Starting Nmap 6.47 ( http://nmap.org ) at 2015-01-12 02:55 CET
NSE: Loaded 118 scripts for scanning.
NSE: Script Pre-scanning.
Initiating Ping Scan at 02:55
Scanning 192.168.1.1 [4 ports]
Completed Ping Scan at 02:55, 0.02s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 02:55
Completed Parallel DNS resolution of 1 host. at 02:55, 0.02s elapsed
Initiating SYN Stealth Scan at 02:55
Scanning 192.168.1.1 [65535 ports]
Discovered open port 80/tcp on 192.168.1.1
Discovered open port 443/tcp on 192.168.1.1
Discovered open port 21/tcp on 192.168.1.1
Discovered open port 23/tcp on 192.168.1.1
Discovered open port 22/tcp on 192.168.1.1
Discovered open port 30005/tcp on 192.168.1.1
Discovered open port 44401/tcp on 192.168.1.1
Completed SYN Stealth Scan at 02:55, 36.80s elapsed (65535 total ports)
Initiating Service scan at 02:55
Scanning 7 services on 192.168.1.1
Service scan Timing: About 71.43% done; ETC: 02:58 (0:00:40 remaining)
Completed Service scan at 02:57, 126.13s elapsed (7 services on 1 host)
Initiating OS detection (try #1) against 192.168.1.1
Retrying OS detection (try #2) against 192.168.1.1
Retrying OS detection (try #3) against 192.168.1.1
Retrying OS detection (try #4) against 192.168.1.1
Retrying OS detection (try #5) against 192.168.1.1
Initiating Traceroute at 02:58
Completed Traceroute at 02:58, 0.01s elapsed
Initiating Parallel DNS resolution of 2 hosts. at 02:58
Completed Parallel DNS resolution of 2 hosts. at 02:58, 0.02s elapsed
NSE: Script scanning 192.168.1.1.
Initiating NSE at 02:58
Completed NSE at 03:00, 151.23s elapsed
Nmap scan report for 192.168.1.1
Host is up (0.0019s latency).
Not shown: 65528 closed ports
PORT      STATE SERVICE VERSION
21/tcp    open  ftp     Comtrend FTP firmware update utility
|_ftp-bounce: no banner
22/tcp    open  ssh     Dropbear sshd 0.46 (protocol 2.0)
| ssh-hostkey:
|_  1040 c2:77:c8:c5:72:17:e2:5b:4f:a2:4e:e3:04:0c:35:c9 (RSA)
23/tcp    open  telnet?
80/tcp    open  http    micro_httpd
| http-auth:
| HTTP/1.1 401 Unauthorized
|_  Basic realm=Comtrend Gigabit 802.11n Router
|_http-methods: No Allow or Public header in OPTIONS response (status code 501)
|_http-title: 401 Unauthorized
443/tcp   open  https?
30005/tcp open  unknown
44401/tcp open  unknown
1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at http://www.insecure.org/cgi-bin/servicefp-submit.cgi :
SF-Port23-TCP:V=6.47%I=7%D=1/12%Time=54B329AD%P=x86_64-unknown-linux-gnu%r
SF:(GenericLines,42,"\xff\xfd\x01\xff\xfd!\xff\xfb\x01\xff\xfb\x03Comtrend
SF:\x20Gigabit\x20802\.11n\x20Router\r\nLogin:\x20\r\n\r\nPassword:\x20")%
SF:r(GetRequest,50,"\xff\xfd\x01\xff\xfd!\xff\xfb\x01\xff\xfb\x03Comtrend\
SF:x20Gigabit\x20802\.11n\x20Router\r\nLogin:\x20GET\x20/\x20HTTP/1\.0\r\n
