ SF:0\0\0\0\0\0\0\0\0\0\0\0\0TGFi`'\?DzY\.w\0")%r(GenericLines,56,"8\0\0\0\ SF:n5\.0\.3-beta\0\xb8\x08\0\0qj\?=TmJj\0,\xa2\x08\x02\0\0\0\0\0\0\0\0\0\0 SF:\0\0\0\0TGFi`'\?DzY\.w\0\x16\0\0\x01\xff\x13\x04#08S01Bad\x20handshake" SF:)%r(LDAPBindReq,3C,"8\0\0\0\n5\.0\.3-beta\0\xc4\x08\0\0-d1d&-P,\0,\xa2\ SF:x08\x02\0\0\0\0\0\0\0\0\0\0\0\0\0\0\(#wQnVD1g6sb\0"); Nmap finished: 1 IP address (1 host up) scanned in 10.594 seconds amap v5.1 (www.thc.org/thc-amap) started at 2005-06-28 21:41:29 - MAPPING mode Protocol on 10.0.1.32:22/tcp matches ssh Protocol on 10.0.1.32:22/tcp matches ssh-openssh Protocol on 10.0.1.32:199/tcp matches snmp Protocol on 10.0.1.32:80/tcp matches http Protocol on 10.0.1.32:8080/tcp matches http Protocol on 10.0.1.32:8080/tcp matches http-apache-2 Protocol on 10.0.1.32:3306/tcp matches mysql Protocol on 10.0.1.32:80/tcp matches http-apache-2 Unidentified ports: none. amap v5.1 finished at 2005-06-28 21:41:36 
 
 [Paris:~] mike% nmap -sV 10.0.1.32 -oG test.txt ; amap -i test.txt Starting nmap 3.81 (http://www.insecure.org/nmap/) at 2005-06-28 21:41 PDT Interesting ports on 10.0.1.32: (The 1658 ports scanned but not shown below are in state: closed) PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 3.6.1p2 (protocol 2.0) 80/tcp open http Apache httpd 2.0.53 199/tcp open smux Linux SNMP multiplexer 3306/tcp open mysql? 8080/tcp open http Apache httpd 2.0.53 ((Unix)) 1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at http://www.insecure.org/cgi-bin/servicefp-submit.cgi : SF-Port3306-TCP:V=3.81%D=6/28%Time=42C22674%P=powerpc-apple-darwin7.7.0%r(SF:NULL,3C,"8\0\0\0\n5\.0\.3-beta\0\xb8\x08\0\0qj\?=TmJj\0,\xa2\x08\x02\0\ SF:0\0\0\0\0\0\0\0\0\0\0\0\0TGFi`'\?DzY\.w\0")%r(GenericLines,56,"8\0\0\0\ SF:n5\.0\.3-beta\0\xb8\x08\0\0qj\?=TmJj\0,\xa2\x08\x02\0\0\0\0\0\0\0\0\0\0 SF:\0\0\0\0TGFi`'\?DzY\.w\0\x16\0\0\x01\xff\x13\x04#08S01Bad\x20handshake" SF:)%r(LDAPBindReq,3C,"8\0\0\0\n5\.0\.3-beta\0\xc4\x08\0\0-d1d&-P,\0,\xa2\ SF:x08\x02\0\0\0\0\0\0\0\0\0\0\0\0\0\0\(#wQnVD1g6sb\0"); Nmap finished: 1 IP address (1 host up) scanned in 10.594 seconds amap v5.1 (www.thc.org/thc-amap) started at 2005-06-28 21:41:29 - MAPPING mode Protocol on 10.0.1.32:22/tcp matches ssh Protocol on 10.0.1.32:22/tcp matches ssh-openssh Protocol on 10.0.1.32:199/tcp matches snmp Protocol on 10.0.1.32:80/tcp matches http Protocol on 10.0.1.32:8080/tcp matches http Protocol on 10.0.1.32:8080/tcp matches http-apache-2 Protocol on 10.0.1.32:3306/tcp matches mysql Protocol on 10.0.1.32:80/tcp matches http-apache-2 Unidentified ports: none. amap v5.1 finished at 2005-06-28 21:41:36 
 
 [Paris:~] mike% nmap -sV 10.0.1.32 -oG test.txt ; amap -i test.txt Starting nmap 3.81 (http://www.insecure.org/nmap/) at 2005-06-28 21:41 PDT Interesting ports on 10.0.1.32: (The 1658 ports scanned but not shown below are in state: closed) PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 3.6.1p2 (protocol 2.0) 80/tcp open http Apache httpd 2.0.53 199/tcp open smux Linux SNMP multiplexer 3306/tcp open mysql? 8080/tcp open http Apache httpd 2.0.53 ((Unix)) 1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at http://www.insecure.org/cgi-bin/servicefp-submit.cgi : SF-Port3306-TCP:V=3.81%D=6/28%Time=42C22674%P=powerpc-apple-darwin7.7.0%r(SF:NULL,3C,"8\0\0\0\n5\.0\.3-beta\0\xb8\x08\0\0qj\?=TmJj\0,\xa2\x08\x02\0\ SF:0\0\0\0\0\0\0\0\0\0\0\0\0TGFi`'\?DzY\.w\0")%r(GenericLines,56,"8\0\0\0\ SF:n5\.0\.3-beta\0\xb8\x08\0\0qj\?=TmJj\0,\xa2\x08\x02\0\0\0\0\0\0\0\0\0\0 SF:\0\0\0\0TGFi`'\?DzY\.w\0\x16\0\0\x01\xff\x13\x04#08S01Bad\x20handshake" SF:)%r(LDAPBindReq,3C,"8\0\0\0\n5\.0\.3-beta\0\xc4\x08\0\0-d1d&-P,\0,\xa2\ SF:x08\x02\0\0\0\0\0\0\0\0\0\0\0\0\0\0\(#wQnVD1g6sb\0"); Nmap finished: 1 IP address (1 host up) scanned in 10.594 seconds amap v5.1 (www.thc.org/thc-amap) started at 2005-06-28 21:41:29 - MAPPING mode Protocol on 10.0.1.32:22/tcp matches ssh Protocol on 10.0.1.32:22/tcp matches ssh-openssh Protocol on 10.0.1.32:199/tcp matches snmp Protocol on 10.0.1.32:80/tcp matches http Protocol on 10.0.1.32:8080/tcp matches http Protocol on 10.0.1.32:8080/tcp matches http-apache-2 Protocol on 10.0.1.32:3306/tcp matches mysql Protocol on 10.0.1.32:80/tcp matches http-apache-2 Unidentified ports: none. amap v5.1 finished at 2005-06-28 21:41:36 
 
 [Paris:~] mike% nmap -sV 10.0.1.32 -oG test.txt ; amap -i test.txt Starting nmap 3.81 (http://www.insecure.org/nmap/) at 2005-06-28 21:41 PDT Interesting ports on 10.0.1.32: (The 1658 ports scanned but not shown below are in state: closed) PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 3.6.1p2 (protocol 2.0) 80/tcp open http Apache httpd 2.0.53 199/tcp open smux Linux SNMP multiplexer 3306/tcp open mysql? 8080/tcp open http Apache httpd 2.0.53 ((Unix)) 1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at http://www.insecure.org/cgi-bin/servicefp-submit.cgi : SF-Port3306-TCP:V=3.81%D=6/28%Time=42C22674%P=powerpc-apple-darwin7.7.0%r(SF:NULL,3C,"8\0\0\0\n5\.0\.3-beta\0\xb8\x08\0\0qj\?=TmJj\0,\xa2\x08\x02\0\ SF:0\0\0\0\0\0\0\0\0\0\0\0\0TGFi`'\?DzY\.w\0")%r(GenericLines,56,"8\0\0\0\ SF:n5\.0\.3-beta\0\xb8\x08\0\0qj\?=TmJj\0,\xa2\x08\x02\0\0\0\0\0\0\0\0\0\0 SF:\0\0\0\0TGFi`'\?DzY\.w\0\x16\0\0\x01\xff\x13\x04#08S01Bad\x20handshake" SF:)%r(LDAPBindReq,3C,"8\0\0\0\n5\.0\.3-beta\0\xc4\x08\0\0-d1d&-P,\0,\xa2\ SF:x08\x02\0\0\0\0\0\0\0\0\0\0\0\0\0\0\(#wQnVD1g6sb\0"); Nmap finished: 1 IP address (1 host up) scanned in 10.594 seconds amap v5.1 (www.thc.org/thc-amap) started at 2005-06-28 21:41:29 - MAPPING mode Protocol on 10.0.1.32:22/tcp matches ssh Protocol on 10.0.1.32:22/tcp matches ssh-openssh Protocol on 10.0.1.32:199/tcp matches snmp Protocol on 10.0.1.32:80/tcp matches http Protocol on 10.0.1.32:8080/tcp matches http Protocol on 10.0.1.32:8080/tcp matches http-apache-2 Protocol on 10.0.1.32:3306/tcp matches mysql Protocol on 10.0.1.32:80/tcp matches http-apache-2 Unidentified ports: none. amap v5.1 finished at 2005-06-28 21:41:36 
 
 [Paris:~] mike% nmap -sV 10.0.1.32 -oG test.txt ; amap -i test.txt Starting nmap 3.81 (http://www.insecure.org/nmap/) at 2005-06-28 21:41 PDT Interesting ports on 10.0.1.32: (The 1658 ports scanned but not shown below are in state: closed) PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 3.6.1p2 (protocol 2.0) 80/tcp open http Apache httpd 2.0.53 199/tcp open smux Linux SNMP multiplexer 3306/tcp open mysql? 8080/tcp open http Apache httpd 2.0.53 ((Unix)) 1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at http://www.insecure.org/cgi-bin/servicefp-submit.cgi : SF-Port3306-TCP:V=3.81%D=6/28%Time=42C22674%P=powerpc-apple-darwin7.7.0%r(SF:NULL,3C,"8\0\0\0\n5\.0\.3-beta\0\xb8\x08\0\0qj\?=TmJj\0,\xa2\x08\x02\0\ SF:0\0\0\0\0\0\0\0\0\0\0\0\0TGFi`'\?DzY\.w\0")%r(GenericLines,56,"8\0\0\0\ SF:n5\.0\.3-beta\0\xb8\x08\0\0qj\?=TmJj\0,\xa2\x08\x02\0\0\0\0\0\0\0\0\0\0 SF:\0\0\0\0TGFi`'\?DzY\.w\0\x16\0\0\x01\xff\x13\x04#08S01Bad\x20handshake" SF:)%r(LDAPBindReq,3C,"8\0\0\0\n5\.0\.3-beta\0\xc4\x08\0\0-d1d&-P,\0,\xa2\ SF:x08\x02\0\0\0\0\0\0\0\0\0\0\0\0\0\0\(#wQnVD1g6sb\0"); Nmap finished: 1 IP address (1 host up) scanned in 10.594 seconds amap v5.1 (www.thc.org/thc-amap) started at 2005-06-28 21:41:29 - MAPPING mode Protocol on 10.0.1.32:22/tcp matches ssh Protocol on 10.0.1.32:22/tcp matches ssh-openssh Protocol on 10.0.1.32:199/tcp matches snmp Protocol on 10.0.1.32:80/tcp matches http Protocol on 10.0.1.32:8080/tcp matches http Protocol on 10.0.1.32:8080/tcp matches http-apache-2 Protocol on 10.0.1.32:3306/tcp matches mysql Protocol on 10.0.1.32:80/tcp matches http-apache-2 Unidentified ports: none. amap v5.1 finished at 2005-06-28 21:41:36 
 TGFi`'\?DzY\.w 
 [Paris:~] mike% nmap -sV 10.0.1.32 -oG test.txt ; amap -i test.txt Starting nmap 3.81 (http://www.insecure.org/nmap/) at 2005-06-28 21:41 PDT Interesting ports on 10.0.1.32: (The 1658 ports scanned but not shown below are in state: closed) PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 3.6.1p2 (protocol 2.0) 80/tcp open http Apache httpd 2.0.53 199/tcp open smux Linux SNMP multiplexer 3306/tcp open mysql? 8080/tcp open http Apache httpd 2.0.53 ((Unix)) 1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at http://www.insecure.org/cgi-bin/servicefp-submit.cgi : SF-Port3306-TCP:V=3.81%D=6/28%Time=42C22674%P=powerpc-apple-darwin7.7.0%r(SF:NULL,3C,"8\0\0\0\n5\.0\.3-beta\0\xb8\x08\0\0qj\?=TmJj\0,\xa2\x08\x02\0\ SF:0\0\0\0\0\0\0\0\0\0\0\0\0TGFi`'\?DzY\.w\0")%r(GenericLines,56,"8\0\0\0\ SF:n5\.0\.3-beta\0\xb8\x08\0\0qj\?=TmJj\0,\xa2\x08\x02\0\0\0\0\0\0\0\0\0\0 SF:\0\0\0\0TGFi`'\?DzY\.w\0\x16\0\0\x01\xff\x13\x04#08S01Bad\x20handshake" SF:)%r(LDAPBindReq,3C,"8\0\0\0\n5\.0\.3-beta\0\xc4\x08\0\0-d1d&-P,\0,\xa2\ SF:x08\x02\0\0\0\0\0\0\0\0\0\0\0\0\0\0\(#wQnVD1g6sb\0"); Nmap finished: 1 IP address (1 host up) scanned in 10.594 seconds amap v5.1 (www.thc.org/thc-amap) started at 2005-06-28 21:41:29 - MAPPING mode Protocol on 10.0.1.32:22/tcp matches ssh Protocol on 10.0.1.32:22/tcp matches ssh-openssh Protocol on 10.0.1.32:199/tcp matches snmp Protocol on 10.0.1.32:80/tcp matches http Protocol on 10.0.1.32:8080/tcp matches http Protocol on 10.0.1.32:8080/tcp matches http-apache-2 Protocol on 10.0.1.32:3306/tcp matches mysql Protocol on 10.0.1.32:80/tcp matches http-apache-2 Unidentified ports: none. amap v5.1 finished at 2005-06-28 21:41:36 
 ")%r(GenericLines,56,"8 
 [Paris:~] mike% nmap -sV 10.0.1.32 -oG test.txt ; amap -i test.txt Starting nmap 3.81 (http://www.insecure.org/nmap/) at 2005-06-28 21:41 PDT Interesting ports on 10.0.1.32: (The 1658 ports scanned but not shown below are in state: closed) PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 3.6.1p2 (protocol 2.0) 80/tcp open http Apache httpd 2.0.53 199/tcp open smux Linux SNMP multiplexer 3306/tcp open mysql? 8080/tcp open http Apache httpd 2.0.53 ((Unix)) 1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at http://www.insecure.org/cgi-bin/servicefp-submit.cgi : SF-Port3306-TCP:V=3.81%D=6/28%Time=42C22674%P=powerpc-apple-darwin7.7.0%r(SF:NULL,3C,"8\0\0\0\n5\.0\.3-beta\0\xb8\x08\0\0qj\?=TmJj\0,\xa2\x08\x02\0\ SF:0\0\0\0\0\0\0\0\0\0\0\0\0TGFi`'\?DzY\.w\0")%r(GenericLines,56,"8\0\0\0\ SF:n5\.0\.3-beta\0\xb8\x08\0\0qj\?=TmJj\0,\xa2\x08\x02\0\0\0\0\0\0\0\0\0\0 SF:\0\0\0\0TGFi`'\?DzY\.w\0\x16\0\0\x01\xff\x13\x04#08S01Bad\x20handshake" SF:)%r(LDAPBindReq,3C,"8\0\0\0\n5\.0\.3-beta\0\xc4\x08\0\0-d1d&-P,\0,\xa2\ SF:x08\x02\0\0\0\0\0\0\0\0\0\0\0\0\0\0\(#wQnVD1g6sb\0"); Nmap finished: 1 IP address (1 host up) scanned in 10.594 seconds amap v5.1 (www.thc.org/thc-amap) started at 2005-06-28 21:41:29 - MAPPING mode Protocol on 10.0.1.32:22/tcp matches ssh Protocol on 10.0.1.32:22/tcp matches ssh-openssh Protocol on 10.0.1.32:199/tcp matches snmp Protocol on 10.0.1.32:80/tcp matches http Protocol on 10.0.1.32:8080/tcp matches http Protocol on 10.0.1.32:8080/tcp matches http-apache-2 Protocol on 10.0.1.32:3306/tcp matches mysql Protocol on 10.0.1.32:80/tcp matches http-apache-2 Unidentified ports: none. amap v5.1 finished at 2005-06-28 21:41:36 
 
