You have initiated an active operating system fingerprinting attempt with nmap against a target system:root@ceh NG]# /usr/local/bin/nmap -sT -O 10.0.0.1
Starting nmap 3.28 ( www.insecure.org/nmap/) at 2003-06-18 19:14 IDT nteresting ports on 10.0.0.1:
The 1628 ports scanned but not shown below are in state: closed) Port State Service
21/tcp filtered ftp
2/tcp filtered ssh
5/tcp open smtp
0/tcp open http
35/tcp open loc-srv
39/tcp open netbios-ssn
89/tcp open LDAP
43/tcp open https
65/tcp open smtps
029/tcp open ms-lsa
433/tcp open ms-sql-s
301/tcp open compaqdiag
555/tcp open freeciv
800/tcp open vnc-http
900/tcp open vnc
000/tcp filtered X11
Remote operating system guess: Windows XP, Windows 2000, NT4 or 95/98/98SE map run completed — 1 IP address (1 host up) scanned in 3.334 seconds
Using its fingerprinting tests nmap is unable to distinguish between different groups of Microsoft based operating systems – Windows XP, Windows 2000, NT4 or 95/98/98SE. What operating system is the target host running based on the open ports shown above?
A.
Windows 98 SE
B.
Windows 2000 Server
C.
Windows NT4 Server
D.
Windows XP
Explanation:
The system is reachable as an active directory domain controller (port 389, LDAP)
Plz rectify..it says
89/tcp open LDAP and not 389/tcp open LDAP
after port 21, all are missing 1 character in front. Look at smtp not being 25 or even the VNCs missing a “5” in front.