SF:\r\nPassword:\x20")%r(HTTPOptions,54,"\xff\xfd\x01\xff\xfd!\xff\xfb\x01
SF:\xff\xfb\x03Comtrend\x20Gigabit\x20802\.11n\x20Router\r\nLogin:\x20OPTI
SF:ONS\x20/\x20HTTP/1\.0\r\n\r\nPassword:\x20")%r(RTSPRequest,54,"\xff\xfd
SF:\x01\xff\xfd!\xff\xfb\x01\xff\xfb\x03Comtrend\x20Gigabit\x20802\.11n\x2
SF:0Router\r\nLogin:\x20OPTIONS\x20/\x20RTSP/1\.0\r\n\r\nPassword:\x20")%r
SF:(RPCCheck,16,"\xff\xfd\x01\xff\xfd!\xff\xfb\x01\xff\xfb\x03\x80\^@\^@\(
SF:r\xfe\^\]")%r(DNSVersionBindReq,34,"\xff\xfd\x01\xff\xfd!\xff\xfb\x01\x
SF:ff\xfb\x03Comtrend\x20Gigabit\x20802\.11n\x20Router\r\nLogin:\x20")%r(D
SF:NSStatusRequest,4E,"\xff\xfd\x01\xff\xfd!\xff\xfb\x01\xff\xfb\x03Comtre
SF:nd\x20Gigabit\x20802\.11n\x20Router\r\nLogin:\x20\^@\^L\^@\^@\^P\^@\^@\
SF:^@\^@\^@\^@\^@\^@")%r(Help,44,"\xff\xfd\x01\xff\xfd!\xff\xfb\x01\xff\xf
SF:b\x03HELP\r\nComtrend\x20Gigabit\x20802\.11n\x20Router\r\nLogin:\x20Pas
SF:sword:\x20")%r(SSLSessionReq,36,"\xff\xfd\x01\xff\xfd!\xff\xfb\x01\xff\
SF:xfb\x03Comtrend\x20Gigabit\x20802\.11n\x20Router\r\nLogin:\x20\^A")%r(K
SF:erberos,3A,"\xff\xfd\x01\xff\xfd!\xff\xfb\x01\xff\xfb\x03Comtrend\x20Gi
SF:gabit\x20802\.11n\x20Router\r\nLogin:\x20\^B\^A\^B")%r(SMBProgNeg,109,"
SF:\xff\xfd\x01\xff\xfd!\xff\xfb\x01\xff\xfb\x03\^@\^@\^@\xa4Br\^@\^@\^@\^
SF:@\x08\x20\x08\x08\x20\x08\^A@\^@\^@\^@\^@\^@\^@\^@\^@\^@\^@\^@\^@\^@\^@
SF:@\^F\^@\^@\^A\^@\^@\x81\^@\^BPC\x20NETWORK\x20PROGRAM\x201\.0\^@\^BMICR
SF:OSOFT\x20NETWORKS\x201\.03\^@\^BMICROSOFT\x20NETWORKS\x203\.0\^@\^BLANM
SF:AN1\.0\^@\^BLM1\.2X002\^@\^BSamba\^@\^BNT\x20LANMAN\x201\.0\^@\^BNT\x20
SF:LM\x200\.12Comtrend\x20Gigabit\x20802\.11n\x20Router\r\nLogin:\x20")%r(
SF:X11Probe,49,"\xff\xfd\x01\xff\xfd!\xff\xfb\x01\xff\xfb\x03Comtrend\x20G
SF:igabit\x20802\.11n\x20Router\r\nLogin:\x20l\^@\^K\^@\^@\^@\^@\^@\^@\^@\
SF:^@")%r(FourOhFourRequest,73,"\xff\xfd\x01\xff\xfd!\xff\xfb\x01\xff\xfb\
SF:x03Comtrend\x20Gigabit\x20802\.11n\x20Router\r\nLogin:\x20GET\x20/nice%
SF:20ports%2C/Tri%6Eity\.txt%2ebak\x20HTTP/1\.0\r\n\r\nPassword:\x20");
No exact OS matches for host (If you know what OS is running on it, see http://nmap.org/submit/ ).
TCP/IP fingerprint:
OS:SCAN(V=6.47%E=4%D=1/12%OT=21%CT=1%CU=33576%PV=Y%DS=2%DC=T%G=Y%TM=54B32AC
OS:4%P=x86_64-unknown-linux-gnu)SEQ(SP=C2%GCD=1%ISR=CC%TI=Z%TS=8)OPS(O1=M5A
OS:CST11NW1%O2=M5ACST11NW1%O3=M5ACNNT11NW1%O4=M5ACST11NW1%O5=M5ACST11NW1%O6
OS:=M5ACST11)WIN(W1=1680%W2=1680%W3=1680%W4=1680%W5=1680%W6=1680)ECN(R=N)T1
OS:(R=Y%DF=Y%T=40%S=O%A=S+%F=AS%RD=0%Q=)T2(R=N)T3(R=N)T4(R=N)T5(R=Y%DF=Y%T=
OS:40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)T6(R=N)T7(R=N)U1(R=Y%DF=N%T=40%IPL=164%U
OS:N=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUD=G)IE(R=N)

