# odd nmap output...



## WeeZer51402 (Jul 31, 2005)

ok I ssh'd into my linux box and ran nmap -O on my powerbooks ip. The first time I did it I got the following results:


```
[root@www mvh]# nmap -O 192.168.1.100

Starting nmap 3.70 ( http://www.insecure.org/nmap/ ) at 2005-07-31 12:11 EDT
Warning:  OS detection will be MUCH less reliable because we did not find at least 1 open and 1 closed TCP port
Interesting ports on Enigma (192.168.1.100):
(The 1506 ports scanned but not shown below are in state: closed)
PORT      STATE    SERVICE
5/tcp     filtered rje
8/tcp     filtered unknown
15/tcp    filtered netstat
48/tcp    filtered auditd
59/tcp    filtered priv-file
62/tcp    filtered acas
68/tcp    filtered dhcpclient
69/tcp    filtered tftp
71/tcp    filtered netrjs-1
85/tcp    filtered mit-ml-dev
86/tcp    filtered mfcobol
90/tcp    filtered dnsix
98/tcp    filtered linuxconf
121/tcp   filtered erpc
137/tcp   filtered netbios-ns
173/tcp   filtered xyplex-mux
191/tcp   filtered prospero
198/tcp   filtered dls-mon
207/tcp   filtered at-7
211/tcp   filtered 914c-g
220/tcp   filtered imap3
227/tcp   filtered unknown
247/tcp   filtered subntbcst_tftp
251/tcp   filtered unknown
266/tcp   filtered unknown
272/tcp   filtered unknown
284/tcp   filtered unknown
285/tcp   filtered unknown
293/tcp   filtered unknown
306/tcp   filtered unknown
323/tcp   filtered unknown
324/tcp   filtered unknown
327/tcp   filtered unknown
328/tcp   filtered unknown
350/tcp   filtered matip-type-a
370/tcp   filtered codaauth2
371/tcp   filtered clearcase
383/tcp   filtered hp-alarm-mgr
386/tcp   filtered asa
396/tcp   filtered netware-ip
403/tcp   filtered decap
412/tcp   filtered synoptics-trap
415/tcp   filtered bnet
433/tcp   filtered nnsp
446/tcp   filtered ddm-rdb
479/tcp   filtered iafserver
493/tcp   filtered ticf-2
502/tcp   filtered asa-appl-proto
538/tcp   filtered gdomap
540/tcp   filtered uucp
551/tcp   filtered cybercash
567/tcp   filtered banyan-rpc
578/tcp   filtered ipdd
606/tcp   filtered urm
645/tcp   filtered unknown
647/tcp   filtered unknown
651/tcp   filtered unknown
675/tcp   filtered unknown
682/tcp   filtered unknown
691/tcp   filtered resvc
704/tcp   filtered elcsd
706/tcp   filtered silc
721/tcp   filtered unknown
728/tcp   filtered unknown
731/tcp   filtered netviewdm3
755/tcp   filtered unknown
781/tcp   filtered hp-collector
783/tcp   filtered hp-alarm-mgr
811/tcp   filtered unknown
815/tcp   filtered unknown
825/tcp   filtered unknown
835/tcp   filtered unknown
845/tcp   filtered unknown
848/tcp   filtered unknown
855/tcp   filtered unknown
860/tcp   filtered unknown
879/tcp   filtered unknown
885/tcp   filtered unknown
924/tcp   filtered unknown
925/tcp   filtered unknown
929/tcp   filtered unknown
939/tcp   filtered unknown
942/tcp   filtered unknown
947/tcp   filtered unknown
972/tcp   filtered unknown
981/tcp   filtered unknown
1006/tcp  filtered unknown
1016/tcp  filtered unknown
1019/tcp  filtered unknown
1353/tcp  filtered relief
1356/tcp  filtered cuillamartin
1359/tcp  filtered ftsrv
1360/tcp  filtered mimer
1379/tcp  filtered dbreporter
1392/tcp  filtered iclpv-pm
1401/tcp  filtered goldleaf-licman
1402/tcp  filtered prm-sm-np
1406/tcp  filtered netlabs-lm
1408/tcp  filtered sophia-lm
1429/tcp  filtered nms
1436/tcp  filtered sas-2
1439/tcp  filtered eicon-x25
1447/tcp  filtered apri-lm
1458/tcp  filtered nrcabq-lm
1469/tcp  filtered aal-lm
1470/tcp  filtered uaiact
1473/tcp  filtered openmath
1488/tcp  filtered docstor
1491/tcp  filtered anynetgateway
1507/tcp  filtered symplex
1520/tcp  filtered atm-zip-office
1521/tcp  filtered oracle
1529/tcp  filtered support
1537/tcp  filtered sdsc-lm
1551/tcp  filtered hecmtl-db
1666/tcp  filtered netview-aix-6
1669/tcp  filtered netview-aix-9
1672/tcp  filtered netview-aix-12
1720/tcp  filtered H.323/Q.931
1989/tcp  filtered tr-rsrb-p3
1997/tcp  filtered gdp-port
2011/tcp  filtered raid-cc
2028/tcp  filtered submitserver
2032/tcp  filtered blackboard
2048/tcp  filtered dls-monitor
2064/tcp  filtered dnet-keyproxy
2112/tcp  filtered kip
2121/tcp  filtered ccproxy-ftp
2604/tcp  filtered ospfd
3000/tcp  filtered ppp
4008/tcp  filtered netcheque
4333/tcp  filtered msql
4660/tcp  filtered mosmig
5011/tcp  filtered telelpathattack
5102/tcp  filtered admeng
5303/tcp  filtered hacl-probe
5400/tcp  filtered pcduo-old
5540/tcp  filtered sdreport
5680/tcp  filtered canna
5903/tcp  filtered vnc-3
6111/tcp  filtered spc
6112/tcp  filtered dtspc
6145/tcp  filtered statsci2-lm
6401/tcp  filtered crystalenterprise
7597/tcp  filtered qaz
9090/tcp  filtered zeus-admin
13710/tcp filtered VeritasNetbackup
13712/tcp filtered VeritasNetbackup
13715/tcp filtered VeritasNetbackup
13716/tcp filtered VeritasNetbackup
13722/tcp filtered VeritasNetbackup
32770/tcp filtered sometimes-rpc3
32771/tcp filtered sometimes-rpc5
32773/tcp filtered sometimes-rpc9
MAC Address: 00:13:10:44:83:5A (Unknown)
Too many fingerprints match this host to give specific OS details

Nmap run completed -- 1 IP address (1 host up) scanned in 15.764 seconds
```