 [Paris:~] mike% nmap -sV 10.0.1.32 -oG test.txt ; amap -i test.txt Starting nmap 3.81 (http://www.insecure.org/nmap/) at 2005-06-28 21:41 PDT Interesting ports on 10.0.1.32: (The 1658 ports scanned but not shown below are in state: closed) PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 3.6.1p2 (protocol 2.0) 80/tcp open http Apache httpd 2.0.53 199/tcp open smux Linux SNMP multiplexer 3306/tcp open mysql? 8080/tcp open http Apache httpd 2.0.53 ((Unix)) 1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at http://www.insecure.org/cgi-bin/servicefp-submit.cgi : SF-Port3306-TCP:V=3.81%D=6/28%Time=42C22674%P=powerpc-apple-darwin7.7.0%r(SF:NULL,3C,"8\0\0\0\n5\.0\.3-beta\0\xb8\x08\0\0qj\?=TmJj\0,\xa2\x08\x02\0\ SF:0\0\0\0\0\0\0\0\0\0\0\0\0TGFi`'\?DzY\.w\0")%r(GenericLines,56,"8\0\0\0\ SF:n5\.0\.3-beta\0\xb8\x08\0\0qj\?=TmJj\0,\xa2\x08\x02\0\0\0\0\0\0\0\0\0\0 SF:\0\0\0\0TGFi`'\?DzY\.w\0\x16\0\0\x01\xff\x13\x04#08S01Bad\x20handshake" SF:)%r(LDAPBindReq,3C,"8\0\0\0\n5\.0\.3-beta\0\xc4\x08\0\0-d1d&-P,\0,\xa2\ SF:x08\x02\0\0\0\0\0\0\0\0\0\0\0\0\0\0\(#wQnVD1g6sb\0"); Nmap finished: 1 IP address (1 host up) scanned in 10.594 seconds amap v5.1 (www.thc.org/thc-amap) started at 2005-06-28 21:41:29 - MAPPING mode Protocol on 10.0.1.32:22/tcp matches ssh Protocol on 10.0.1.32:22/tcp matches ssh-openssh Protocol on 10.0.1.32:199/tcp matches snmp Protocol on 10.0.1.32:80/tcp matches http Protocol on 10.0.1.32:8080/tcp matches http Protocol on 10.0.1.32:8080/tcp matches http-apache-2 Protocol on 10.0.1.32:3306/tcp matches mysql Protocol on 10.0.1.32:80/tcp matches http-apache-2 Unidentified ports: none. amap v5.1 finished at 2005-06-28 21:41:36 
 
 [Paris:~] mike% nmap -sV 10.0.1.32 -oG test.txt ; amap -i test.txt Starting nmap 3.81 (http://www.insecure.org/nmap/) at 2005-06-28 21:41 PDT Interesting ports on 10.0.1.32: (The 1658 ports scanned but not shown below are in state: closed) PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 3.6.1p2 (protocol 2.0) 80/tcp open http Apache httpd 2.0.53 199/tcp open smux Linux SNMP multiplexer 3306/tcp open mysql? 8080/tcp open http Apache httpd 2.0.53 ((Unix)) 1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at http://www.insecure.org/cgi-bin/servicefp-submit.cgi : SF-Port3306-TCP:V=3.81%D=6/28%Time=42C22674%P=powerpc-apple-darwin7.7.0%r(SF:NULL,3C,"8\0\0\0\n5\.0\.3-beta\0\xb8\x08\0\0qj\?=TmJj\0,\xa2\x08\x02\0\ SF:0\0\0\0\0\0\0\0\0\0\0\0\0TGFi`'\?DzY\.w\0")%r(GenericLines,56,"8\0\0\0\ SF:n5\.0\.3-beta\0\xb8\x08\0\0qj\?=TmJj\0,\xa2\x08\x02\0\0\0\0\0\0\0\0\0\0 SF:\0\0\0\0TGFi`'\?DzY\.w\0\x16\0\0\x01\xff\x13\x04#08S01Bad\x20handshake" SF:)%r(LDAPBindReq,3C,"8\0\0\0\n5\.0\.3-beta\0\xc4\x08\0\0-d1d&-P,\0,\xa2\ SF:x08\x02\0\0\0\0\0\0\0\0\0\0\0\0\0\0\(#wQnVD1g6sb\0"); Nmap finished: 1 IP address (1 host up) scanned in 10.594 seconds amap v5.1 (www.thc.org/thc-amap) started at 2005-06-28 21:41:29 - MAPPING mode Protocol on 10.0.1.32:22/tcp matches ssh Protocol on 10.0.1.32:22/tcp matches ssh-openssh Protocol on 10.0.1.32:199/tcp matches snmp Protocol on 10.0.1.32:80/tcp matches http Protocol on 10.0.1.32:8080/tcp matches http Protocol on 10.0.1.32:8080/tcp matches http-apache-2 Protocol on 10.0.1.32:3306/tcp matches mysql Protocol on 10.0.1.32:80/tcp matches http-apache-2 Unidentified ports: none. amap v5.1 finished at 2005-06-28 21:41:36 
 \ SF:n5\.0\.3-beta 
 [Paris:~] mike% nmap -sV 10.0.1.32 -oG test.txt ; amap -i test.txt Starting nmap 3.81 (http://www.insecure.org/nmap/) at 2005-06-28 21:41 PDT Interesting ports on 10.0.1.32: (The 1658 ports scanned but not shown below are in state: closed) PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 3.6.1p2 (protocol 2.0) 80/tcp open http Apache httpd 2.0.53 199/tcp open smux Linux SNMP multiplexer 3306/tcp open mysql? 8080/tcp open http Apache httpd 2.0.53 ((Unix)) 1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at http://www.insecure.org/cgi-bin/servicefp-submit.cgi : SF-Port3306-TCP:V=3.81%D=6/28%Time=42C22674%P=powerpc-apple-darwin7.7.0%r(SF:NULL,3C,"8\0\0\0\n5\.0\.3-beta\0\xb8\x08\0\0qj\?=TmJj\0,\xa2\x08\x02\0\ SF:0\0\0\0\0\0\0\0\0\0\0\0\0TGFi`'\?DzY\.w\0")%r(GenericLines,56,"8\0\0\0\ SF:n5\.0\.3-beta\0\xb8\x08\0\0qj\?=TmJj\0,\xa2\x08\x02\0\0\0\0\0\0\0\0\0\0 SF:\0\0\0\0TGFi`'\?DzY\.w\0\x16\0\0\x01\xff\x13\x04#08S01Bad\x20handshake" SF:)%r(LDAPBindReq,3C,"8\0\0\0\n5\.0\.3-beta\0\xc4\x08\0\0-d1d&-P,\0,\xa2\ SF:x08\x02\0\0\0\0\0\0\0\0\0\0\0\0\0\0\(#wQnVD1g6sb\0"); Nmap finished: 1 IP address (1 host up) scanned in 10.594 seconds amap v5.1 (www.thc.org/thc-amap) started at 2005-06-28 21:41:29 - MAPPING mode Protocol on 10.0.1.32:22/tcp matches ssh Protocol on 10.0.1.32:22/tcp matches ssh-openssh Protocol on 10.0.1.32:199/tcp matches snmp Protocol on 10.0.1.32:80/tcp matches http Protocol on 10.0.1.32:8080/tcp matches http Protocol on 10.0.1.32:8080/tcp matches http-apache-2 Protocol on 10.0.1.32:3306/tcp matches mysql Protocol on 10.0.1.32:80/tcp matches http-apache-2 Unidentified ports: none. amap v5.1 finished at 2005-06-28 21:41:36 
 \xb8\x08 
 [Paris:~] mike% nmap -sV 10.0.1.32 -oG test.txt ; amap -i test.txt Starting nmap 3.81 (http://www.insecure.org/nmap/) at 2005-06-28 21:41 PDT Interesting ports on 10.0.1.32: (The 1658 ports scanned but not shown below are in state: closed) PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 3.6.1p2 (protocol 2.0) 80/tcp open http Apache httpd 2.0.53 199/tcp open smux Linux SNMP multiplexer 3306/tcp open mysql? 8080/tcp open http Apache httpd 2.0.53 ((Unix)) 1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at http://www.insecure.org/cgi-bin/servicefp-submit.cgi : SF-Port3306-TCP:V=3.81%D=6/28%Time=42C22674%P=powerpc-apple-darwin7.7.0%r(SF:NULL,3C,"8\0\0\0\n5\.0\.3-beta\0\xb8\x08\0\0qj\?=TmJj\0,\xa2\x08\x02\0\ SF:0\0\0\0\0\0\0\0\0\0\0\0\0TGFi`'\?DzY\.w\0")%r(GenericLines,56,"8\0\0\0\ SF:n5\.0\.3-beta\0\xb8\x08\0\0qj\?=TmJj\0,\xa2\x08\x02\0\0\0\0\0\0\0\0\0\0 SF:\0\0\0\0TGFi`'\?DzY\.w\0\x16\0\0\x01\xff\x13\x04#08S01Bad\x20handshake" SF:)%r(LDAPBindReq,3C,"8\0\0\0\n5\.0\.3-beta\0\xc4\x08\0\0-d1d&-P,\0,\xa2\ SF:x08\x02\0\0\0\0\0\0\0\0\0\0\0\0\0\0\(#wQnVD1g6sb\0"); Nmap finished: 1 IP address (1 host up) scanned in 10.594 seconds amap v5.1 (www.thc.org/thc-amap) started at 2005-06-28 21:41:29 - MAPPING mode Protocol on 10.0.1.32:22/tcp matches ssh Protocol on 10.0.1.32:22/tcp matches ssh-openssh Protocol on 10.0.1.32:199/tcp matches snmp Protocol on 10.0.1.32:80/tcp matches http Protocol on 10.0.1.32:8080/tcp matches http Protocol on 10.0.1.32:8080/tcp matches http-apache-2 Protocol on 10.0.1.32:3306/tcp matches mysql Protocol on 10.0.1.32:80/tcp matches http-apache-2 Unidentified ports: none. amap v5.1 finished at 2005-06-28 21:41:36 
 
 [Paris:~] mike% nmap -sV 10.0.1.32 -oG test.txt ; amap -i test.txt Starting nmap 3.81 (http://www.insecure.org/nmap/) at 2005-06-28 21:41 PDT Interesting ports on 10.0.1.32: (The 1658 ports scanned but not shown below are in state: closed) PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 3.6.1p2 (protocol 2.0) 80/tcp open http Apache httpd 2.0.53 199/tcp open smux Linux SNMP multiplexer 3306/tcp open mysql? 8080/tcp open http Apache httpd 2.0.53 ((Unix)) 1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at http://www.insecure.org/cgi-bin/servicefp-submit.cgi : SF-Port3306-TCP:V=3.81%D=6/28%Time=42C22674%P=powerpc-apple-darwin7.7.0%r(SF:NULL,3C,"8\0\0\0\n5\.0\.3-beta\0\xb8\x08\0\0qj\?=TmJj\0,\xa2\x08\x02\0\ SF:0\0\0\0\0\0\0\0\0\0\0\0\0TGFi`'\?DzY\.w\0")%r(GenericLines,56,"8\0\0\0\ SF:n5\.0\.3-beta\0\xb8\x08\0\0qj\?=TmJj\0,\xa2\x08\x02\0\0\0\0\0\0\0\0\0\0 SF:\0\0\0\0TGFi`'\?DzY\.w\0\x16\0\0\x01\xff\x13\x04#08S01Bad\x20handshake" SF:)%r(LDAPBindReq,3C,"8\0\0\0\n5\.0\.3-beta\0\xc4\x08\0\0-d1d&-P,\0,\xa2\ SF:x08\x02\0\0\0\0\0\0\0\0\0\0\0\0\0\0\(#wQnVD1g6sb\0"); Nmap finished: 1 IP address (1 host up) scanned in 10.594 seconds amap v5.1 (www.thc.org/thc-amap) started at 2005-06-28 21:41:29 - MAPPING mode Protocol on 10.0.1.32:22/tcp matches ssh Protocol on 10.0.1.32:22/tcp matches ssh-openssh Protocol on 10.0.1.32:199/tcp matches snmp Protocol on 10.0.1.32:80/tcp matches http Protocol on 10.0.1.32:8080/tcp matches http Protocol on 10.0.1.32:8080/tcp matches http-apache-2 Protocol on 10.0.1.32:3306/tcp matches mysql Protocol on 10.0.1.32:80/tcp matches http-apache-2 Unidentified ports: none. amap v5.1 finished at 2005-06-28 21:41:36 
 qj\?=TmJj 
 [Paris:~] mike% nmap -sV 10.0.1.32 -oG test.txt ; amap -i test.txt Starting nmap 3.81 (http://www.insecure.org/nmap/) at 2005-06-28 21:41 PDT Interesting ports on 10.0.1.32: (The 1658 ports scanned but not shown below are in state: closed) PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 3.6.1p2 (protocol 2.0) 80/tcp open http Apache httpd 2.0.53 199/tcp open smux Linux SNMP multiplexer 3306/tcp open mysql? 8080/tcp open http Apache httpd 2.0.53 ((Unix)) 1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at http://www.insecure.org/cgi-bin/servicefp-submit.cgi : SF-Port3306-TCP:V=3.81%D=6/28%Time=42C22674%P=powerpc-apple-darwin7.7.0%r(SF:NULL,3C,"8\0\0\0\n5\.0\.3-beta\0\xb8\x08\0\0qj\?=TmJj\0,\xa2\x08\x02\0\ SF:0\0\0\0\0\0\0\0\0\0\0\0\0TGFi`'\?DzY\.w\0")%r(GenericLines,56,"8\0\0\0\ SF:n5\.0\.3-beta\0\xb8\x08\0\0qj\?=TmJj\0,\xa2\x08\x02\0\0\0\0\0\0\0\0\0\0 SF:\0\0\0\0TGFi`'\?DzY\.w\0\x16\0\0\x01\xff\x13\x04#08S01Bad\x20handshake" SF:)%r(LDAPBindReq,3C,"8\0\0\0\n5\.0\.3-beta\0\xc4\x08\0\0-d1d&-P,\0,\xa2\ SF:x08\x02\0\0\0\0\0\0\0\0\0\0\0\0\0\0\(#wQnVD1g6sb\0"); Nmap finished: 1 IP address (1 host up) scanned in 10.594 seconds amap v5.1 (www.thc.org/thc-amap) started at 2005-06-28 21:41:29 - MAPPING mode Protocol on 10.0.1.32:22/tcp matches ssh Protocol on 10.0.1.32:22/tcp matches ssh-openssh Protocol on 10.0.1.32:199/tcp matches snmp Protocol on 10.0.1.32:80/tcp matches http Protocol on 10.0.1.32:8080/tcp matches http Protocol on 10.0.1.32:8080/tcp matches http-apache-2 Protocol on 10.0.1.32:3306/tcp matches mysql Protocol on 10.0.1.32:80/tcp matches http-apache-2 Unidentified ports: none. amap v5.1 finished at 2005-06-28 21:41:36 
 ,\xa2\x08\x02 
 [Paris:~] mike% nmap -sV 10.0.1.32 -oG test.txt ; amap -i test.txt Starting nmap 3.81 (http://www.insecure.org/nmap/) at 2005-06-28 21:41 PDT Interesting ports on 10.0.1.32: (The 1658 ports scanned but not shown below are in state: closed) PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 3.6.1p2 (protocol 2.0) 80/tcp open http Apache httpd 2.0.53 199/tcp open smux Linux SNMP multiplexer 3306/tcp open mysql? 8080/tcp open http Apache httpd 2.0.53 ((Unix)) 1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at http://www.insecure.org/cgi-bin/servicefp-submit.cgi : SF-Port3306-TCP:V=3.81%D=6/28%Time=42C22674%P=powerpc-apple-darwin7.7.0%r(SF:NULL,3C,"8\0\0\0\n5\.0\.3-beta\0\xb8\x08\0\0qj\?=TmJj\0,\xa2\x08\x02\0\ SF:0\0\0\0\0\0\0\0\0\0\0\0\0TGFi`'\?DzY\.w\0")%r(GenericLines,56,"8\0\0\0\ SF:n5\.0\.3-beta\0\xb8\x08\0\0qj\?=TmJj\0,\xa2\x08\x02\0\0\0\0\0\0\0\0\0\0 SF:\0\0\0\0TGFi`'\?DzY\.w\0\x16\0\0\x01\xff\x13\x04#08S01Bad\x20handshake" SF:)%r(LDAPBindReq,3C,"8\0\0\0\n5\.0\.3-beta\0\xc4\x08\0\0-d1d&-P,\0,\xa2\ SF:x08\x02\0\0\0\0\0\0\0\0\0\0\0\0\0\0\(#wQnVD1g6sb\0"); Nmap finished: 1 IP address (1 host up) scanned in 10.594 seconds amap v5.1 (www.thc.org/thc-amap) started at 2005-06-28 21:41:29 - MAPPING mode Protocol on 10.0.1.32:22/tcp matches ssh Protocol on 10.0.1.32:22/tcp matches ssh-openssh Protocol on 10.0.1.32:199/tcp matches snmp Protocol on 10.0.1.32:80/tcp matches http Protocol on 10.0.1.32:8080/tcp matches http Protocol on 10.0.1.32:8080/tcp matches http-apache-2 Protocol on 10.0.1.32:3306/tcp matches mysql Protocol on 10.0.1.32:80/tcp matches http-apache-2 Unidentified ports: none. amap v5.1 finished at 2005-06-28 21:41:36 
 