Uptime guess: 1.360 days (since Sat Jan 10 18:22:55 2015)
Network Distance: 2 hops
TCP Sequence Prediction: Difficulty=204 (Good luck!)
IP ID Sequence Generation: All zeros
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel

TRACEROUTE (using port 8080/tcp)
HOP RTT     ADDRESS
1   0.15 ms 172.16.0.1
2   4.94 ms 192.168.1.1

NSE: Script Post-scanning.
Initiating NSE at 03:00
Completed NSE at 03:00, 0.00s elapsed
Read data files from: /usr/bin/../share/nmap
OS and Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 327.58 seconds
           Raw packets sent: 66288 (2.923MB) | Rcvd: 65990 (2.643MB) 

Starting Nmap 6.47 ( http://nmap.org ) at 2015-01-12 02:42 CET
NSE: Loaded 118 scripts for scanning.
NSE: Script Pre-scanning.
Initiating ARP Ping Scan at 02:42
Scanning 172.16.0.1 [1 port]
Completed ARP Ping Scan at 02:42, 0.02s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 02:42
Completed Parallel DNS resolution of 1 host. at 02:42, 0.02s elapsed
Initiating SYN Stealth Scan at 02:42
Scanning 172.16.0.1 [65535 ports]
Discovered open port 443/tcp on 172.16.0.1
Discovered open port 8090/tcp on 172.16.0.1
SYN Stealth Scan Timing: About 23.48% done; ETC: 02:44 (0:01:41 remaining)
SYN Stealth Scan Timing: About 59.55% done; ETC: 02:44 (0:00:41 remaining)
Discovered open port 3128/tcp on 172.16.0.1
Completed SYN Stealth Scan at 02:44, 87.71s elapsed (65535 total ports)
Initiating Service scan at 02:44
Scanning 3 services on 172.16.0.1
Completed Service scan at 02:45, 87.64s elapsed (3 services on 1 host)
Initiating OS detection (try #1) against 172.16.0.1
NSE: Script scanning 172.16.0.1.
Initiating NSE at 02:45
Completed NSE at 02:46, 30.03s elapsed
Nmap scan report for 172.16.0.1
Host is up (0.00027s latency).
Not shown: 65532 filtered ports
PORT     STATE SERVICE     VERSION
443/tcp  open  ssl/https   xxxx
|_http-favicon: Unknown favicon MD5: BF97ACFDA6C43ED4A05C48CBFD8188C3
|_http-methods: No Allow or Public header in OPTIONS response (status code 403)
| http-server-header: Software version grabbed from Server header.
| Consider submitting a service fingerprint.
|_Run with --script-args http-server-header.skip
| http-title: Cyberoam
|_Requested resource was https://172.16.0.1/corporate/webpages/login.jsp
| ssl-cert: Subject: commonName=CyberoamApplianceCertificate_C016700339/organizationName=Cyberoam/stateOrProvinceName=Gujarat/countryName=IN
| Issuer: commonName=Cyberoam Appliance CA_C016700339/organizationName=Cyberoam/stateOrProvinceName=Gujarat/countryName=IN
| Public Key type: rsa
| Public Key bits: 1024
| Not valid before: 2013-07-17T14:36:46+00:00
| Not valid after:  2036-12-31T15:36:46+00:00
| MD5:   f03b 1891 a65b 43de 763c 1be0 54be 10d3
|_SHA-1: f833 3f3d f320 c481 74b1 1907 2b89 cf9b b1d4 b400
|_ssl-date: 2015-01-12T01:45:33+00:00; 0s from local time.
3128/tcp open  squid-http?
| http-open-proxy: Potentially OPEN proxy.
|_Methods supported:  CONNECTION GET
8090/tcp open  ssl/unknown
| ssl-cert: Subject: commonName=Cyberoam SSL CA/organizationName=Elitecore/stateOrProvinceName=Gujarat/countryName=IN
| Issuer: commonName=Cyberoam SSL CA/organizationName=Elitecore/stateOrProvinceName=Gujarat/countryName=IN
| Public Key type: rsa
| Public Key bits: 2048
| Not valid before: 2012-07-09T21:05:04+00:00
| Not valid after:  2036-12-31T22:05:04+00:00
| MD5:   1f35 5746 2923 91d4 4cec 71bc 6ff3 943e
|_SHA-1: 2a7c 0a98 b424 f804 6466 6554 1bb8 89e7 3c77 0ac9
|_ssl-date: 2015-01-12T01:45:33+00:00; 0s from local time.
| sslv2:
|   SSLv2 supported
|   ciphers:
|     SSL2_DES_192_EDE3_CBC_WITH_MD5
|     SSL2_IDEA_128_CBC_WITH_MD5
|     SSL2_RC2_CBC_128_CBC_WITH_MD5
|     SSL2_RC4_128_WITH_MD5
|     SSL2_DES_64_CBC_WITH_MD5
|     SSL2_RC2_CBC_128_CBC_WITH_MD5
|_    SSL2_RC4_128_EXPORT40_WITH_MD5
MAC Address: 00:90:FB:23:2A:D6 (Portwell)
Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
Device type: general purpose
Running: Linux 2.6.X
OS CPE: cpe:/o:linux:linux_kernel:2.6
OS details: Linux 2.6.18 - 2.6.22
Network Distance: 1 hop
TCP Sequence Prediction: Difficulty=203 (Good luck!)
IP ID Sequence Generation: All zeros

TRACEROUTE
HOP RTT     ADDRESS
1   0.27 ms 172.16.0.1

NSE: Script Post-scanning.
Read data files from: /usr/bin/../share/nmap
OS and Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 207.97 seconds
           Raw packets sent: 131179 (5.774MB) | Rcvd: 80 (3.720KB)