Security Basics mailing list archives

Re: how to find out a list of available ftp servers on LAN

From: "Justin Ross" <RossJ () sddpc org>
Date: Tue, 01 May 2007 15:07:29 -0700

I personally use nmap -p21 -PS80 -oG - 10.X.X.1-254 | awk '/open/{print $2 " " $3}' > filename.txt

Using awk to strip off irrelevant data, this just lists the IP address and DNS name (if applicable) of all targetted 
hosts with port 21 open. 

justin.ross

"Turbo" <sandeep_kr () students iiit net> 5/1/2007 1:26:57 PM >>>

Thanks to all. I never thought I will find so helpful members here.

On Tue, 1 May 2007, Lukasz Szmit wrote:

On Sun, 2007-04-29 at 05:28 +0530, Turbo wrote:

I am using following command :-
nmap -n -P0 -p 21 -oG ftpLog.gnmap -iL IPs.txt
Are their other better options? or improvements to above command?
It takes around 7 mins to scan a list of 8960 IPs. Its ok, but I am still
looking for faster options.



I'd use:
nmap -n -P0 -sT -p 21 --max-retries 0 --open -oG ftpLog.gnmap -iL
IPs.txt


Wow! --open is good. That would save me one grep!
This is the exact command that I am using now:-
nmap -n -P0 -p 21 --max_rtt_timeout 100 --max_retries 0 --open -oG 
ftpLog.gnmap -iL IPs.txt
I don't have root privileges and so nmap defaults to -sT. The above 
command takes about 4 mins on my network. I am also going to try out other 
tools mentioned.
Thanks all. Still open to improvememnts...



If you're trying to discover accessible FTP' on you LAN, Connect scan
(-sT) is fine, otherwise use SYN (-sS) which *may* bypass some firewalls
and give better results.

Setting max-retries to 0 will result in nmap sending just a single probe
- this gives a significant improvement in scan time on my box for a /24
compared to defaults (1.172 seconds vs. 14.754 seconds). You may miss
some slow-to-respond boxes.

The --open option will spare you some noise in the output as
closed/filtered ports won't be reported.

regards,


-- 
I do know everything, just not all at once. It's a virtual memory problem.
Home Page : http://students.iiit.ac.in/~sandeep_kr 
Blog : http://sandy007smarty.blogspot.com

Current thread:

Re: how to find out a list of available ftp servers on LAN, (continued)
- - Re: how to find out a list of available ftp servers on LAN Pranay Kanwar (May 04)
    - Re: how to find out a list of available ftp servers on LAN Turbo (May 04)
    - Re: how to find out a list of available ftp servers on LAN Pranay Kanwar (May 04)
    - Re: how to find out a list of available ftp servers on LAN Turbo (May 07)
    - Re: how to find out a list of available ftp servers on LAN Pranay Kanwar (May 07)
    - Re: how to find out a list of available ftp servers on LAN Turbo (May 07)
    - Re: how to find out a list of available ftp servers on LAN Pranay Kanwar (May 07)
- Re: how to find out a list of available ftp servers on LAN Lukasz Szmit (May 01)
  - Re: how to find out a list of available ftp servers on LAN Turbo (May 01)
- Re: how to find out a list of available ftp servers on LAN Turbo (May 01)
- Re: how to find out a list of available ftp servers on LAN Justin Ross (May 01)
- Re: how to find out a list of available ftp servers on LAN Jason Ross (May 02)
- Re: how to find out a list of available ftp servers on LAN killy (May 03)