 [Paris:~] mike% nmap -sV 10.0.1.32 -oG test.txt ; amap -i test.txt Starting nmap 3.81 (http://www.insecure.org/nmap/) at 2005-06-28 21:41 PDT Interesting ports on 10.0.1.32: (The 1658 ports scanned but not shown below are in state: closed) PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 3.6.1p2 (protocol 2.0) 80/tcp open http Apache httpd 2.0.53 199/tcp open smux Linux SNMP multiplexer 3306/tcp open mysql? 8080/tcp open http Apache httpd 2.0.53 ((Unix)) 1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at http://www.insecure.org/cgi-bin/servicefp-submit.cgi : SF-Port3306-TCP:V=3.81%D=6/28%Time=42C22674%P=powerpc-apple-darwin7.7.0%r(SF:NULL,3C,"8\0\0\0\n5\.0\.3-beta\0\xb8\x08\0\0qj\?=TmJj\0,\xa2\x08\x02\0\ SF:0\0\0\0\0\0\0\0\0\0\0\0\0TGFi`'\?DzY\.w\0")%r(GenericLines,56,"8\0\0\0\ SF:n5\.0\.3-beta\0\xb8\x08\0\0qj\?=TmJj\0,\xa2\x08\x02\0\0\0\0\0\0\0\0\0\0 SF:\0\0\0\0TGFi`'\?DzY\.w\0\x16\0\0\x01\xff\x13\x04#08S01Bad\x20handshake" SF:)%r(LDAPBindReq,3C,"8\0\0\0\n5\.0\.3-beta\0\xc4\x08\0\0-d1d&-P,\0,\xa2\ SF:x08\x02\0\0\0\0\0\0\0\0\0\0\0\0\0\0\(#wQnVD1g6sb\0"); Nmap finished: 1 IP address (1 host up) scanned in 10.594 seconds amap v5.1 (www.thc.org/thc-amap) started at 2005-06-28 21:41:29 - MAPPING mode Protocol on 10.0.1.32:22/tcp matches ssh Protocol on 10.0.1.32:22/tcp matches ssh-openssh Protocol on 10.0.1.32:199/tcp matches snmp Protocol on 10.0.1.32:80/tcp matches http Protocol on 10.0.1.32:8080/tcp matches http Protocol on 10.0.1.32:8080/tcp matches http-apache-2 Protocol on 10.0.1.32:3306/tcp matches mysql Protocol on 10.0.1.32:80/tcp matches http-apache-2 Unidentified ports: none. amap v5.1 finished at 2005-06-28 21:41:36 
 
 [Paris:~] mike% nmap -sV 10.0.1.32 -oG test.txt ; amap -i test.txt Starting nmap 3.81 (http://www.insecure.org/nmap/) at 2005-06-28 21:41 PDT Interesting ports on 10.0.1.32: (The 1658 ports scanned but not shown below are in state: closed) PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 3.6.1p2 (protocol 2.0) 80/tcp open http Apache httpd 2.0.53 199/tcp open smux Linux SNMP multiplexer 3306/tcp open mysql? 8080/tcp open http Apache httpd 2.0.53 ((Unix)) 1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at http://www.insecure.org/cgi-bin/servicefp-submit.cgi : SF-Port3306-TCP:V=3.81%D=6/28%Time=42C22674%P=powerpc-apple-darwin7.7.0%r(SF:NULL,3C,"8\0\0\0\n5\.0\.3-beta\0\xb8\x08\0\0qj\?=TmJj\0,\xa2\x08\x02\0\ SF:0\0\0\0\0\0\0\0\0\0\0\0\0TGFi`'\?DzY\.w\0")%r(GenericLines,56,"8\0\0\0\ SF:n5\.0\.3-beta\0\xb8\x08\0\0qj\?=TmJj\0,\xa2\x08\x02\0\0\0\0\0\0\0\0\0\0 SF:\0\0\0\0TGFi`'\?DzY\.w\0\x16\0\0\x01\xff\x13\x04#08S01Bad\x20handshake" SF:)%r(LDAPBindReq,3C,"8\0\0\0\n5\.0\.3-beta\0\xc4\x08\0\0-d1d&-P,\0,\xa2\ SF:x08\x02\0\0\0\0\0\0\0\0\0\0\0\0\0\0\(#wQnVD1g6sb\0"); Nmap finished: 1 IP address (1 host up) scanned in 10.594 seconds amap v5.1 (www.thc.org/thc-amap) started at 2005-06-28 21:41:29 - MAPPING mode Protocol on 10.0.1.32:22/tcp matches ssh Protocol on 10.0.1.32:22/tcp matches ssh-openssh Protocol on 10.0.1.32:199/tcp matches snmp Protocol on 10.0.1.32:80/tcp matches http Protocol on 10.0.1.32:8080/tcp matches http Protocol on 10.0.1.32:8080/tcp matches http-apache-2 Protocol on 10.0.1.32:3306/tcp matches mysql Protocol on 10.0.1.32:80/tcp matches http-apache-2 Unidentified ports: none. amap v5.1 finished at 2005-06-28 21:41:36 
 
 [Paris:~] mike% nmap -sV 10.0.1.32 -oG test.txt ; amap -i test.txt Starting nmap 3.81 (http://www.insecure.org/nmap/) at 2005-06-28 21:41 PDT Interesting ports on 10.0.1.32: (The 1658 ports scanned but not shown below are in state: closed) PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 3.6.1p2 (protocol 2.0) 80/tcp open http Apache httpd 2.0.53 199/tcp open smux Linux SNMP multiplexer 3306/tcp open mysql? 8080/tcp open http Apache httpd 2.0.53 ((Unix)) 1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at http://www.insecure.org/cgi-bin/servicefp-submit.cgi : SF-Port3306-TCP:V=3.81%D=6/28%Time=42C22674%P=powerpc-apple-darwin7.7.0%r(SF:NULL,3C,"8\0\0\0\n5\.0\.3-beta\0\xb8\x08\0\0qj\?=TmJj\0,\xa2\x08\x02\0\ SF:0\0\0\0\0\0\0\0\0\0\0\0\0TGFi`'\?DzY\.w\0")%r(GenericLines,56,"8\0\0\0\ SF:n5\.0\.3-beta\0\xb8\x08\0\0qj\?=TmJj\0,\xa2\x08\x02\0\0\0\0\0\0\0\0\0\0 SF:\0\0\0\0TGFi`'\?DzY\.w\0\x16\0\0\x01\xff\x13\x04#08S01Bad\x20handshake" SF:)%r(LDAPBindReq,3C,"8\0\0\0\n5\.0\.3-beta\0\xc4\x08\0\0-d1d&-P,\0,\xa2\ SF:x08\x02\0\0\0\0\0\0\0\0\0\0\0\0\0\0\(#wQnVD1g6sb\0"); Nmap finished: 1 IP address (1 host up) scanned in 10.594 seconds amap v5.1 (www.thc.org/thc-amap) started at 2005-06-28 21:41:29 - MAPPING mode Protocol on 10.0.1.32:22/tcp matches ssh Protocol on 10.0.1.32:22/tcp matches ssh-openssh Protocol on 10.0.1.32:199/tcp matches snmp Protocol on 10.0.1.32:80/tcp matches http Protocol on 10.0.1.32:8080/tcp matches http Protocol on 10.0.1.32:8080/tcp matches http-apache-2 Protocol on 10.0.1.32:3306/tcp matches mysql Protocol on 10.0.1.32:80/tcp matches http-apache-2 Unidentified ports: none. amap v5.1 finished at 2005-06-28 21:41:36 
 
 [Paris:~] mike% nmap -sV 10.0.1.32 -oG test.txt ; amap -i test.txt Starting nmap 3.81 (http://www.insecure.org/nmap/) at 2005-06-28 21:41 PDT Interesting ports on 10.0.1.32: (The 1658 ports scanned but not shown below are in state: closed) PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 3.6.1p2 (protocol 2.0) 80/tcp open http Apache httpd 2.0.53 199/tcp open smux Linux SNMP multiplexer 3306/tcp open mysql? 8080/tcp open http Apache httpd 2.0.53 ((Unix)) 1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at http://www.insecure.org/cgi-bin/servicefp-submit.cgi : SF-Port3306-TCP:V=3.81%D=6/28%Time=42C22674%P=powerpc-apple-darwin7.7.0%r(SF:NULL,3C,"8\0\0\0\n5\.0\.3-beta\0\xb8\x08\0\0qj\?=TmJj\0,\xa2\x08\x02\0\ SF:0\0\0\0\0\0\0\0\0\0\0\0\0TGFi`'\?DzY\.w\0")%r(GenericLines,56,"8\0\0\0\ SF:n5\.0\.3-beta\0\xb8\x08\0\0qj\?=TmJj\0,\xa2\x08\x02\0\0\0\0\0\0\0\0\0\0 SF:\0\0\0\0TGFi`'\?DzY\.w\0\x16\0\0\x01\xff\x13\x04#08S01Bad\x20handshake" SF:)%r(LDAPBindReq,3C,"8\0\0\0\n5\.0\.3-beta\0\xc4\x08\0\0-d1d&-P,\0,\xa2\ SF:x08\x02\0\0\0\0\0\0\0\0\0\0\0\0\0\0\(#wQnVD1g6sb\0"); Nmap finished: 1 IP address (1 host up) scanned in 10.594 seconds amap v5.1 (www.thc.org/thc-amap) started at 2005-06-28 21:41:29 - MAPPING mode Protocol on 10.0.1.32:22/tcp matches ssh Protocol on 10.0.1.32:22/tcp matches ssh-openssh Protocol on 10.0.1.32:199/tcp matches snmp Protocol on 10.0.1.32:80/tcp matches http Protocol on 10.0.1.32:8080/tcp matches http Protocol on 10.0.1.32:8080/tcp matches http-apache-2 Protocol on 10.0.1.32:3306/tcp matches mysql Protocol on 10.0.1.32:80/tcp matches http-apache-2 Unidentified ports: none. amap v5.1 finished at 2005-06-28 21:41:36 
 
 [Paris:~] mike% nmap -sV 10.0.1.32 -oG test.txt ; amap -i test.txt Starting nmap 3.81 (http://www.insecure.org/nmap/) at 2005-06-28 21:41 PDT Interesting ports on 10.0.1.32: (The 1658 ports scanned but not shown below are in state: closed) PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 3.6.1p2 (protocol 2.0) 80/tcp open http Apache httpd 2.0.53 199/tcp open smux Linux SNMP multiplexer 3306/tcp open mysql? 8080/tcp open http Apache httpd 2.0.53 ((Unix)) 1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at http://www.insecure.org/cgi-bin/servicefp-submit.cgi : SF-Port3306-TCP:V=3.81%D=6/28%Time=42C22674%P=powerpc-apple-darwin7.7.0%r(SF:NULL,3C,"8\0\0\0\n5\.0\.3-beta\0\xb8\x08\0\0qj\?=TmJj\0,\xa2\x08\x02\0\ SF:0\0\0\0\0\0\0\0\0\0\0\0\0TGFi`'\?DzY\.w\0")%r(GenericLines,56,"8\0\0\0\ SF:n5\.0\.3-beta\0\xb8\x08\0\0qj\?=TmJj\0,\xa2\x08\x02\0\0\0\0\0\0\0\0\0\0 SF:\0\0\0\0TGFi`'\?DzY\.w\0\x16\0\0\x01\xff\x13\x04#08S01Bad\x20handshake" SF:)%r(LDAPBindReq,3C,"8\0\0\0\n5\.0\.3-beta\0\xc4\x08\0\0-d1d&-P,\0,\xa2\ SF:x08\x02\0\0\0\0\0\0\0\0\0\0\0\0\0\0\(#wQnVD1g6sb\0"); Nmap finished: 1 IP address (1 host up) scanned in 10.594 seconds amap v5.1 (www.thc.org/thc-amap) started at 2005-06-28 21:41:29 - MAPPING mode Protocol on 10.0.1.32:22/tcp matches ssh Protocol on 10.0.1.32:22/tcp matches ssh-openssh Protocol on 10.0.1.32:199/tcp matches snmp Protocol on 10.0.1.32:80/tcp matches http Protocol on 10.0.1.32:8080/tcp matches http Protocol on 10.0.1.32:8080/tcp matches http-apache-2 Protocol on 10.0.1.32:3306/tcp matches mysql Protocol on 10.0.1.32:80/tcp matches http-apache-2 Unidentified ports: none. amap v5.1 finished at 2005-06-28 21:41:36 
 
 [Paris:~] mike% nmap -sV 10.0.1.32 -oG test.txt ; amap -i test.txt Starting nmap 3.81 (http://www.insecure.org/nmap/) at 2005-06-28 21:41 PDT Interesting ports on 10.0.1.32: (The 1658 ports scanned but not shown below are in state: closed) PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 3.6.1p2 (protocol 2.0) 80/tcp open http Apache httpd 2.0.53 199/tcp open smux Linux SNMP multiplexer 3306/tcp open mysql? 8080/tcp open http Apache httpd 2.0.53 ((Unix)) 1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at http://www.insecure.org/cgi-bin/servicefp-submit.cgi : SF-Port3306-TCP:V=3.81%D=6/28%Time=42C22674%P=powerpc-apple-darwin7.7.0%r(SF:NULL,3C,"8\0\0\0\n5\.0\.3-beta\0\xb8\x08\0\0qj\?=TmJj\0,\xa2\x08\x02\0\ SF:0\0\0\0\0\0\0\0\0\0\0\0\0TGFi`'\?DzY\.w\0")%r(GenericLines,56,"8\0\0\0\ SF:n5\.0\.3-beta\0\xb8\x08\0\0qj\?=TmJj\0,\xa2\x08\x02\0\0\0\0\0\0\0\0\0\0 SF:\0\0\0\0TGFi`'\?DzY\.w\0\x16\0\0\x01\xff\x13\x04#08S01Bad\x20handshake" SF:)%r(LDAPBindReq,3C,"8\0\0\0\n5\.0\.3-beta\0\xc4\x08\0\0-d1d&-P,\0,\xa2\ SF:x08\x02\0\0\0\0\0\0\0\0\0\0\0\0\0\0\(#wQnVD1g6sb\0"); Nmap finished: 1 IP address (1 host up) scanned in 10.594 seconds amap v5.1 (www.thc.org/thc-amap) started at 2005-06-28 21:41:29 - MAPPING mode Protocol on 10.0.1.32:22/tcp matches ssh Protocol on 10.0.1.32:22/tcp matches ssh-openssh Protocol on 10.0.1.32:199/tcp matches snmp Protocol on 10.0.1.32:80/tcp matches http Protocol on 10.0.1.32:8080/tcp matches http Protocol on 10.0.1.32:8080/tcp matches http-apache-2 Protocol on 10.0.1.32:3306/tcp matches mysql Protocol on 10.0.1.32:80/tcp matches http-apache-2 Unidentified ports: none. amap v5.1 finished at 2005-06-28 21:41:36 
 
 [Paris:~] mike% nmap -sV 10.0.1.32 -oG test.txt ; amap -i test.txt Starting nmap 3.81 (http://www.insecure.org/nmap/) at 2005-06-28 21:41 PDT Interesting ports on 10.0.1.32: (The 1658 ports scanned but not shown below are in state: closed) PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 3.6.1p2 (protocol 2.0) 80/tcp open http Apache httpd 2.0.53 199/tcp open smux Linux SNMP multiplexer 3306/tcp open mysql? 8080/tcp open http Apache httpd 2.0.53 ((Unix)) 1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at http://www.insecure.org/cgi-bin/servicefp-submit.cgi : SF-Port3306-TCP:V=3.81%D=6/28%Time=42C22674%P=powerpc-apple-darwin7.7.0%r(SF:NULL,3C,"8\0\0\0\n5\.0\.3-beta\0\xb8\x08\0\0qj\?=TmJj\0,\xa2\x08\x02\0\ SF:0\0\0\0\0\0\0\0\0\0\0\0\0TGFi`'\?DzY\.w\0")%r(GenericLines,56,"8\0\0\0\ SF:n5\.0\.3-beta\0\xb8\x08\0\0qj\?=TmJj\0,\xa2\x08\x02\0\0\0\0\0\0\0\0\0\0 SF:\0\0\0\0TGFi`'\?DzY\.w\0\x16\0\0\x01\xff\x13\x04#08S01Bad\x20handshake" SF:)%r(LDAPBindReq,3C,"8\0\0\0\n5\.0\.3-beta\0\xc4\x08\0\0-d1d&-P,\0,\xa2\ SF:x08\x02\0\0\0\0\0\0\0\0\0\0\0\0\0\0\(#wQnVD1g6sb\0"); Nmap finished: 1 IP address (1 host up) scanned in 10.594 seconds amap v5.1 (www.thc.org/thc-amap) started at 2005-06-28 21:41:29 - MAPPING mode Protocol on 10.0.1.32:22/tcp matches ssh Protocol on 10.0.1.32:22/tcp matches ssh-openssh Protocol on 10.0.1.32:199/tcp matches snmp Protocol on 10.0.1.32:80/tcp matches http Protocol on 10.0.1.32:8080/tcp matches http Protocol on 10.0.1.32:8080/tcp matches http-apache-2 Protocol on 10.0.1.32:3306/tcp matches mysql Protocol on 10.0.1.32:80/tcp matches http-apache-2 Unidentified ports: none. amap v5.1 finished at 2005-06-28 21:41:36 
 
