Home page logo
/

nmap-dev logo Nmap Development mailing list archives

Re: Windows port question
From: "Andy Lutomirski" <Luto () myrealbox com>
Date: Thu, 20 Jun 2002 10:01:55 -0700

The connect() call on Windows is broken (I mean it is intentionally
non-conformant and hideously slow on failure to interoperate with the broken
TCP listeners on Windows...).  The result is that connect scans suck on
Windows.

Try using -sS to get a SYN scan -- better in any case.

Andy

----- Original Message -----
From: "Vassili Sukharev" <vassili.sukharev () ecora com>
To: <nmap-dev () insecure org>
Sent: Thursday, June 20, 2002 8:05 AM
Subject: RE: Windows port question



Thanks for all the suggestions, this one specifically solved the issue :)
(was using it under w2k without winpcap).

There's still a problem however.. linux-based nmap does the scanning of
our
local machines much faster than the windows-based one.. Something like 5
seconds vs 380 seconds for a single host.. And these running times are
consistent throughout several runs/machines.. Also, as you see from the
output I post below, windows version doesn't find any open or closed TCP
ports on the same machine..

Running on linux:

./nmap -O data

Starting nmap V. 2.54BETA33 ( www.insecure.org/nmap/ )
Interesting ports on ....
(The 1538 ports scanned but not shown below are in state: closed)
Port       State       Service
21/tcp     open        ftp
22/tcp     open        ssh
23/tcp     open        telnet
25/tcp     open        smtp
79/tcp     open        finger
80/tcp     open        http
98/tcp     open        linuxconf
111/tcp    open        sunrpc
113/tcp    open        auth
143/tcp    open        imap2
513/tcp    open        login
514/tcp    open        shell
515/tcp    open        printer
977/tcp    open        unknown
1024/tcp   open        kdm
5432/tcp   open        postgres
Remote operating system guess: Linux 2.1.19 - 2.2.19
Uptime 30.686 days (since Mon May 20 18:10:54 2002)

Nmap run completed -- 1 IP address (1 host up) scanned in 5 seconds

-----------------------------------
Running on windows:

./nmap -O data

Starting nmap V. 2.54BETA36 ( www.insecure.org/nmap )
Warning:  OS detection will be MUCH less reliable because we did not find
at
least 1 open and 1 clos
ed TCP port
Insufficient responses for TCP sequencing (1), OS detection may be less
accurate
Interesting ports on ....
(The 1542 ports scanned but not shown below are in state: filtered)
Port       State       Service
21/tcp     open        ftp
22/tcp     open        ssh
23/tcp     open        telnet
25/tcp     open        smtp
79/tcp     open        finger
80/tcp     open        http
98/tcp     open        linuxconf
111/tcp    open        sunrpc
113/tcp    open        auth
143/tcp    open        imap2
513/tcp    open        login
514/tcp    open        shell
515/tcp    open        printer
977/tcp    open        unknown
1024/tcp   open        kdm
5432/tcp   open        postgres
Remote OS guesses: Linux 2.1.19 - 2.2.19, Linux 2.2.19 on a DEC Alpha

Nmap run completed -- 1 IP address (1 host up) scanned in 394 seconds



Any guess as to why the windows version would be so much slower/produce
different results?

Oh, and the version discrepancy between the two runs doesn't matter in
this
case, these results are reproducible with any recent version of nmap.

Thanks,
Vassili


-----Original Message-----
From: stefan [mailto:spladder () cyber2000 de]
Sent: Tuesday, June 18, 2002 6:57 AM
To: Vassili Sukharev
Subject: Re: Windows port question


You did use nmap under windows right? I tried that once either and these
results like you gained seem to look for me like you used it under win98
(where it definitly won't work) or under win2k/xp without having
installed
winpcap. You need to install this program to run nmap under windows,
afterthat it should work, at least with the -P0 flag.

----- Original Message -----
From: "Vassili Sukharev" <vassili.sukharev () ecora com>
To: <nmap-dev () insecure org>
Sent: Monday, June 17, 2002 5:46 PM
Subject: Windows port question



Hi, can somebody please tell me whether OS fingerprinting
functionality
has
been tested on Windows? Here's what I got upon running against a
working
host on my network:

Starting nmap V. 2.54BETA36 ( www.insecure.org/nmap )
Note: Host seems down. If it is really up, but blocking our ping
probes,
try -P0
Nmap run completed -- 1 IP address (0 hosts up) scanned in 43 seconds

Thanks,
Vassili Sukharev


---------------------------------------------------------------------
For help using this (nmap-dev) mailing list, send a blank email to
nmap-dev-help () insecure org . List run by ezmlm-idx (www.ezmlm.org).





---------------------------------------------------------------------
For help using this (nmap-dev) mailing list, send a blank email to
nmap-dev-help () insecure org . List run by ezmlm-idx (www.ezmlm.org).






---------------------------------------------------------------------
For help using this (nmap-dev) mailing list, send a blank email to 
nmap-dev-help () insecure org . List run by ezmlm-idx (www.ezmlm.org).



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault