Well the suggestion to run -d or -dd helped out a bit. This does give a
little more information on what is going on. Here is the output it
generated the following command line.
nmap tirpitz -v -d
Starting nmap 3.50 ( http://www.insecure.org/nmap ) at 2004-04-27 06:51
Pacific Daylight Time
Packet capture filter: (icmp and dst host 192.168.200.29) or ((tcp or udp)
and dst host 192.168.200.29 and ( dst port 33848 or dst port 33849 or dst
port 33850 or dst port 33851 or dst port 33852))
We got a ping packet back from 192.168.200.202: id = 21168 seq = 26229
checksum = 18138
Hostupdate called for machine 192.168.200.202 state UNKNOWN/COMBO -> HOST_UP
(trynum 0, dotimeadj: yes time: 0)
Finished block: srtt: 0 rttvar: 5000 timeout: 300000 block_tries: 1
up_this_block: 1 down_this_block: 0 group_sz: 1
massping done: num_hosts: 1 num_responses: 1
Host tirpitz.corp.warnocksolutions.com (192.168.200.202) appears to be up
... good.
Starting pos_scan (SYN Stealth Scan)
Packet capture filter: dst host 192.168.200.29 and (icmp or (tcp and src
host 192.168.200.202))
Initiating SYN Stealth Scan against tirpitz.corp.warnocksolutions.com
(192.168.200.202) at 06:51
Activating firewall speed-optimization mode for host
tirpitz.corp.warnocksolutions.com (192.168.200.202) -- adjusting
ideal_queries from 30 to 30
Finished round #1. Current stats: numqueries_ideal: 30; min_width: 1;
max_width: 150; packet_incr: 4; senddelay: 0us; fallback: 70%
Finished round #2. Current stats: numqueries_ideal: 30; min_width: 1;
max_width: 150; packet_incr: 4; senddelay: 0us; fallback: 70%
The SYN Stealth Scan took 72 seconds to scan 1659 ports.
All 1659 scanned ports on tirpitz.corp.warnocksolutions.com
(192.168.200.202) are: filtered
Final times for host: srtt: 0 rttvar: 5000 to: 300000
Nmap run completed -- 1 IP address (1 host up) scanned in 72.212 seconds
If I do a -sT (fully open port scan) I do get a proper listing such as the
second command output below. Can anyone help me out decoding what nmap is
doing on the first scan? I am almost certain this is related to Windows XP
SP2 RC1 but I just don't know what I'm looking at.
nmap tirpitz -v -dd -sT
Starting nmap 3.50 ( http://www.insecure.org/nmap ) at 2004-04-27 06:57
Pacific Daylight Time
Interesting ports on tirpitz.corp.warnocksolutions.com (192.168.200.202):
(The 1627 ports scanned but not shown below are in state: filtered)
PORT STATE SERVICE
25/tcp open smtp
26/tcp open unknown
42/tcp open nameserver
53/tcp open domain
80/tcp open http
88/tcp open kerberos-sec
135/tcp open msrpc
139/tcp open netbios-ssn
389/tcp open ldap
443/tcp open https
445/tcp open microsoft-ds
464/tcp open kpasswd5
593/tcp open http-rpc-epmap
636/tcp open ldapssl
691/tcp open resvc
1026/tcp open LSA-or-nterm
1029/tcp open ms-lsa
1040/tcp open netsaint
1080/tcp open socks
1220/tcp open quicktime
1433/tcp open ms-sql-s
3268/tcp open globalcatLDAP
3269/tcp open globalcatLDAPssl
3372/tcp open msdtc
3389/tcp open ms-term-serv
6101/tcp open VeritasBackupExec
6106/tcp open isdninfo
8000/tcp open http-alt
8081/tcp open blackice-icecap
8443/tcp open https-alt
10000/tcp open snet-sensor-mgmt
38292/tcp open landesk-cba
Nmap run completed -- 1 IP address (1 host up) scanned in 412.440 seconds
---------------------------------------------------------------------
For help using this (nmap-dev) mailing list, send a blank email to
nmap-dev-help@insecure.org . List archive: http://seclists.org
Received on Apr 27 2004
Intro