 [Paris:~] mike% nmap -sV 10.0.1.32 -oG test.txt ; amap -i test.txt Starting nmap 3.81 (http://www.insecure.org/nmap/) at 2005-06-28 21:41 PDT Interesting ports on 10.0.1.32: (The 1658 ports scanned but not shown below are in state: closed) PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 3.6.1p2 (protocol 2.0) 80/tcp open http Apache httpd 2.0.53 199/tcp open smux Linux SNMP multiplexer 3306/tcp open mysql? 8080/tcp open http Apache httpd 2.0.53 ((Unix)) 1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at http://www.insecure.org/cgi-bin/servicefp-submit.cgi : SF-Port3306-TCP:V=3.81%D=6/28%Time=42C22674%P=powerpc-apple-darwin7.7.0%r(SF:NULL,3C,"8\0\0\0\n5\.0\.3-beta\0\xb8\x08\0\0qj\?=TmJj\0,\xa2\x08\x02\0\ SF:0\0\0\0\0\0\0\0\0\0\0\0\0TGFi`'\?DzY\.w\0")%r(GenericLines,56,"8\0\0\0\ SF:n5\.0\.3-beta\0\xb8\x08\0\0qj\?=TmJj\0,\xa2\x08\x02\0\0\0\0\0\0\0\0\0\0 SF:\0\0\0\0TGFi`'\?DzY\.w\0\x16\0\0\x01\xff\x13\x04#08S01Bad\x20handshake" SF:)%r(LDAPBindReq,3C,"8\0\0\0\n5\.0\.3-beta\0\xc4\x08\0\0-d1d&-P,\0,\xa2\ SF:x08\x02\0\0\0\0\0\0\0\0\0\0\0\0\0\0\(#wQnVD1g6sb\0"); Nmap finished: 1 IP address (1 host up) scanned in 10.594 seconds amap v5.1 (www.thc.org/thc-amap) started at 2005-06-28 21:41:29 - MAPPING mode Protocol on 10.0.1.32:22/tcp matches ssh Protocol on 10.0.1.32:22/tcp matches ssh-openssh Protocol on 10.0.1.32:199/tcp matches snmp Protocol on 10.0.1.32:80/tcp matches http Protocol on 10.0.1.32:8080/tcp matches http Protocol on 10.0.1.32:8080/tcp matches http-apache-2 Protocol on 10.0.1.32:3306/tcp matches mysql Protocol on 10.0.1.32:80/tcp matches http-apache-2 Unidentified ports: none. amap v5.1 finished at 2005-06-28 21:41:36 
 
 [Paris:~] mike% nmap -sV 10.0.1.32 -oG test.txt ; amap -i test.txt Starting nmap 3.81 (http://www.insecure.org/nmap/) at 2005-06-28 21:41 PDT Interesting ports on 10.0.1.32: (The 1658 ports scanned but not shown below are in state: closed) PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 3.6.1p2 (protocol 2.0) 80/tcp open http Apache httpd 2.0.53 199/tcp open smux Linux SNMP multiplexer 3306/tcp open mysql? 8080/tcp open http Apache httpd 2.0.53 ((Unix)) 1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at http://www.insecure.org/cgi-bin/servicefp-submit.cgi : SF-Port3306-TCP:V=3.81%D=6/28%Time=42C22674%P=powerpc-apple-darwin7.7.0%r(SF:NULL,3C,"8\0\0\0\n5\.0\.3-beta\0\xb8\x08\0\0qj\?=TmJj\0,\xa2\x08\x02\0\ SF:0\0\0\0\0\0\0\0\0\0\0\0\0TGFi`'\?DzY\.w\0")%r(GenericLines,56,"8\0\0\0\ SF:n5\.0\.3-beta\0\xb8\x08\0\0qj\?=TmJj\0,\xa2\x08\x02\0\0\0\0\0\0\0\0\0\0 SF:\0\0\0\0TGFi`'\?DzY\.w\0\x16\0\0\x01\xff\x13\x04#08S01Bad\x20handshake" SF:)%r(LDAPBindReq,3C,"8\0\0\0\n5\.0\.3-beta\0\xc4\x08\0\0-d1d&-P,\0,\xa2\ SF:x08\x02\0\0\0\0\0\0\0\0\0\0\0\0\0\0\(#wQnVD1g6sb\0"); Nmap finished: 1 IP address (1 host up) scanned in 10.594 seconds amap v5.1 (www.thc.org/thc-amap) started at 2005-06-28 21:41:29 - MAPPING mode Protocol on 10.0.1.32:22/tcp matches ssh Protocol on 10.0.1.32:22/tcp matches ssh-openssh Protocol on 10.0.1.32:199/tcp matches snmp Protocol on 10.0.1.32:80/tcp matches http Protocol on 10.0.1.32:8080/tcp matches http Protocol on 10.0.1.32:8080/tcp matches http-apache-2 Protocol on 10.0.1.32:3306/tcp matches mysql Protocol on 10.0.1.32:80/tcp matches http-apache-2 Unidentified ports: none. amap v5.1 finished at 2005-06-28 21:41:36 
 SF: 
 [Paris:~] mike% nmap -sV 10.0.1.32 -oG test.txt ; amap -i test.txt Starting nmap 3.81 (http://www.insecure.org/nmap/) at 2005-06-28 21:41 PDT Interesting ports on 10.0.1.32: (The 1658 ports scanned but not shown below are in state: closed) PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 3.6.1p2 (protocol 2.0) 80/tcp open http Apache httpd 2.0.53 199/tcp open smux Linux SNMP multiplexer 3306/tcp open mysql? 8080/tcp open http Apache httpd 2.0.53 ((Unix)) 1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at http://www.insecure.org/cgi-bin/servicefp-submit.cgi : SF-Port3306-TCP:V=3.81%D=6/28%Time=42C22674%P=powerpc-apple-darwin7.7.0%r(SF:NULL,3C,"8\0\0\0\n5\.0\.3-beta\0\xb8\x08\0\0qj\?=TmJj\0,\xa2\x08\x02\0\ SF:0\0\0\0\0\0\0\0\0\0\0\0\0TGFi`'\?DzY\.w\0")%r(GenericLines,56,"8\0\0\0\ SF:n5\.0\.3-beta\0\xb8\x08\0\0qj\?=TmJj\0,\xa2\x08\x02\0\0\0\0\0\0\0\0\0\0 SF:\0\0\0\0TGFi`'\?DzY\.w\0\x16\0\0\x01\xff\x13\x04#08S01Bad\x20handshake" SF:)%r(LDAPBindReq,3C,"8\0\0\0\n5\.0\.3-beta\0\xc4\x08\0\0-d1d&-P,\0,\xa2\ SF:x08\x02\0\0\0\0\0\0\0\0\0\0\0\0\0\0\(#wQnVD1g6sb\0"); Nmap finished: 1 IP address (1 host up) scanned in 10.594 seconds amap v5.1 (www.thc.org/thc-amap) started at 2005-06-28 21:41:29 - MAPPING mode Protocol on 10.0.1.32:22/tcp matches ssh Protocol on 10.0.1.32:22/tcp matches ssh-openssh Protocol on 10.0.1.32:199/tcp matches snmp Protocol on 10.0.1.32:80/tcp matches http Protocol on 10.0.1.32:8080/tcp matches http Protocol on 10.0.1.32:8080/tcp matches http-apache-2 Protocol on 10.0.1.32:3306/tcp matches mysql Protocol on 10.0.1.32:80/tcp matches http-apache-2 Unidentified ports: none. amap v5.1 finished at 2005-06-28 21:41:36 
 
 [Paris:~] mike% nmap -sV 10.0.1.32 -oG test.txt ; amap -i test.txt Starting nmap 3.81 (http://www.insecure.org/nmap/) at 2005-06-28 21:41 PDT Interesting ports on 10.0.1.32: (The 1658 ports scanned but not shown below are in state: closed) PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 3.6.1p2 (protocol 2.0) 80/tcp open http Apache httpd 2.0.53 199/tcp open smux Linux SNMP multiplexer 3306/tcp open mysql? 8080/tcp open http Apache httpd 2.0.53 ((Unix)) 1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at http://www.insecure.org/cgi-bin/servicefp-submit.cgi : SF-Port3306-TCP:V=3.81%D=6/28%Time=42C22674%P=powerpc-apple-darwin7.7.0%r(SF:NULL,3C,"8\0\0\0\n5\.0\.3-beta\0\xb8\x08\0\0qj\?=TmJj\0,\xa2\x08\x02\0\ SF:0\0\0\0\0\0\0\0\0\0\0\0\0TGFi`'\?DzY\.w\0")%r(GenericLines,56,"8\0\0\0\ SF:n5\.0\.3-beta\0\xb8\x08\0\0qj\?=TmJj\0,\xa2\x08\x02\0\0\0\0\0\0\0\0\0\0 SF:\0\0\0\0TGFi`'\?DzY\.w\0\x16\0\0\x01\xff\x13\x04#08S01Bad\x20handshake" SF:)%r(LDAPBindReq,3C,"8\0\0\0\n5\.0\.3-beta\0\xc4\x08\0\0-d1d&-P,\0,\xa2\ SF:x08\x02\0\0\0\0\0\0\0\0\0\0\0\0\0\0\(#wQnVD1g6sb\0"); Nmap finished: 1 IP address (1 host up) scanned in 10.594 seconds amap v5.1 (www.thc.org/thc-amap) started at 2005-06-28 21:41:29 - MAPPING mode Protocol on 10.0.1.32:22/tcp matches ssh Protocol on 10.0.1.32:22/tcp matches ssh-openssh Protocol on 10.0.1.32:199/tcp matches snmp Protocol on 10.0.1.32:80/tcp matches http Protocol on 10.0.1.32:8080/tcp matches http Protocol on 10.0.1.32:8080/tcp matches http-apache-2 Protocol on 10.0.1.32:3306/tcp matches mysql Protocol on 10.0.1.32:80/tcp matches http-apache-2 Unidentified ports: none. amap v5.1 finished at 2005-06-28 21:41:36 
 
 [Paris:~] mike% nmap -sV 10.0.1.32 -oG test.txt ; amap -i test.txt Starting nmap 3.81 (http://www.insecure.org/nmap/) at 2005-06-28 21:41 PDT Interesting ports on 10.0.1.32: (The 1658 ports scanned but not shown below are in state: closed) PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 3.6.1p2 (protocol 2.0) 80/tcp open http Apache httpd 2.0.53 199/tcp open smux Linux SNMP multiplexer 3306/tcp open mysql? 8080/tcp open http Apache httpd 2.0.53 ((Unix)) 1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at http://www.insecure.org/cgi-bin/servicefp-submit.cgi : SF-Port3306-TCP:V=3.81%D=6/28%Time=42C22674%P=powerpc-apple-darwin7.7.0%r(SF:NULL,3C,"8\0\0\0\n5\.0\.3-beta\0\xb8\x08\0\0qj\?=TmJj\0,\xa2\x08\x02\0\ SF:0\0\0\0\0\0\0\0\0\0\0\0\0TGFi`'\?DzY\.w\0")%r(GenericLines,56,"8\0\0\0\ SF:n5\.0\.3-beta\0\xb8\x08\0\0qj\?=TmJj\0,\xa2\x08\x02\0\0\0\0\0\0\0\0\0\0 SF:\0\0\0\0TGFi`'\?DzY\.w\0\x16\0\0\x01\xff\x13\x04#08S01Bad\x20handshake" SF:)%r(LDAPBindReq,3C,"8\0\0\0\n5\.0\.3-beta\0\xc4\x08\0\0-d1d&-P,\0,\xa2\ SF:x08\x02\0\0\0\0\0\0\0\0\0\0\0\0\0\0\(#wQnVD1g6sb\0"); Nmap finished: 1 IP address (1 host up) scanned in 10.594 seconds amap v5.1 (www.thc.org/thc-amap) started at 2005-06-28 21:41:29 - MAPPING mode Protocol on 10.0.1.32:22/tcp matches ssh Protocol on 10.0.1.32:22/tcp matches ssh-openssh Protocol on 10.0.1.32:199/tcp matches snmp Protocol on 10.0.1.32:80/tcp matches http Protocol on 10.0.1.32:8080/tcp matches http Protocol on 10.0.1.32:8080/tcp matches http-apache-2 Protocol on 10.0.1.32:3306/tcp matches mysql Protocol on 10.0.1.32:80/tcp matches http-apache-2 Unidentified ports: none. amap v5.1 finished at 2005-06-28 21:41:36 
 
