Home page logo
/

nmap-dev logo Nmap Development mailing list archives

RE: NMAP 3.5 Winpcap 3.0
From: "Sean Warnock" <removeme_news () warnocksolutions com>
Date: Tue, 27 Apr 2004 07:53:56 -0700

Well the suggestion to run -d or -dd helped out a bit. This does give a little more information on what is going on. Here is the output it generated the following command line.


nmap tirpitz -v -d

Starting nmap 3.50 ( http://www.insecure.org/nmap ) at 2004-04-27 06:51 Pacific Daylight Time Packet capture filter: (icmp and dst host 192.168.200.29) or ((tcp or udp) and dst host 192.168.200.29 and ( dst port 33848 or dst port 33849 or dst port 33850 or dst port 33851 or dst port 33852)) We got a ping packet back from 192.168.200.202: id = 21168 seq = 26229 checksum = 18138 Hostupdate called for machine 192.168.200.202 state UNKNOWN/COMBO -> HOST_UP (trynum 0, dotimeadj: yes time: 0) Finished block: srtt: 0 rttvar: 5000 timeout: 300000 block_tries: 1 up_this_block: 1 down_this_block: 0 group_sz: 1
massping done:  num_hosts: 1  num_responses: 1
Host tirpitz.corp.warnocksolutions.com (192.168.200.202) appears to be up ... good.
Starting pos_scan (SYN Stealth Scan)
Packet capture filter: dst host 192.168.200.29 and (icmp or (tcp and src host 192.168.200.202)) Initiating SYN Stealth Scan against tirpitz.corp.warnocksolutions.com (192.168.200.202) at 06:51 Activating firewall speed-optimization mode for host tirpitz.corp.warnocksolutions.com (192.168.200.202) -- adjusting ideal_queries from 30 to 30 Finished round #1. Current stats: numqueries_ideal: 30; min_width: 1; max_width: 150; packet_incr: 4; senddelay: 0us; fallback: 70% Finished round #2. Current stats: numqueries_ideal: 30; min_width: 1; max_width: 150; packet_incr: 4; senddelay: 0us; fallback: 70%
The SYN Stealth Scan took 72 seconds to scan 1659 ports.
All 1659 scanned ports on tirpitz.corp.warnocksolutions.com (192.168.200.202) are: filtered
Final times for host: srtt: 0 rttvar: 5000  to: 300000

Nmap run completed -- 1 IP address (1 host up) scanned in 72.212 seconds


If I do a -sT (fully open port scan) I do get a proper listing such as the second command output below. Can anyone help me out decoding what nmap is doing on the first scan? I am almost certain this is related to Windows XP SP2 RC1 but I just don't know what I'm looking at.

nmap tirpitz -v -dd -sT

Starting nmap 3.50 ( http://www.insecure.org/nmap ) at 2004-04-27 06:57 Pacific Daylight Time
Interesting ports on tirpitz.corp.warnocksolutions.com (192.168.200.202):
(The 1627 ports scanned but not shown below are in state: filtered)
PORT      STATE SERVICE
25/tcp    open  smtp
26/tcp    open  unknown
42/tcp    open  nameserver
53/tcp    open  domain
80/tcp    open  http
88/tcp    open  kerberos-sec
135/tcp   open  msrpc
139/tcp   open  netbios-ssn
389/tcp   open  ldap
443/tcp   open  https
445/tcp   open  microsoft-ds
464/tcp   open  kpasswd5
593/tcp   open  http-rpc-epmap
636/tcp   open  ldapssl
691/tcp   open  resvc
1026/tcp  open  LSA-or-nterm
1029/tcp  open  ms-lsa
1040/tcp  open  netsaint
1080/tcp  open  socks
1220/tcp  open  quicktime
1433/tcp  open  ms-sql-s
3268/tcp  open  globalcatLDAP
3269/tcp  open  globalcatLDAPssl
3372/tcp  open  msdtc
3389/tcp  open  ms-term-serv
6101/tcp  open  VeritasBackupExec
6106/tcp  open  isdninfo
8000/tcp  open  http-alt
8081/tcp  open  blackice-icecap
8443/tcp  open  https-alt
10000/tcp open  snet-sensor-mgmt
38292/tcp open  landesk-cba

Nmap run completed -- 1 IP address (1 host up) scanned in 412.440 seconds





---------------------------------------------------------------------
For help using this (nmap-dev) mailing list, send a blank email to nmap-dev-help () insecure org . List archive: http://seclists.org



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault