odd nmap output...

WeeZer51402

Registered
ok I ssh'd into my linux box and ran nmap -O on my powerbooks ip. The first time I did it I got the following results:

Code:
[root@www mvh]# nmap -O 192.168.1.100

Starting nmap 3.70 ( http://www.insecure.org/nmap/ ) at 2005-07-31 12:11 EDT
Warning:  OS detection will be MUCH less reliable because we did not find at least 1 open and 1 closed TCP port
Interesting ports on Enigma (192.168.1.100):
(The 1506 ports scanned but not shown below are in state: closed)
PORT      STATE    SERVICE
5/tcp     filtered rje
8/tcp     filtered unknown
15/tcp    filtered netstat
48/tcp    filtered auditd
59/tcp    filtered priv-file
62/tcp    filtered acas
68/tcp    filtered dhcpclient
69/tcp    filtered tftp
71/tcp    filtered netrjs-1
85/tcp    filtered mit-ml-dev
86/tcp    filtered mfcobol
90/tcp    filtered dnsix
98/tcp    filtered linuxconf
121/tcp   filtered erpc
137/tcp   filtered netbios-ns
173/tcp   filtered xyplex-mux
191/tcp   filtered prospero
198/tcp   filtered dls-mon
207/tcp   filtered at-7
211/tcp   filtered 914c-g
220/tcp   filtered imap3
227/tcp   filtered unknown
247/tcp   filtered subntbcst_tftp
251/tcp   filtered unknown
266/tcp   filtered unknown
272/tcp   filtered unknown
284/tcp   filtered unknown
285/tcp   filtered unknown
293/tcp   filtered unknown
306/tcp   filtered unknown
323/tcp   filtered unknown
324/tcp   filtered unknown
327/tcp   filtered unknown
328/tcp   filtered unknown
350/tcp   filtered matip-type-a
370/tcp   filtered codaauth2
371/tcp   filtered clearcase
383/tcp   filtered hp-alarm-mgr
386/tcp   filtered asa
396/tcp   filtered netware-ip
403/tcp   filtered decap
412/tcp   filtered synoptics-trap
415/tcp   filtered bnet
433/tcp   filtered nnsp
446/tcp   filtered ddm-rdb
479/tcp   filtered iafserver
493/tcp   filtered ticf-2
502/tcp   filtered asa-appl-proto
538/tcp   filtered gdomap
540/tcp   filtered uucp
551/tcp   filtered cybercash
567/tcp   filtered banyan-rpc
578/tcp   filtered ipdd
606/tcp   filtered urm
645/tcp   filtered unknown
647/tcp   filtered unknown
651/tcp   filtered unknown
675/tcp   filtered unknown
682/tcp   filtered unknown
691/tcp   filtered resvc
704/tcp   filtered elcsd
706/tcp   filtered silc
721/tcp   filtered unknown
728/tcp   filtered unknown
731/tcp   filtered netviewdm3
755/tcp   filtered unknown
781/tcp   filtered hp-collector
783/tcp   filtered hp-alarm-mgr
811/tcp   filtered unknown
815/tcp   filtered unknown
825/tcp   filtered unknown
835/tcp   filtered unknown
845/tcp   filtered unknown
848/tcp   filtered unknown
855/tcp   filtered unknown
860/tcp   filtered unknown
879/tcp   filtered unknown
885/tcp   filtered unknown
924/tcp   filtered unknown
925/tcp   filtered unknown
929/tcp   filtered unknown
939/tcp   filtered unknown
942/tcp   filtered unknown
947/tcp   filtered unknown
972/tcp   filtered unknown
981/tcp   filtered unknown
1006/tcp  filtered unknown
1016/tcp  filtered unknown
1019/tcp  filtered unknown
1353/tcp  filtered relief
1356/tcp  filtered cuillamartin
1359/tcp  filtered ftsrv
1360/tcp  filtered mimer
1379/tcp  filtered dbreporter
1392/tcp  filtered iclpv-pm
1401/tcp  filtered goldleaf-licman
1402/tcp  filtered prm-sm-np
1406/tcp  filtered netlabs-lm
1408/tcp  filtered sophia-lm
1429/tcp  filtered nms
1436/tcp  filtered sas-2
1439/tcp  filtered eicon-x25
1447/tcp  filtered apri-lm
1458/tcp  filtered nrcabq-lm
1469/tcp  filtered aal-lm
1470/tcp  filtered uaiact
1473/tcp  filtered openmath
1488/tcp  filtered docstor
1491/tcp  filtered anynetgateway
1507/tcp  filtered symplex
1520/tcp  filtered atm-zip-office
1521/tcp  filtered oracle
1529/tcp  filtered support
1537/tcp  filtered sdsc-lm
1551/tcp  filtered hecmtl-db
1666/tcp  filtered netview-aix-6
1669/tcp  filtered netview-aix-9
1672/tcp  filtered netview-aix-12
1720/tcp  filtered H.323/Q.931
1989/tcp  filtered tr-rsrb-p3
1997/tcp  filtered gdp-port
2011/tcp  filtered raid-cc
2028/tcp  filtered submitserver
2032/tcp  filtered blackboard
2048/tcp  filtered dls-monitor
2064/tcp  filtered dnet-keyproxy
2112/tcp  filtered kip
2121/tcp  filtered ccproxy-ftp
2604/tcp  filtered ospfd
3000/tcp  filtered ppp
4008/tcp  filtered netcheque
4333/tcp  filtered msql
4660/tcp  filtered mosmig
5011/tcp  filtered telelpathattack
5102/tcp  filtered admeng
5303/tcp  filtered hacl-probe
5400/tcp  filtered pcduo-old
5540/tcp  filtered sdreport
5680/tcp  filtered canna
5903/tcp  filtered vnc-3
6111/tcp  filtered spc
6112/tcp  filtered dtspc
6145/tcp  filtered statsci2-lm
6401/tcp  filtered crystalenterprise
7597/tcp  filtered qaz
9090/tcp  filtered zeus-admin
13710/tcp filtered VeritasNetbackup
13712/tcp filtered VeritasNetbackup
13715/tcp filtered VeritasNetbackup
13716/tcp filtered VeritasNetbackup
13722/tcp filtered VeritasNetbackup
32770/tcp filtered sometimes-rpc3
32771/tcp filtered sometimes-rpc5
32773/tcp filtered sometimes-rpc9
MAC Address: 00:13:10:44:83:5A (Unknown)
Too many fingerprints match this host to give specific OS details

Nmap run completed -- 1 IP address (1 host up) scanned in 15.764 seconds
I ran it a moment later from the PowerBook on my own ip address(not localhost or 127.0.0.1)

Code:
sudo nmap -O 192.168.1.100

Starting nmap 3.75 ( http://www.insecure.org/nmap/ ) at 2005-08-01 00:15 EDT
Warning:  OS detection will be MUCH less reliable because we did not find at least 1 open and 1 closed TCP port
All 1663 scanned ports on enigma (192.168.1.100) are: closed
Too many fingerprints match this host to give specific OS details

Nmap run completed -- 1 IP address (1 host up) scanned in 21.553 seconds
and then just for the hell of it I ran it again from the linux box...

Code:
[root@www mvh]# nmap -O 192.168.1.100

Starting nmap 3.70 ( http://www.insecure.org/nmap/ ) at 2005-07-31 12:16 EDT
Warning:  OS detection will be MUCH less reliable because we did not find at least 1 open and 1 closed TCP port
Interesting ports on Enigma (192.168.1.100):
(The 1659 ports scanned but not shown below are in state: closed)
PORT     STATE    SERVICE
1720/tcp filtered H.323/Q.931
MAC Address: 00:13:10:44:83:5A (Unknown)
Too many fingerprints match this host to give specific OS details

Nmap run completed -- 1 IP address (1 host up) scanned in 30.522 seconds
They all conflict...its kinda weird, anybody have any idea why? The version of nmap on my PB is newer than the version thats on my linux box but still...
 
Top