 [Paris:~] mike% nmap -sV 10.0.1.32 -oG test.txt ; amap -i test.txt Starting nmap 3.81 (http://www.insecure.org/nmap/) at 2005-06-28 21:41 PDT Interesting ports on 10.0.1.32: (The 1658 ports scanned but not shown below are in state: closed) PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 3.6.1p2 (protocol 2.0) 80/tcp open http Apache httpd 2.0.53 199/tcp open smux Linux SNMP multiplexer 3306/tcp open mysql? 8080/tcp open http Apache httpd 2.0.53 ((Unix)) 1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at http://www.insecure.org/cgi-bin/servicefp-submit.cgi : SF-Port3306-TCP:V=3.81%D=6/28%Time=42C22674%P=powerpc-apple-darwin7.7.0%r(SF:NULL,3C,"8\0\0\0\n5\.0\.3-beta\0\xb8\x08\0\0qj\?=TmJj\0,\xa2\x08\x02\0\ SF:0\0\0\0\0\0\0\0\0\0\0\0\0TGFi`'\?DzY\.w\0")%r(GenericLines,56,"8\0\0\0\ SF:n5\.0\.3-beta\0\xb8\x08\0\0qj\?=TmJj\0,\xa2\x08\x02\0\0\0\0\0\0\0\0\0\0 SF:\0\0\0\0TGFi`'\?DzY\.w\0\x16\0\0\x01\xff\x13\x04#08S01Bad\x20handshake" SF:)%r(LDAPBindReq,3C,"8\0\0\0\n5\.0\.3-beta\0\xc4\x08\0\0-d1d&-P,\0,\xa2\ SF:x08\x02\0\0\0\0\0\0\0\0\0\0\0\0\0\0\(#wQnVD1g6sb\0"); Nmap finished: 1 IP address (1 host up) scanned in 10.594 seconds amap v5.1 (www.thc.org/thc-amap) started at 2005-06-28 21:41:29 - MAPPING mode Protocol on 10.0.1.32:22/tcp matches ssh Protocol on 10.0.1.32:22/tcp matches ssh-openssh Protocol on 10.0.1.32:199/tcp matches snmp Protocol on 10.0.1.32:80/tcp matches http Protocol on 10.0.1.32:8080/tcp matches http Protocol on 10.0.1.32:8080/tcp matches http-apache-2 Protocol on 10.0.1.32:3306/tcp matches mysql Protocol on 10.0.1.32:80/tcp matches http-apache-2 Unidentified ports: none. amap v5.1 finished at 2005-06-28 21:41:36 
 TGFi`'\?DzY\.w 
 [Paris:~] mike% nmap -sV 10.0.1.32 -oG test.txt ; amap -i test.txt Starting nmap 3.81 (http://www.insecure.org/nmap/) at 2005-06-28 21:41 PDT Interesting ports on 10.0.1.32: (The 1658 ports scanned but not shown below are in state: closed) PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 3.6.1p2 (protocol 2.0) 80/tcp open http Apache httpd 2.0.53 199/tcp open smux Linux SNMP multiplexer 3306/tcp open mysql? 8080/tcp open http Apache httpd 2.0.53 ((Unix)) 1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at http://www.insecure.org/cgi-bin/servicefp-submit.cgi : SF-Port3306-TCP:V=3.81%D=6/28%Time=42C22674%P=powerpc-apple-darwin7.7.0%r(SF:NULL,3C,"8\0\0\0\n5\.0\.3-beta\0\xb8\x08\0\0qj\?=TmJj\0,\xa2\x08\x02\0\ SF:0\0\0\0\0\0\0\0\0\0\0\0\0TGFi`'\?DzY\.w\0")%r(GenericLines,56,"8\0\0\0\ SF:n5\.0\.3-beta\0\xb8\x08\0\0qj\?=TmJj\0,\xa2\x08\x02\0\0\0\0\0\0\0\0\0\0 SF:\0\0\0\0TGFi`'\?DzY\.w\0\x16\0\0\x01\xff\x13\x04#08S01Bad\x20handshake" SF:)%r(LDAPBindReq,3C,"8\0\0\0\n5\.0\.3-beta\0\xc4\x08\0\0-d1d&-P,\0,\xa2\ SF:x08\x02\0\0\0\0\0\0\0\0\0\0\0\0\0\0\(#wQnVD1g6sb\0"); Nmap finished: 1 IP address (1 host up) scanned in 10.594 seconds amap v5.1 (www.thc.org/thc-amap) started at 2005-06-28 21:41:29 - MAPPING mode Protocol on 10.0.1.32:22/tcp matches ssh Protocol on 10.0.1.32:22/tcp matches ssh-openssh Protocol on 10.0.1.32:199/tcp matches snmp Protocol on 10.0.1.32:80/tcp matches http Protocol on 10.0.1.32:8080/tcp matches http Protocol on 10.0.1.32:8080/tcp matches http-apache-2 Protocol on 10.0.1.32:3306/tcp matches mysql Protocol on 10.0.1.32:80/tcp matches http-apache-2 Unidentified ports: none. amap v5.1 finished at 2005-06-28 21:41:36 
 \x16 
 [Paris:~] mike% nmap -sV 10.0.1.32 -oG test.txt ; amap -i test.txt Starting nmap 3.81 (http://www.insecure.org/nmap/) at 2005-06-28 21:41 PDT Interesting ports on 10.0.1.32: (The 1658 ports scanned but not shown below are in state: closed) PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 3.6.1p2 (protocol 2.0) 80/tcp open http Apache httpd 2.0.53 199/tcp open smux Linux SNMP multiplexer 3306/tcp open mysql? 8080/tcp open http Apache httpd 2.0.53 ((Unix)) 1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at http://www.insecure.org/cgi-bin/servicefp-submit.cgi : SF-Port3306-TCP:V=3.81%D=6/28%Time=42C22674%P=powerpc-apple-darwin7.7.0%r(SF:NULL,3C,"8\0\0\0\n5\.0\.3-beta\0\xb8\x08\0\0qj\?=TmJj\0,\xa2\x08\x02\0\ SF:0\0\0\0\0\0\0\0\0\0\0\0\0TGFi`'\?DzY\.w\0")%r(GenericLines,56,"8\0\0\0\ SF:n5\.0\.3-beta\0\xb8\x08\0\0qj\?=TmJj\0,\xa2\x08\x02\0\0\0\0\0\0\0\0\0\0 SF:\0\0\0\0TGFi`'\?DzY\.w\0\x16\0\0\x01\xff\x13\x04#08S01Bad\x20handshake" SF:)%r(LDAPBindReq,3C,"8\0\0\0\n5\.0\.3-beta\0\xc4\x08\0\0-d1d&-P,\0,\xa2\ SF:x08\x02\0\0\0\0\0\0\0\0\0\0\0\0\0\0\(#wQnVD1g6sb\0"); Nmap finished: 1 IP address (1 host up) scanned in 10.594 seconds amap v5.1 (www.thc.org/thc-amap) started at 2005-06-28 21:41:29 - MAPPING mode Protocol on 10.0.1.32:22/tcp matches ssh Protocol on 10.0.1.32:22/tcp matches ssh-openssh Protocol on 10.0.1.32:199/tcp matches snmp Protocol on 10.0.1.32:80/tcp matches http Protocol on 10.0.1.32:8080/tcp matches http Protocol on 10.0.1.32:8080/tcp matches http-apache-2 Protocol on 10.0.1.32:3306/tcp matches mysql Protocol on 10.0.1.32:80/tcp matches http-apache-2 Unidentified ports: none. amap v5.1 finished at 2005-06-28 21:41:36 
 
 [Paris:~] mike% nmap -sV 10.0.1.32 -oG test.txt ; amap -i test.txt Starting nmap 3.81 (http://www.insecure.org/nmap/) at 2005-06-28 21:41 PDT Interesting ports on 10.0.1.32: (The 1658 ports scanned but not shown below are in state: closed) PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 3.6.1p2 (protocol 2.0) 80/tcp open http Apache httpd 2.0.53 199/tcp open smux Linux SNMP multiplexer 3306/tcp open mysql? 8080/tcp open http Apache httpd 2.0.53 ((Unix)) 1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at http://www.insecure.org/cgi-bin/servicefp-submit.cgi : SF-Port3306-TCP:V=3.81%D=6/28%Time=42C22674%P=powerpc-apple-darwin7.7.0%r(SF:NULL,3C,"8\0\0\0\n5\.0\.3-beta\0\xb8\x08\0\0qj\?=TmJj\0,\xa2\x08\x02\0\ SF:0\0\0\0\0\0\0\0\0\0\0\0\0TGFi`'\?DzY\.w\0")%r(GenericLines,56,"8\0\0\0\ SF:n5\.0\.3-beta\0\xb8\x08\0\0qj\?=TmJj\0,\xa2\x08\x02\0\0\0\0\0\0\0\0\0\0 SF:\0\0\0\0TGFi`'\?DzY\.w\0\x16\0\0\x01\xff\x13\x04#08S01Bad\x20handshake" SF:)%r(LDAPBindReq,3C,"8\0\0\0\n5\.0\.3-beta\0\xc4\x08\0\0-d1d&-P,\0,\xa2\ SF:x08\x02\0\0\0\0\0\0\0\0\0\0\0\0\0\0\(#wQnVD1g6sb\0"); Nmap finished: 1 IP address (1 host up) scanned in 10.594 seconds amap v5.1 (www.thc.org/thc-amap) started at 2005-06-28 21:41:29 - MAPPING mode Protocol on 10.0.1.32:22/tcp matches ssh Protocol on 10.0.1.32:22/tcp matches ssh-openssh Protocol on 10.0.1.32:199/tcp matches snmp Protocol on 10.0.1.32:80/tcp matches http Protocol on 10.0.1.32:8080/tcp matches http Protocol on 10.0.1.32:8080/tcp matches http-apache-2 Protocol on 10.0.1.32:3306/tcp matches mysql Protocol on 10.0.1.32:80/tcp matches http-apache-2 Unidentified ports: none. amap v5.1 finished at 2005-06-28 21:41:36 
 \x01\xff\x13\x04#08S01Bad\x20handshake" SF:)%r(LDAPBindReq,3C,"8 
 [Paris:~] mike% nmap -sV 10.0.1.32 -oG test.txt ; amap -i test.txt Starting nmap 3.81 (http://www.insecure.org/nmap/) at 2005-06-28 21:41 PDT Interesting ports on 10.0.1.32: (The 1658 ports scanned but not shown below are in state: closed) PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 3.6.1p2 (protocol 2.0) 80/tcp open http Apache httpd 2.0.53 199/tcp open smux Linux SNMP multiplexer 3306/tcp open mysql? 8080/tcp open http Apache httpd 2.0.53 ((Unix)) 1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at http://www.insecure.org/cgi-bin/servicefp-submit.cgi : SF-Port3306-TCP:V=3.81%D=6/28%Time=42C22674%P=powerpc-apple-darwin7.7.0%r(SF:NULL,3C,"8\0\0\0\n5\.0\.3-beta\0\xb8\x08\0\0qj\?=TmJj\0,\xa2\x08\x02\0\ SF:0\0\0\0\0\0\0\0\0\0\0\0\0TGFi`'\?DzY\.w\0")%r(GenericLines,56,"8\0\0\0\ SF:n5\.0\.3-beta\0\xb8\x08\0\0qj\?=TmJj\0,\xa2\x08\x02\0\0\0\0\0\0\0\0\0\0 SF:\0\0\0\0TGFi`'\?DzY\.w\0\x16\0\0\x01\xff\x13\x04#08S01Bad\x20handshake" SF:)%r(LDAPBindReq,3C,"8\0\0\0\n5\.0\.3-beta\0\xc4\x08\0\0-d1d&-P,\0,\xa2\ SF:x08\x02\0\0\0\0\0\0\0\0\0\0\0\0\0\0\(#wQnVD1g6sb\0"); Nmap finished: 1 IP address (1 host up) scanned in 10.594 seconds amap v5.1 (www.thc.org/thc-amap) started at 2005-06-28 21:41:29 - MAPPING mode Protocol on 10.0.1.32:22/tcp matches ssh Protocol on 10.0.1.32:22/tcp matches ssh-openssh Protocol on 10.0.1.32:199/tcp matches snmp Protocol on 10.0.1.32:80/tcp matches http Protocol on 10.0.1.32:8080/tcp matches http Protocol on 10.0.1.32:8080/tcp matches http-apache-2 Protocol on 10.0.1.32:3306/tcp matches mysql Protocol on 10.0.1.32:80/tcp matches http-apache-2 Unidentified ports: none. amap v5.1 finished at 2005-06-28 21:41:36 
 
 [Paris:~] mike% nmap -sV 10.0.1.32 -oG test.txt ; amap -i test.txt Starting nmap 3.81 (http://www.insecure.org/nmap/) at 2005-06-28 21:41 PDT Interesting ports on 10.0.1.32: (The 1658 ports scanned but not shown below are in state: closed) PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 3.6.1p2 (protocol 2.0) 80/tcp open http Apache httpd 2.0.53 199/tcp open smux Linux SNMP multiplexer 3306/tcp open mysql? 8080/tcp open http Apache httpd 2.0.53 ((Unix)) 1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at http://www.insecure.org/cgi-bin/servicefp-submit.cgi : SF-Port3306-TCP:V=3.81%D=6/28%Time=42C22674%P=powerpc-apple-darwin7.7.0%r(SF:NULL,3C,"8\0\0\0\n5\.0\.3-beta\0\xb8\x08\0\0qj\?=TmJj\0,\xa2\x08\x02\0\ SF:0\0\0\0\0\0\0\0\0\0\0\0\0TGFi`'\?DzY\.w\0")%r(GenericLines,56,"8\0\0\0\ SF:n5\.0\.3-beta\0\xb8\x08\0\0qj\?=TmJj\0,\xa2\x08\x02\0\0\0\0\0\0\0\0\0\0 SF:\0\0\0\0TGFi`'\?DzY\.w\0\x16\0\0\x01\xff\x13\x04#08S01Bad\x20handshake" SF:)%r(LDAPBindReq,3C,"8\0\0\0\n5\.0\.3-beta\0\xc4\x08\0\0-d1d&-P,\0,\xa2\ SF:x08\x02\0\0\0\0\0\0\0\0\0\0\0\0\0\0\(#wQnVD1g6sb\0"); Nmap finished: 1 IP address (1 host up) scanned in 10.594 seconds amap v5.1 (www.thc.org/thc-amap) started at 2005-06-28 21:41:29 - MAPPING mode Protocol on 10.0.1.32:22/tcp matches ssh Protocol on 10.0.1.32:22/tcp matches ssh-openssh Protocol on 10.0.1.32:199/tcp matches snmp Protocol on 10.0.1.32:80/tcp matches http Protocol on 10.0.1.32:8080/tcp matches http Protocol on 10.0.1.32:8080/tcp matches http-apache-2 Protocol on 10.0.1.32:3306/tcp matches mysql Protocol on 10.0.1.32:80/tcp matches http-apache-2 Unidentified ports: none. amap v5.1 finished at 2005-06-28 21:41:36 
 
 [Paris:~] mike% nmap -sV 10.0.1.32 -oG test.txt ; amap -i test.txt Starting nmap 3.81 (http://www.insecure.org/nmap/) at 2005-06-28 21:41 PDT Interesting ports on 10.0.1.32: (The 1658 ports scanned but not shown below are in state: closed) PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 3.6.1p2 (protocol 2.0) 80/tcp open http Apache httpd 2.0.53 199/tcp open smux Linux SNMP multiplexer 3306/tcp open mysql? 8080/tcp open http Apache httpd 2.0.53 ((Unix)) 1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at http://www.insecure.org/cgi-bin/servicefp-submit.cgi : SF-Port3306-TCP:V=3.81%D=6/28%Time=42C22674%P=powerpc-apple-darwin7.7.0%r(SF:NULL,3C,"8\0\0\0\n5\.0\.3-beta\0\xb8\x08\0\0qj\?=TmJj\0,\xa2\x08\x02\0\ SF:0\0\0\0\0\0\0\0\0\0\0\0\0TGFi`'\?DzY\.w\0")%r(GenericLines,56,"8\0\0\0\ SF:n5\.0\.3-beta\0\xb8\x08\0\0qj\?=TmJj\0,\xa2\x08\x02\0\0\0\0\0\0\0\0\0\0 SF:\0\0\0\0TGFi`'\?DzY\.w\0\x16\0\0\x01\xff\x13\x04#08S01Bad\x20handshake" SF:)%r(LDAPBindReq,3C,"8\0\0\0\n5\.0\.3-beta\0\xc4\x08\0\0-d1d&-P,\0,\xa2\ SF:x08\x02\0\0\0\0\0\0\0\0\0\0\0\0\0\0\(#wQnVD1g6sb\0"); Nmap finished: 1 IP address (1 host up) scanned in 10.594 seconds amap v5.1 (www.thc.org/thc-amap) started at 2005-06-28 21:41:29 - MAPPING mode Protocol on 10.0.1.32:22/tcp matches ssh Protocol on 10.0.1.32:22/tcp matches ssh-openssh Protocol on 10.0.1.32:199/tcp matches snmp Protocol on 10.0.1.32:80/tcp matches http Protocol on 10.0.1.32:8080/tcp matches http Protocol on 10.0.1.32:8080/tcp matches http-apache-2 Protocol on 10.0.1.32:3306/tcp matches mysql Protocol on 10.0.1.32:80/tcp matches http-apache-2 Unidentified ports: none. amap v5.1 finished at 2005-06-28 21:41:36 
 \n5\.0\.3-beta 
 [Paris:~] mike% nmap -sV 10.0.1.32 -oG test.txt ; amap -i test.txt Starting nmap 3.81 (http://www.insecure.org/nmap/) at 2005-06-28 21:41 PDT Interesting ports on 10.0.1.32: (The 1658 ports scanned but not shown below are in state: closed) PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 3.6.1p2 (protocol 2.0) 80/tcp open http Apache httpd 2.0.53 199/tcp open smux Linux SNMP multiplexer 3306/tcp open mysql? 8080/tcp open http Apache httpd 2.0.53 ((Unix)) 1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at http://www.insecure.org/cgi-bin/servicefp-submit.cgi : SF-Port3306-TCP:V=3.81%D=6/28%Time=42C22674%P=powerpc-apple-darwin7.7.0%r(SF:NULL,3C,"8\0\0\0\n5\.0\.3-beta\0\xb8\x08\0\0qj\?=TmJj\0,\xa2\x08\x02\0\ SF:0\0\0\0\0\0\0\0\0\0\0\0\0TGFi`'\?DzY\.w\0")%r(GenericLines,56,"8\0\0\0\ SF:n5\.0\.3-beta\0\xb8\x08\0\0qj\?=TmJj\0,\xa2\x08\x02\0\0\0\0\0\0\0\0\0\0 SF:\0\0\0\0TGFi`'\?DzY\.w\0\x16\0\0\x01\xff\x13\x04#08S01Bad\x20handshake" SF:)%r(LDAPBindReq,3C,"8\0\0\0\n5\.0\.3-beta\0\xc4\x08\0\0-d1d&-P,\0,\xa2\ SF:x08\x02\0\0\0\0\0\0\0\0\0\0\0\0\0\0\(#wQnVD1g6sb\0"); Nmap finished: 1 IP address (1 host up) scanned in 10.594 seconds amap v5.1 (www.thc.org/thc-amap) started at 2005-06-28 21:41:29 - MAPPING mode Protocol on 10.0.1.32:22/tcp matches ssh Protocol on 10.0.1.32:22/tcp matches ssh-openssh Protocol on 10.0.1.32:199/tcp matches snmp Protocol on 10.0.1.32:80/tcp matches http Protocol on 10.0.1.32:8080/tcp matches http Protocol on 10.0.1.32:8080/tcp matches http-apache-2 Protocol on 10.0.1.32:3306/tcp matches mysql Protocol on 10.0.1.32:80/tcp matches http-apache-2 Unidentified ports: none. amap v5.1 finished at 2005-06-28 21:41:36 
 \xc4\x08 
 [Paris:~] mike% nmap -sV 10.0.1.32 -oG test.txt ; amap -i test.txt Starting nmap 3.81 (http://www.insecure.org/nmap/) at 2005-06-28 21:41 PDT Interesting ports on 10.0.1.32: (The 1658 ports scanned but not shown below are in state: closed) PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 3.6.1p2 (protocol 2.0) 80/tcp open http Apache httpd 2.0.53 199/tcp open smux Linux SNMP multiplexer 3306/tcp open mysql? 8080/tcp open http Apache httpd 2.0.53 ((Unix)) 1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at http://www.insecure.org/cgi-bin/servicefp-submit.cgi : SF-Port3306-TCP:V=3.81%D=6/28%Time=42C22674%P=powerpc-apple-darwin7.7.0%r(SF:NULL,3C,"8\0\0\0\n5\.0\.3-beta\0\xb8\x08\0\0qj\?=TmJj\0,\xa2\x08\x02\0\ SF:0\0\0\0\0\0\0\0\0\0\0\0\0TGFi`'\?DzY\.w\0")%r(GenericLines,56,"8\0\0\0\ SF:n5\.0\.3-beta\0\xb8\x08\0\0qj\?=TmJj\0,\xa2\x08\x02\0\0\0\0\0\0\0\0\0\0 SF:\0\0\0\0TGFi`'\?DzY\.w\0\x16\0\0\x01\xff\x13\x04#08S01Bad\x20handshake" SF:)%r(LDAPBindReq,3C,"8\0\0\0\n5\.0\.3-beta\0\xc4\x08\0\0-d1d&-P,\0,\xa2\ SF:x08\x02\0\0\0\0\0\0\0\0\0\0\0\0\0\0\(#wQnVD1g6sb\0"); Nmap finished: 1 IP address (1 host up) scanned in 10.594 seconds amap v5.1 (www.thc.org/thc-amap) started at 2005-06-28 21:41:29 - MAPPING mode Protocol on 10.0.1.32:22/tcp matches ssh Protocol on 10.0.1.32:22/tcp matches ssh-openssh Protocol on 10.0.1.32:199/tcp matches snmp Protocol on 10.0.1.32:80/tcp matches http Protocol on 10.0.1.32:8080/tcp matches http Protocol on 10.0.1.32:8080/tcp matches http-apache-2 Protocol on 10.0.1.32:3306/tcp matches mysql Protocol on 10.0.1.32:80/tcp matches http-apache-2 Unidentified ports: none. amap v5.1 finished at 2005-06-28 21:41:36 
 