I ran it a moment later from the PowerBook on my own ip address(not localhost or 127.0.0.1)


```
sudo nmap -O 192.168.1.100

Starting nmap 3.75 ( http://www.insecure.org/nmap/ ) at 2005-08-01 00:15 EDT
Warning:  OS detection will be MUCH less reliable because we did not find at least 1 open and 1 closed TCP port
All 1663 scanned ports on enigma (192.168.1.100) are: closed
Too many fingerprints match this host to give specific OS details

Nmap run completed -- 1 IP address (1 host up) scanned in 21.553 seconds
```

and then just for the hell of it I ran it again from the linux box...


```
[root@www mvh]# nmap -O 192.168.1.100

Starting nmap 3.70 ( http://www.insecure.org/nmap/ ) at 2005-07-31 12:16 EDT
Warning:  OS detection will be MUCH less reliable because we did not find at least 1 open and 1 closed TCP port
Interesting ports on Enigma (192.168.1.100):
(The 1659 ports scanned but not shown below are in state: closed)
PORT     STATE    SERVICE
1720/tcp filtered H.323/Q.931
MAC Address: 00:13:10:44:83:5A (Unknown)
Too many fingerprints match this host to give specific OS details

Nmap run completed -- 1 IP address (1 host up) scanned in 30.522 seconds
```

They all conflict...its kinda weird, anybody have any idea why?  The version of nmap on my PB is newer than the version thats on my linux box but still...


----------