 [Paris:~] mike% nmap -sV 10.0.1.32 -oG test.txt ; amap -i test.txt Starting nmap 3.81 (http://www.insecure.org/nmap/) at 2005-06-28 21:41 PDT Interesting ports on 10.0.1.32: (The 1658 ports scanned but not shown below are in state: closed) PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 3.6.1p2 (protocol 2.0) 80/tcp open http Apache httpd 2.0.53 199/tcp open smux Linux SNMP multiplexer 3306/tcp open mysql? 8080/tcp open http Apache httpd 2.0.53 ((Unix)) 1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at http://www.insecure.org/cgi-bin/servicefp-submit.cgi : SF-Port3306-TCP:V=3.81%D=6/28%Time=42C22674%P=powerpc-apple-darwin7.7.0%r(SF:NULL,3C,"8\0\0\0\n5\.0\.3-beta\0\xb8\x08\0\0qj\?=TmJj\0,\xa2\x08\x02\0\ SF:0\0\0\0\0\0\0\0\0\0\0\0\0TGFi`'\?DzY\.w\0")%r(GenericLines,56,"8\0\0\0\ SF:n5\.0\.3-beta\0\xb8\x08\0\0qj\?=TmJj\0,\xa2\x08\x02\0\0\0\0\0\0\0\0\0\0 SF:\0\0\0\0TGFi`'\?DzY\.w\0\x16\0\0\x01\xff\x13\x04#08S01Bad\x20handshake" SF:)%r(LDAPBindReq,3C,"8\0\0\0\n5\.0\.3-beta\0\xc4\x08\0\0-d1d&-P,\0,\xa2\ SF:x08\x02\0\0\0\0\0\0\0\0\0\0\0\0\0\0\(#wQnVD1g6sb\0"); Nmap finished: 1 IP address (1 host up) scanned in 10.594 seconds amap v5.1 (www.thc.org/thc-amap) started at 2005-06-28 21:41:29 - MAPPING mode Protocol on 10.0.1.32:22/tcp matches ssh Protocol on 10.0.1.32:22/tcp matches ssh-openssh Protocol on 10.0.1.32:199/tcp matches snmp Protocol on 10.0.1.32:80/tcp matches http Protocol on 10.0.1.32:8080/tcp matches http Protocol on 10.0.1.32:8080/tcp matches http-apache-2 Protocol on 10.0.1.32:3306/tcp matches mysql Protocol on 10.0.1.32:80/tcp matches http-apache-2 Unidentified ports: none. amap v5.1 finished at 2005-06-28 21:41:36 
 -d1d&-P, 
 [Paris:~] mike% nmap -sV 10.0.1.32 -oG test.txt ; amap -i test.txt Starting nmap 3.81 (http://www.insecure.org/nmap/) at 2005-06-28 21:41 PDT Interesting ports on 10.0.1.32: (The 1658 ports scanned but not shown below are in state: closed) PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 3.6.1p2 (protocol 2.0) 80/tcp open http Apache httpd 2.0.53 199/tcp open smux Linux SNMP multiplexer 3306/tcp open mysql? 8080/tcp open http Apache httpd 2.0.53 ((Unix)) 1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at http://www.insecure.org/cgi-bin/servicefp-submit.cgi : SF-Port3306-TCP:V=3.81%D=6/28%Time=42C22674%P=powerpc-apple-darwin7.7.0%r(SF:NULL,3C,"8\0\0\0\n5\.0\.3-beta\0\xb8\x08\0\0qj\?=TmJj\0,\xa2\x08\x02\0\ SF:0\0\0\0\0\0\0\0\0\0\0\0\0TGFi`'\?DzY\.w\0")%r(GenericLines,56,"8\0\0\0\ SF:n5\.0\.3-beta\0\xb8\x08\0\0qj\?=TmJj\0,\xa2\x08\x02\0\0\0\0\0\0\0\0\0\0 SF:\0\0\0\0TGFi`'\?DzY\.w\0\x16\0\0\x01\xff\x13\x04#08S01Bad\x20handshake" SF:)%r(LDAPBindReq,3C,"8\0\0\0\n5\.0\.3-beta\0\xc4\x08\0\0-d1d&-P,\0,\xa2\ SF:x08\x02\0\0\0\0\0\0\0\0\0\0\0\0\0\0\(#wQnVD1g6sb\0"); Nmap finished: 1 IP address (1 host up) scanned in 10.594 seconds amap v5.1 (www.thc.org/thc-amap) started at 2005-06-28 21:41:29 - MAPPING mode Protocol on 10.0.1.32:22/tcp matches ssh Protocol on 10.0.1.32:22/tcp matches ssh-openssh Protocol on 10.0.1.32:199/tcp matches snmp Protocol on 10.0.1.32:80/tcp matches http Protocol on 10.0.1.32:8080/tcp matches http Protocol on 10.0.1.32:8080/tcp matches http-apache-2 Protocol on 10.0.1.32:3306/tcp matches mysql Protocol on 10.0.1.32:80/tcp matches http-apache-2 Unidentified ports: none. amap v5.1 finished at 2005-06-28 21:41:36 
 ,\xa2\ SF:x08\x02 
 [Paris:~] mike% nmap -sV 10.0.1.32 -oG test.txt ; amap -i test.txt Starting nmap 3.81 (http://www.insecure.org/nmap/) at 2005-06-28 21:41 PDT Interesting ports on 10.0.1.32: (The 1658 ports scanned but not shown below are in state: closed) PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 3.6.1p2 (protocol 2.0) 80/tcp open http Apache httpd 2.0.53 199/tcp open smux Linux SNMP multiplexer 3306/tcp open mysql? 8080/tcp open http Apache httpd 2.0.53 ((Unix)) 1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at http://www.insecure.org/cgi-bin/servicefp-submit.cgi : SF-Port3306-TCP:V=3.81%D=6/28%Time=42C22674%P=powerpc-apple-darwin7.7.0%r(SF:NULL,3C,"8\0\0\0\n5\.0\.3-beta\0\xb8\x08\0\0qj\?=TmJj\0,\xa2\x08\x02\0\ SF:0\0\0\0\0\0\0\0\0\0\0\0\0TGFi`'\?DzY\.w\0")%r(GenericLines,56,"8\0\0\0\ SF:n5\.0\.3-beta\0\xb8\x08\0\0qj\?=TmJj\0,\xa2\x08\x02\0\0\0\0\0\0\0\0\0\0 SF:\0\0\0\0TGFi`'\?DzY\.w\0\x16\0\0\x01\xff\x13\x04#08S01Bad\x20handshake" SF:)%r(LDAPBindReq,3C,"8\0\0\0\n5\.0\.3-beta\0\xc4\x08\0\0-d1d&-P,\0,\xa2\ SF:x08\x02\0\0\0\0\0\0\0\0\0\0\0\0\0\0\(#wQnVD1g6sb\0"); Nmap finished: 1 IP address (1 host up) scanned in 10.594 seconds amap v5.1 (www.thc.org/thc-amap) started at 2005-06-28 21:41:29 - MAPPING mode Protocol on 10.0.1.32:22/tcp matches ssh Protocol on 10.0.1.32:22/tcp matches ssh-openssh Protocol on 10.0.1.32:199/tcp matches snmp Protocol on 10.0.1.32:80/tcp matches http Protocol on 10.0.1.32:8080/tcp matches http Protocol on 10.0.1.32:8080/tcp matches http-apache-2 Protocol on 10.0.1.32:3306/tcp matches mysql Protocol on 10.0.1.32:80/tcp matches http-apache-2 Unidentified ports: none. amap v5.1 finished at 2005-06-28 21:41:36 
 
 [Paris:~] mike% nmap -sV 10.0.1.32 -oG test.txt ; amap -i test.txt Starting nmap 3.81 (http://www.insecure.org/nmap/) at 2005-06-28 21:41 PDT Interesting ports on 10.0.1.32: (The 1658 ports scanned but not shown below are in state: closed) PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 3.6.1p2 (protocol 2.0) 80/tcp open http Apache httpd 2.0.53 199/tcp open smux Linux SNMP multiplexer 3306/tcp open mysql? 8080/tcp open http Apache httpd 2.0.53 ((Unix)) 1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at http://www.insecure.org/cgi-bin/servicefp-submit.cgi : SF-Port3306-TCP:V=3.81%D=6/28%Time=42C22674%P=powerpc-apple-darwin7.7.0%r(SF:NULL,3C,"8\0\0\0\n5\.0\.3-beta\0\xb8\x08\0\0qj\?=TmJj\0,\xa2\x08\x02\0\ SF:0\0\0\0\0\0\0\0\0\0\0\0\0TGFi`'\?DzY\.w\0")%r(GenericLines,56,"8\0\0\0\ SF:n5\.0\.3-beta\0\xb8\x08\0\0qj\?=TmJj\0,\xa2\x08\x02\0\0\0\0\0\0\0\0\0\0 SF:\0\0\0\0TGFi`'\?DzY\.w\0\x16\0\0\x01\xff\x13\x04#08S01Bad\x20handshake" SF:)%r(LDAPBindReq,3C,"8\0\0\0\n5\.0\.3-beta\0\xc4\x08\0\0-d1d&-P,\0,\xa2\ SF:x08\x02\0\0\0\0\0\0\0\0\0\0\0\0\0\0\(#wQnVD1g6sb\0"); Nmap finished: 1 IP address (1 host up) scanned in 10.594 seconds amap v5.1 (www.thc.org/thc-amap) started at 2005-06-28 21:41:29 - MAPPING mode Protocol on 10.0.1.32:22/tcp matches ssh Protocol on 10.0.1.32:22/tcp matches ssh-openssh Protocol on 10.0.1.32:199/tcp matches snmp Protocol on 10.0.1.32:80/tcp matches http Protocol on 10.0.1.32:8080/tcp matches http Protocol on 10.0.1.32:8080/tcp matches http-apache-2 Protocol on 10.0.1.32:3306/tcp matches mysql Protocol on 10.0.1.32:80/tcp matches http-apache-2 Unidentified ports: none. amap v5.1 finished at 2005-06-28 21:41:36 
 
 [Paris:~] mike% nmap -sV 10.0.1.32 -oG test.txt ; amap -i test.txt Starting nmap 3.81 (http://www.insecure.org/nmap/) at 2005-06-28 21:41 PDT Interesting ports on 10.0.1.32: (The 1658 ports scanned but not shown below are in state: closed) PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 3.6.1p2 (protocol 2.0) 80/tcp open http Apache httpd 2.0.53 199/tcp open smux Linux SNMP multiplexer 3306/tcp open mysql? 8080/tcp open http Apache httpd 2.0.53 ((Unix)) 1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at http://www.insecure.org/cgi-bin/servicefp-submit.cgi : SF-Port3306-TCP:V=3.81%D=6/28%Time=42C22674%P=powerpc-apple-darwin7.7.0%r(SF:NULL,3C,"8\0\0\0\n5\.0\.3-beta\0\xb8\x08\0\0qj\?=TmJj\0,\xa2\x08\x02\0\ SF:0\0\0\0\0\0\0\0\0\0\0\0\0TGFi`'\?DzY\.w\0")%r(GenericLines,56,"8\0\0\0\ SF:n5\.0\.3-beta\0\xb8\x08\0\0qj\?=TmJj\0,\xa2\x08\x02\0\0\0\0\0\0\0\0\0\0 SF:\0\0\0\0TGFi`'\?DzY\.w\0\x16\0\0\x01\xff\x13\x04#08S01Bad\x20handshake" SF:)%r(LDAPBindReq,3C,"8\0\0\0\n5\.0\.3-beta\0\xc4\x08\0\0-d1d&-P,\0,\xa2\ SF:x08\x02\0\0\0\0\0\0\0\0\0\0\0\0\0\0\(#wQnVD1g6sb\0"); Nmap finished: 1 IP address (1 host up) scanned in 10.594 seconds amap v5.1 (www.thc.org/thc-amap) started at 2005-06-28 21:41:29 - MAPPING mode Protocol on 10.0.1.32:22/tcp matches ssh Protocol on 10.0.1.32:22/tcp matches ssh-openssh Protocol on 10.0.1.32:199/tcp matches snmp Protocol on 10.0.1.32:80/tcp matches http Protocol on 10.0.1.32:8080/tcp matches http Protocol on 10.0.1.32:8080/tcp matches http-apache-2 Protocol on 10.0.1.32:3306/tcp matches mysql Protocol on 10.0.1.32:80/tcp matches http-apache-2 Unidentified ports: none. amap v5.1 finished at 2005-06-28 21:41:36 
 
 [Paris:~] mike% nmap -sV 10.0.1.32 -oG test.txt ; amap -i test.txt Starting nmap 3.81 (http://www.insecure.org/nmap/) at 2005-06-28 21:41 PDT Interesting ports on 10.0.1.32: (The 1658 ports scanned but not shown below are in state: closed) PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 3.6.1p2 (protocol 2.0) 80/tcp open http Apache httpd 2.0.53 199/tcp open smux Linux SNMP multiplexer 3306/tcp open mysql? 8080/tcp open http Apache httpd 2.0.53 ((Unix)) 1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at http://www.insecure.org/cgi-bin/servicefp-submit.cgi : SF-Port3306-TCP:V=3.81%D=6/28%Time=42C22674%P=powerpc-apple-darwin7.7.0%r(SF:NULL,3C,"8\0\0\0\n5\.0\.3-beta\0\xb8\x08\0\0qj\?=TmJj\0,\xa2\x08\x02\0\ SF:0\0\0\0\0\0\0\0\0\0\0\0\0TGFi`'\?DzY\.w\0")%r(GenericLines,56,"8\0\0\0\ SF:n5\.0\.3-beta\0\xb8\x08\0\0qj\?=TmJj\0,\xa2\x08\x02\0\0\0\0\0\0\0\0\0\0 SF:\0\0\0\0TGFi`'\?DzY\.w\0\x16\0\0\x01\xff\x13\x04#08S01Bad\x20handshake" SF:)%r(LDAPBindReq,3C,"8\0\0\0\n5\.0\.3-beta\0\xc4\x08\0\0-d1d&-P,\0,\xa2\ SF:x08\x02\0\0\0\0\0\0\0\0\0\0\0\0\0\0\(#wQnVD1g6sb\0"); Nmap finished: 1 IP address (1 host up) scanned in 10.594 seconds amap v5.1 (www.thc.org/thc-amap) started at 2005-06-28 21:41:29 - MAPPING mode Protocol on 10.0.1.32:22/tcp matches ssh Protocol on 10.0.1.32:22/tcp matches ssh-openssh Protocol on 10.0.1.32:199/tcp matches snmp Protocol on 10.0.1.32:80/tcp matches http Protocol on 10.0.1.32:8080/tcp matches http Protocol on 10.0.1.32:8080/tcp matches http-apache-2 Protocol on 10.0.1.32:3306/tcp matches mysql Protocol on 10.0.1.32:80/tcp matches http-apache-2 Unidentified ports: none. amap v5.1 finished at 2005-06-28 21:41:36 
 
 [Paris:~] mike% nmap -sV 10.0.1.32 -oG test.txt ; amap -i test.txt Starting nmap 3.81 (http://www.insecure.org/nmap/) at 2005-06-28 21:41 PDT Interesting ports on 10.0.1.32: (The 1658 ports scanned but not shown below are in state: closed) PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 3.6.1p2 (protocol 2.0) 80/tcp open http Apache httpd 2.0.53 199/tcp open smux Linux SNMP multiplexer 3306/tcp open mysql? 8080/tcp open http Apache httpd 2.0.53 ((Unix)) 1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at http://www.insecure.org/cgi-bin/servicefp-submit.cgi : SF-Port3306-TCP:V=3.81%D=6/28%Time=42C22674%P=powerpc-apple-darwin7.7.0%r(SF:NULL,3C,"8\0\0\0\n5\.0\.3-beta\0\xb8\x08\0\0qj\?=TmJj\0,\xa2\x08\x02\0\ SF:0\0\0\0\0\0\0\0\0\0\0\0\0TGFi`'\?DzY\.w\0")%r(GenericLines,56,"8\0\0\0\ SF:n5\.0\.3-beta\0\xb8\x08\0\0qj\?=TmJj\0,\xa2\x08\x02\0\0\0\0\0\0\0\0\0\0 SF:\0\0\0\0TGFi`'\?DzY\.w\0\x16\0\0\x01\xff\x13\x04#08S01Bad\x20handshake" SF:)%r(LDAPBindReq,3C,"8\0\0\0\n5\.0\.3-beta\0\xc4\x08\0\0-d1d&-P,\0,\xa2\ SF:x08\x02\0\0\0\0\0\0\0\0\0\0\0\0\0\0\(#wQnVD1g6sb\0"); Nmap finished: 1 IP address (1 host up) scanned in 10.594 seconds amap v5.1 (www.thc.org/thc-amap) started at 2005-06-28 21:41:29 - MAPPING mode Protocol on 10.0.1.32:22/tcp matches ssh Protocol on 10.0.1.32:22/tcp matches ssh-openssh Protocol on 10.0.1.32:199/tcp matches snmp Protocol on 10.0.1.32:80/tcp matches http Protocol on 10.0.1.32:8080/tcp matches http Protocol on 10.0.1.32:8080/tcp matches http-apache-2 Protocol on 10.0.1.32:3306/tcp matches mysql Protocol on 10.0.1.32:80/tcp matches http-apache-2 Unidentified ports: none. amap v5.1 finished at 2005-06-28 21:41:36 
 
 [Paris:~] mike% nmap -sV 10.0.1.32 -oG test.txt ; amap -i test.txt Starting nmap 3.81 (http://www.insecure.org/nmap/) at 2005-06-28 21:41 PDT Interesting ports on 10.0.1.32: (The 1658 ports scanned but not shown below are in state: closed) PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 3.6.1p2 (protocol 2.0) 80/tcp open http Apache httpd 2.0.53 199/tcp open smux Linux SNMP multiplexer 3306/tcp open mysql? 8080/tcp open http Apache httpd 2.0.53 ((Unix)) 1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at http://www.insecure.org/cgi-bin/servicefp-submit.cgi : SF-Port3306-TCP:V=3.81%D=6/28%Time=42C22674%P=powerpc-apple-darwin7.7.0%r(SF:NULL,3C,"8\0\0\0\n5\.0\.3-beta\0\xb8\x08\0\0qj\?=TmJj\0,\xa2\x08\x02\0\ SF:0\0\0\0\0\0\0\0\0\0\0\0\0TGFi`'\?DzY\.w\0")%r(GenericLines,56,"8\0\0\0\ SF:n5\.0\.3-beta\0\xb8\x08\0\0qj\?=TmJj\0,\xa2\x08\x02\0\0\0\0\0\0\0\0\0\0 SF:\0\0\0\0TGFi`'\?DzY\.w\0\x16\0\0\x01\xff\x13\x04#08S01Bad\x20handshake" SF:)%r(LDAPBindReq,3C,"8\0\0\0\n5\.0\.3-beta\0\xc4\x08\0\0-d1d&-P,\0,\xa2\ SF:x08\x02\0\0\0\0\0\0\0\0\0\0\0\0\0\0\(#wQnVD1g6sb\0"); Nmap finished: 1 IP address (1 host up) scanned in 10.594 seconds amap v5.1 (www.thc.org/thc-amap) started at 2005-06-28 21:41:29 - MAPPING mode Protocol on 10.0.1.32:22/tcp matches ssh Protocol on 10.0.1.32:22/tcp matches ssh-openssh Protocol on 10.0.1.32:199/tcp matches snmp Protocol on 10.0.1.32:80/tcp matches http Protocol on 10.0.1.32:8080/tcp matches http Protocol on 10.0.1.32:8080/tcp matches http-apache-2 Protocol on 10.0.1.32:3306/tcp matches mysql Protocol on 10.0.1.32:80/tcp matches http-apache-2 Unidentified ports: none. amap v5.1 finished at 2005-06-28 21:41:36 
 
 [Paris:~] mike% nmap -sV 10.0.1.32 -oG test.txt ; amap -i test.txt Starting nmap 3.81 (http://www.insecure.org/nmap/) at 2005-06-28 21:41 PDT Interesting ports on 10.0.1.32: (The 1658 ports scanned but not shown below are in state: closed) PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 3.6.1p2 (protocol 2.0) 80/tcp open http Apache httpd 2.0.53 199/tcp open smux Linux SNMP multiplexer 3306/tcp open mysql? 8080/tcp open http Apache httpd 2.0.53 ((Unix)) 1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at http://www.insecure.org/cgi-bin/servicefp-submit.cgi : SF-Port3306-TCP:V=3.81%D=6/28%Time=42C22674%P=powerpc-apple-darwin7.7.0%r(SF:NULL,3C,"8\0\0\0\n5\.0\.3-beta\0\xb8\x08\0\0qj\?=TmJj\0,\xa2\x08\x02\0\ SF:0\0\0\0\0\0\0\0\0\0\0\0\0TGFi`'\?DzY\.w\0")%r(GenericLines,56,"8\0\0\0\ SF:n5\.0\.3-beta\0\xb8\x08\0\0qj\?=TmJj\0,\xa2\x08\x02\0\0\0\0\0\0\0\0\0\0 SF:\0\0\0\0TGFi`'\?DzY\.w\0\x16\0\0\x01\xff\x13\x04#08S01Bad\x20handshake" SF:)%r(LDAPBindReq,3C,"8\0\0\0\n5\.0\.3-beta\0\xc4\x08\0\0-d1d&-P,\0,\xa2\ SF:x08\x02\0\0\0\0\0\0\0\0\0\0\0\0\0\0\(#wQnVD1g6sb\0"); Nmap finished: 1 IP address (1 host up) scanned in 10.594 seconds amap v5.1 (www.thc.org/thc-amap) started at 2005-06-28 21:41:29 - MAPPING mode Protocol on 10.0.1.32:22/tcp matches ssh Protocol on 10.0.1.32:22/tcp matches ssh-openssh Protocol on 10.0.1.32:199/tcp matches snmp Protocol on 10.0.1.32:80/tcp matches http Protocol on 10.0.1.32:8080/tcp matches http Protocol on 10.0.1.32:8080/tcp matches http-apache-2 Protocol on 10.0.1.32:3306/tcp matches mysql Protocol on 10.0.1.32:80/tcp matches http-apache-2 Unidentified ports: none. amap v5.1 finished at 2005-06-28 21:41:36 
 
 [Paris:~] mike% nmap -sV 10.0.1.32 -oG test.txt ; amap -i test.txt Starting nmap 3.81 (http://www.insecure.org/nmap/) at 2005-06-28 21:41 PDT Interesting ports on 10.0.1.32: (The 1658 ports scanned but not shown below are in state: closed) PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 3.6.1p2 (protocol 2.0) 80/tcp open http Apache httpd 2.0.53 199/tcp open smux Linux SNMP multiplexer 3306/tcp open mysql? 8080/tcp open http Apache httpd 2.0.53 ((Unix)) 1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at http://www.insecure.org/cgi-bin/servicefp-submit.cgi : SF-Port3306-TCP:V=3.81%D=6/28%Time=42C22674%P=powerpc-apple-darwin7.7.0%r(SF:NULL,3C,"8\0\0\0\n5\.0\.3-beta\0\xb8\x08\0\0qj\?=TmJj\0,\xa2\x08\x02\0\ SF:0\0\0\0\0\0\0\0\0\0\0\0\0TGFi`'\?DzY\.w\0")%r(GenericLines,56,"8\0\0\0\ SF:n5\.0\.3-beta\0\xb8\x08\0\0qj\?=TmJj\0,\xa2\x08\x02\0\0\0\0\0\0\0\0\0\0 SF:\0\0\0\0TGFi`'\?DzY\.w\0\x16\0\0\x01\xff\x13\x04#08S01Bad\x20handshake" SF:)%r(LDAPBindReq,3C,"8\0\0\0\n5\.0\.3-beta\0\xc4\x08\0\0-d1d&-P,\0,\xa2\ SF:x08\x02\0\0\0\0\0\0\0\0\0\0\0\0\0\0\(#wQnVD1g6sb\0"); Nmap finished: 1 IP address (1 host up) scanned in 10.594 seconds amap v5.1 (www.thc.org/thc-amap) started at 2005-06-28 21:41:29 - MAPPING mode Protocol on 10.0.1.32:22/tcp matches ssh Protocol on 10.0.1.32:22/tcp matches ssh-openssh Protocol on 10.0.1.32:199/tcp matches snmp Protocol on 10.0.1.32:80/tcp matches http Protocol on 10.0.1.32:8080/tcp matches http Protocol on 10.0.1.32:8080/tcp matches http-apache-2 Protocol on 10.0.1.32:3306/tcp matches mysql Protocol on 10.0.1.32:80/tcp matches http-apache-2 Unidentified ports: none. amap v5.1 finished at 2005-06-28 21:41:36 
 
 [Paris:~] mike% nmap -sV 10.0.1.32 -oG test.txt ; amap -i test.txt Starting nmap 3.81 (http://www.insecure.org/nmap/) at 2005-06-28 21:41 PDT Interesting ports on 10.0.1.32: (The 1658 ports scanned but not shown below are in state: closed) PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 3.6.1p2 (protocol 2.0) 80/tcp open http Apache httpd 2.0.53 199/tcp open smux Linux SNMP multiplexer 3306/tcp open mysql? 8080/tcp open http Apache httpd 2.0.53 ((Unix)) 1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at http://www.insecure.org/cgi-bin/servicefp-submit.cgi : SF-Port3306-TCP:V=3.81%D=6/28%Time=42C22674%P=powerpc-apple-darwin7.7.0%r(SF:NULL,3C,"8\0\0\0\n5\.0\.3-beta\0\xb8\x08\0\0qj\?=TmJj\0,\xa2\x08\x02\0\ SF:0\0\0\0\0\0\0\0\0\0\0\0\0TGFi`'\?DzY\.w\0")%r(GenericLines,56,"8\0\0\0\ SF:n5\.0\.3-beta\0\xb8\x08\0\0qj\?=TmJj\0,\xa2\x08\x02\0\0\0\0\0\0\0\0\0\0 SF:\0\0\0\0TGFi`'\?DzY\.w\0\x16\0\0\x01\xff\x13\x04#08S01Bad\x20handshake" SF:)%r(LDAPBindReq,3C,"8\0\0\0\n5\.0\.3-beta\0\xc4\x08\0\0-d1d&-P,\0,\xa2\ SF:x08\x02\0\0\0\0\0\0\0\0\0\0\0\0\0\0\(#wQnVD1g6sb\0"); Nmap finished: 1 IP address (1 host up) scanned in 10.594 seconds amap v5.1 (www.thc.org/thc-amap) started at 2005-06-28 21:41:29 - MAPPING mode Protocol on 10.0.1.32:22/tcp matches ssh Protocol on 10.0.1.32:22/tcp matches ssh-openssh Protocol on 10.0.1.32:199/tcp matches snmp Protocol on 10.0.1.32:80/tcp matches http Protocol on 10.0.1.32:8080/tcp matches http Protocol on 10.0.1.32:8080/tcp matches http-apache-2 Protocol on 10.0.1.32:3306/tcp matches mysql Protocol on 10.0.1.32:80/tcp matches http-apache-2 Unidentified ports: none. amap v5.1 finished at 2005-06-28 21:41:36 
 
 [Paris:~] mike% nmap -sV 10.0.1.32 -oG test.txt ; amap -i test.txt Starting nmap 3.81 (http://www.insecure.org/nmap/) at 2005-06-28 21:41 PDT Interesting ports on 10.0.1.32: (The 1658 ports scanned but not shown below are in state: closed) PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 3.6.1p2 (protocol 2.0) 80/tcp open http Apache httpd 2.0.53 199/tcp open smux Linux SNMP multiplexer 3306/tcp open mysql? 8080/tcp open http Apache httpd 2.0.53 ((Unix)) 1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at http://www.insecure.org/cgi-bin/servicefp-submit.cgi : SF-Port3306-TCP:V=3.81%D=6/28%Time=42C22674%P=powerpc-apple-darwin7.7.0%r(SF:NULL,3C,"8\0\0\0\n5\.0\.3-beta\0\xb8\x08\0\0qj\?=TmJj\0,\xa2\x08\x02\0\ SF:0\0\0\0\0\0\0\0\0\0\0\0\0TGFi`'\?DzY\.w\0")%r(GenericLines,56,"8\0\0\0\ SF:n5\.0\.3-beta\0\xb8\x08\0\0qj\?=TmJj\0,\xa2\x08\x02\0\0\0\0\0\0\0\0\0\0 SF:\0\0\0\0TGFi`'\?DzY\.w\0\x16\0\0\x01\xff\x13\x04#08S01Bad\x20handshake" SF:)%r(LDAPBindReq,3C,"8\0\0\0\n5\.0\.3-beta\0\xc4\x08\0\0-d1d&-P,\0,\xa2\ SF:x08\x02\0\0\0\0\0\0\0\0\0\0\0\0\0\0\(#wQnVD1g6sb\0"); Nmap finished: 1 IP address (1 host up) scanned in 10.594 seconds amap v5.1 (www.thc.org/thc-amap) started at 2005-06-28 21:41:29 - MAPPING mode Protocol on 10.0.1.32:22/tcp matches ssh Protocol on 10.0.1.32:22/tcp matches ssh-openssh Protocol on 10.0.1.32:199/tcp matches snmp Protocol on 10.0.1.32:80/tcp matches http Protocol on 10.0.1.32:8080/tcp matches http Protocol on 10.0.1.32:8080/tcp matches http-apache-2 Protocol on 10.0.1.32:3306/tcp matches mysql Protocol on 10.0.1.32:80/tcp matches http-apache-2 Unidentified ports: none. amap v5.1 finished at 2005-06-28 21:41:36 
 
 [Paris:~] mike% nmap -sV 10.0.1.32 -oG test.txt ; amap -i test.txt Starting nmap 3.81 (http://www.insecure.org/nmap/) at 2005-06-28 21:41 PDT Interesting ports on 10.0.1.32: (The 1658 ports scanned but not shown below are in state: closed) PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 3.6.1p2 (protocol 2.0) 80/tcp open http Apache httpd 2.0.53 199/tcp open smux Linux SNMP multiplexer 3306/tcp open mysql? 8080/tcp open http Apache httpd 2.0.53 ((Unix)) 1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at http://www.insecure.org/cgi-bin/servicefp-submit.cgi : SF-Port3306-TCP:V=3.81%D=6/28%Time=42C22674%P=powerpc-apple-darwin7.7.0%r(SF:NULL,3C,"8\0\0\0\n5\.0\.3-beta\0\xb8\x08\0\0qj\?=TmJj\0,\xa2\x08\x02\0\ SF:0\0\0\0\0\0\0\0\0\0\0\0\0TGFi`'\?DzY\.w\0")%r(GenericLines,56,"8\0\0\0\ SF:n5\.0\.3-beta\0\xb8\x08\0\0qj\?=TmJj\0,\xa2\x08\x02\0\0\0\0\0\0\0\0\0\0 SF:\0\0\0\0TGFi`'\?DzY\.w\0\x16\0\0\x01\xff\x13\x04#08S01Bad\x20handshake" SF:)%r(LDAPBindReq,3C,"8\0\0\0\n5\.0\.3-beta\0\xc4\x08\0\0-d1d&-P,\0,\xa2\ SF:x08\x02\0\0\0\0\0\0\0\0\0\0\0\0\0\0\(#wQnVD1g6sb\0"); Nmap finished: 1 IP address (1 host up) scanned in 10.594 seconds amap v5.1 (www.thc.org/thc-amap) started at 2005-06-28 21:41:29 - MAPPING mode Protocol on 10.0.1.32:22/tcp matches ssh Protocol on 10.0.1.32:22/tcp matches ssh-openssh Protocol on 10.0.1.32:199/tcp matches snmp Protocol on 10.0.1.32:80/tcp matches http Protocol on 10.0.1.32:8080/tcp matches http Protocol on 10.0.1.32:8080/tcp matches http-apache-2 Protocol on 10.0.1.32:3306/tcp matches mysql Protocol on 10.0.1.32:80/tcp matches http-apache-2 Unidentified ports: none. amap v5.1 finished at 2005-06-28 21:41:36 
 
 [Paris:~] mike% nmap -sV 10.0.1.32 -oG test.txt ; amap -i test.txt Starting nmap 3.81 (http://www.insecure.org/nmap/) at 2005-06-28 21:41 PDT Interesting ports on 10.0.1.32: (The 1658 ports scanned but not shown below are in state: closed) PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 3.6.1p2 (protocol 2.0) 80/tcp open http Apache httpd 2.0.53 199/tcp open smux Linux SNMP multiplexer 3306/tcp open mysql? 8080/tcp open http Apache httpd 2.0.53 ((Unix)) 1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at http://www.insecure.org/cgi-bin/servicefp-submit.cgi : SF-Port3306-TCP:V=3.81%D=6/28%Time=42C22674%P=powerpc-apple-darwin7.7.0%r(SF:NULL,3C,"8\0\0\0\n5\.0\.3-beta\0\xb8\x08\0\0qj\?=TmJj\0,\xa2\x08\x02\0\ SF:0\0\0\0\0\0\0\0\0\0\0\0\0TGFi`'\?DzY\.w\0")%r(GenericLines,56,"8\0\0\0\ SF:n5\.0\.3-beta\0\xb8\x08\0\0qj\?=TmJj\0,\xa2\x08\x02\0\0\0\0\0\0\0\0\0\0 SF:\0\0\0\0TGFi`'\?DzY\.w\0\x16\0\0\x01\xff\x13\x04#08S01Bad\x20handshake" SF:)%r(LDAPBindReq,3C,"8\0\0\0\n5\.0\.3-beta\0\xc4\x08\0\0-d1d&-P,\0,\xa2\ SF:x08\x02\0\0\0\0\0\0\0\0\0\0\0\0\0\0\(#wQnVD1g6sb\0"); Nmap finished: 1 IP address (1 host up) scanned in 10.594 seconds amap v5.1 (www.thc.org/thc-amap) started at 2005-06-28 21:41:29 - MAPPING mode Protocol on 10.0.1.32:22/tcp matches ssh Protocol on 10.0.1.32:22/tcp matches ssh-openssh Protocol on 10.0.1.32:199/tcp matches snmp Protocol on 10.0.1.32:80/tcp matches http Protocol on 10.0.1.32:8080/tcp matches http Protocol on 10.0.1.32:8080/tcp matches http-apache-2 Protocol on 10.0.1.32:3306/tcp matches mysql Protocol on 10.0.1.32:80/tcp matches http-apache-2 Unidentified ports: none. amap v5.1 finished at 2005-06-28 21:41:36 
 
 [Paris:~] mike% nmap -sV 10.0.1.32 -oG test.txt ; amap -i test.txt Starting nmap 3.81 (http://www.insecure.org/nmap/) at 2005-06-28 21:41 PDT Interesting ports on 10.0.1.32: (The 1658 ports scanned but not shown below are in state: closed) PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 3.6.1p2 (protocol 2.0) 80/tcp open http Apache httpd 2.0.53 199/tcp open smux Linux SNMP multiplexer 3306/tcp open mysql? 8080/tcp open http Apache httpd 2.0.53 ((Unix)) 1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at http://www.insecure.org/cgi-bin/servicefp-submit.cgi : SF-Port3306-TCP:V=3.81%D=6/28%Time=42C22674%P=powerpc-apple-darwin7.7.0%r(SF:NULL,3C,"8\0\0\0\n5\.0\.3-beta\0\xb8\x08\0\0qj\?=TmJj\0,\xa2\x08\x02\0\ SF:0\0\0\0\0\0\0\0\0\0\0\0\0TGFi`'\?DzY\.w\0")%r(GenericLines,56,"8\0\0\0\ SF:n5\.0\.3-beta\0\xb8\x08\0\0qj\?=TmJj\0,\xa2\x08\x02\0\0\0\0\0\0\0\0\0\0 SF:\0\0\0\0TGFi`'\?DzY\.w\0\x16\0\0\x01\xff\x13\x04#08S01Bad\x20handshake" SF:)%r(LDAPBindReq,3C,"8\0\0\0\n5\.0\.3-beta\0\xc4\x08\0\0-d1d&-P,\0,\xa2\ SF:x08\x02\0\0\0\0\0\0\0\0\0\0\0\0\0\0\(#wQnVD1g6sb\0"); Nmap finished: 1 IP address (1 host up) scanned in 10.594 seconds amap v5.1 (www.thc.org/thc-amap) started at 2005-06-28 21:41:29 - MAPPING mode Protocol on 10.0.1.32:22/tcp matches ssh Protocol on 10.0.1.32:22/tcp matches ssh-openssh Protocol on 10.0.1.32:199/tcp matches snmp Protocol on 10.0.1.32:80/tcp matches http Protocol on 10.0.1.32:8080/tcp matches http Protocol on 10.0.1.32:8080/tcp matches http-apache-2 Protocol on 10.0.1.32:3306/tcp matches mysql Protocol on 10.0.1.32:80/tcp matches http-apache-2 Unidentified ports: none. amap v5.1 finished at 2005-06-28 21:41:36 
 
 [Paris:~] mike% nmap -sV 10.0.1.32 -oG test.txt ; amap -i test.txt Starting nmap 3.81 (http://www.insecure.org/nmap/) at 2005-06-28 21:41 PDT Interesting ports on 10.0.1.32: (The 1658 ports scanned but not shown below are in state: closed) PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 3.6.1p2 (protocol 2.0) 80/tcp open http Apache httpd 2.0.53 199/tcp open smux Linux SNMP multiplexer 3306/tcp open mysql? 8080/tcp open http Apache httpd 2.0.53 ((Unix)) 1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at http://www.insecure.org/cgi-bin/servicefp-submit.cgi : SF-Port3306-TCP:V=3.81%D=6/28%Time=42C22674%P=powerpc-apple-darwin7.7.0%r(SF:NULL,3C,"8\0\0\0\n5\.0\.3-beta\0\xb8\x08\0\0qj\?=TmJj\0,\xa2\x08\x02\0\ SF:0\0\0\0\0\0\0\0\0\0\0\0\0TGFi`'\?DzY\.w\0")%r(GenericLines,56,"8\0\0\0\ SF:n5\.0\.3-beta\0\xb8\x08\0\0qj\?=TmJj\0,\xa2\x08\x02\0\0\0\0\0\0\0\0\0\0 SF:\0\0\0\0TGFi`'\?DzY\.w\0\x16\0\0\x01\xff\x13\x04#08S01Bad\x20handshake" SF:)%r(LDAPBindReq,3C,"8\0\0\0\n5\.0\.3-beta\0\xc4\x08\0\0-d1d&-P,\0,\xa2\ SF:x08\x02\0\0\0\0\0\0\0\0\0\0\0\0\0\0\(#wQnVD1g6sb\0"); Nmap finished: 1 IP address (1 host up) scanned in 10.594 seconds amap v5.1 (www.thc.org/thc-amap) started at 2005-06-28 21:41:29 - MAPPING mode Protocol on 10.0.1.32:22/tcp matches ssh Protocol on 10.0.1.32:22/tcp matches ssh-openssh Protocol on 10.0.1.32:199/tcp matches snmp Protocol on 10.0.1.32:80/tcp matches http Protocol on 10.0.1.32:8080/tcp matches http Protocol on 10.0.1.32:8080/tcp matches http-apache-2 Protocol on 10.0.1.32:3306/tcp matches mysql Protocol on 10.0.1.32:80/tcp matches http-apache-2 Unidentified ports: none. amap v5.1 finished at 2005-06-28 21:41:36 
 \(#wQnVD1g6sb 
 [Paris:~] mike% nmap -sV 10.0.1.32 -oG test.txt ; amap -i test.txt Starting nmap 3.81 (http://www.insecure.org/nmap/) at 2005-06-28 21:41 PDT Interesting ports on 10.0.1.32: (The 1658 ports scanned but not shown below are in state: closed) PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 3.6.1p2 (protocol 2.0) 80/tcp open http Apache httpd 2.0.53 199/tcp open smux Linux SNMP multiplexer 3306/tcp open mysql? 8080/tcp open http Apache httpd 2.0.53 ((Unix)) 1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at http://www.insecure.org/cgi-bin/servicefp-submit.cgi : SF-Port3306-TCP:V=3.81%D=6/28%Time=42C22674%P=powerpc-apple-darwin7.7.0%r(SF:NULL,3C,"8\0\0\0\n5\.0\.3-beta\0\xb8\x08\0\0qj\?=TmJj\0,\xa2\x08\x02\0\ SF:0\0\0\0\0\0\0\0\0\0\0\0\0TGFi`'\?DzY\.w\0")%r(GenericLines,56,"8\0\0\0\ SF:n5\.0\.3-beta\0\xb8\x08\0\0qj\?=TmJj\0,\xa2\x08\x02\0\0\0\0\0\0\0\0\0\0 SF:\0\0\0\0TGFi`'\?DzY\.w\0\x16\0\0\x01\xff\x13\x04#08S01Bad\x20handshake" SF:)%r(LDAPBindReq,3C,"8\0\0\0\n5\.0\.3-beta\0\xc4\x08\0\0-d1d&-P,\0,\xa2\ SF:x08\x02\0\0\0\0\0\0\0\0\0\0\0\0\0\0\(#wQnVD1g6sb\0"); Nmap finished: 1 IP address (1 host up) scanned in 10.594 seconds amap v5.1 (www.thc.org/thc-amap) started at 2005-06-28 21:41:29 - MAPPING mode Protocol on 10.0.1.32:22/tcp matches ssh Protocol on 10.0.1.32:22/tcp matches ssh-openssh Protocol on 10.0.1.32:199/tcp matches snmp Protocol on 10.0.1.32:80/tcp matches http Protocol on 10.0.1.32:8080/tcp matches http Protocol on 10.0.1.32:8080/tcp matches http-apache-2 Protocol on 10.0.1.32:3306/tcp matches mysql Protocol on 10.0.1.32:80/tcp matches http-apache-2 Unidentified ports: none. amap v5.1 finished at 2005-06-28 21:41:36 
 "); Nmap finished: 1 IP address (1 host up) scanned in 10.594 seconds amap v5.1 (www.thc.org/thc-amap) started at  2005-06-28 21:41:29 - MAPPING mode Protocol on 10.0.1.32:22/tcp matches ssh Protocol on 10.0.1.32:22/tcp matches ssh-openssh Protocol on 10.0.1.32:199/tcp matches snmp Protocol on 10.0.1.32:80/tcp matches http Protocol on 10.0.1.32:8080/tcp matches http Protocol on 10.0.1.32:8080/tcp matches http-apache-2 Protocol on 10.0.1.32:3306/tcp matches mysql Protocol on 10.0.1.32:80/tcp matches http-apache-2 Unidentified ports: none. amap v5.1 finished at 2005-06-28 21:41:36

In fact, we've even discovered that the fingerprint for MySQL version 5.0.3-beta isn't yet in nmap's fingerprint list.

Manage Scan Speeds

Large sets of triggers and slow network connections can make efficient service identification tricky. Table 4-4 details some scan modifiers.

Table 4-4: Amap Performance- related Options

Option

Description

-1

Send triggers to a port until the first successful match. It's rare, but possible, that the service's response is a false positive based on the trigger.

-c <CONS>

Amount of parallel connections to make (default 32, max 256).

-C <RETRIES>

Number of times to reconnect if a connection times out with no response (default 3).

-T <SEC>

Time out the connection after SEC seconds if no response is received (default 5).

-t <SEC>

Wait SEC seconds before retrying a connection (default 5). If you suspect that some trigger may crash the service or cause a temporary hang, increase this to give the service a chance to recover.

-p <PROTO>

Only send triggers for PROTO protocol (e.g., ftp).

Case Study: Stack Anomalies

Excluding those few tricky systems whose administrators took the time to build in traps, most systems are sold as "turnkey" solutions and are simply taken out of the packaging, plugged in, and turned on without much modification and without turning off any of the default services. A port scan of a system in this state will return an "out-of-the-box" portmap that can most likely be matched to a particular OS. If you port scan a known unmodified system and then use that as comparison to port scans on unknown hosts , you can often find close or even exact matches, revealing the identity of the remote OS.

Most systems won't be identifiable by their port constellation. However, just as a person's accent can identify their geographic origins, a system's TCP/IP stack can be an identifying marker. The actual specifications of the TCP/IP protocol are laid out in a set of documents called RFCs (Request For Comments). The documents outline the structure of the actual data packets and how network stack implementations should package, transmit, receive, and unpack data packets.

The specifications and standards set out in these documents are meant to be the guidelines for people writing and designing network stack OS-level software. By following these specifications, designers and writers can ensure that their network stack will be able to communicate with everyone else's.

As with any protocol, both TCP and IP leave room for future expansion and special handling of packets. Each has room at the end of their headers for options. The option fields allow the TCP/IP implementation to store information in packet headers that might be useful to similar implementations or services. Because this area of the packet structure is loosely defined, it leaves each TCP/IP stack developer room to be creative. One vendor's system might use and respond to certain options, while another's might choose completely different options sets. As each vendor comes up with its own use and handling of these header fields, the stack begins to exhibit its own kind of digital signature or fingerprint.

A particular TCP/IP stack can be linked to a particular vendor in even more ways. IP packets must contain a 16-bit identification field. Other than stating that these numbers must be unique, nothing is laid out in the RFCs about how these numbers must be chosen (other than the byte- size limitation of the field). Also, TCP packets must contain similar information in their headers (referred to as sequence numbers). Sequence numbers help TCP keep track of the connection. Each side of a TCP connection chooses its initial sequence number during the handshake. A method for choosing that initial sequence number is suggested in the specification; however, it can still be chosen by the developer as long as the numbers don't often repeat themselves ( otherwise , TCP connections could easily get mixed up or, worse , spoofed). These are two more areas for customization and flexibility within a TCP/IP stack implementation. Each vendor's implementation can be analyzed for patterns, providing more ways to fingerprint a particular OS by its network traffic. Nmap uses this technique to make reasonable guesses at the operating system being run on each host it scans.

Other protocols within the TCP/IP can be used to identify an operating system. Most TCP/IP stacks come with their own Ping utilities. Internet Control Message Protocol (ICMP) echo messages have room for optional data, which allows the user to use different- sized ICMP echo messages to see how larger data packets are handled. When a user indicates a data size for the echo message, the Ping utility must then pad the message with the appropriate amount of data. It may fill the data field with all zeroes, it may use a repeated string of alphanumeric characters , or it may use random digits. The point is that every Ping implementation has the option of padding its data field with whatever it wants. If you know what method a particular system's Ping uses, you can identify it just by watching its traffic.

Can you guess which operating systems belong to these two Ping payloads? 

 !"#$%&'()*+,-./01234567 abcdefghijklmnopqrstuvwabcdefghi
 

Previous page
Table of content
Next page
Anti-Hacker Tool Kit
Anti-Hacker Tool Kit, Third Edition
ISBN: 0072262877
EAN: 2147483647
Year: 2006
Pages: 175
Authors: Mike Shema, Chris Davis, David Cowen
BUY ON AMAZON
Crystal Reports 9 on Oracle (Database Professionals)
High-Speed Signal Propagation[c] Advanced Black Magic
Practical Intrusion Analysis: Prevention and Detection for the Twenty-First Century: Prevention and Detection for the Twenty-First Century
Visual Studio Tools for Office(c) Using C# with Excel, Word, Outlook, and InfoPath
Microsoft Office Visio 2007 Step by Step (Step By Step (Microsoft))
GDI+ Programming with C#
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy