Nmap Development mailing list archives
Re: How to detect all windows servers in network
From: "Brett Cunningham" <cssniper22 () gmail com>
Date: Tue, 20 Feb 2007 12:01:14 -0600
I'm not sure what the workstation's OS you'd run the scan on, but if it's a nix box, grep it! That, or we use OCS Inventory (see: http://ocsinventory.sourceforge.net/) which works very well. On 2/20/07, DePriest, Jason R. <jrdepriest () gmail com> wrote:
On 2/20/07, Ankur Konwar wrote:My task is to detect all the windows nt 4.0 and windows 2000/higherserversin my WAN. How do I use nmap to detect only these two operating system computers. What ports differentiate windows nt 4.0 and windows2000/higher.is there any way of diffentiating similarily between windows 2000serversand windows 2003 servers? Please help Ankur Konwar --Opps. I just realized you may have been looking for the distinction between a Workstation and a Server instead of Windows NT and Windows 2k/2k3. Well... since Workstations almost always run the Server service and Servers run the Workstation service, I don't know what to tell you. I just did a scan against a Windows 2000 Professional workstation and a Windows 2000 Server server: nmap -sS -sU -sV -O Here are some notable comparisons. * Both have 135/tcp, 139/tcp, 445/tcp, and 137/udp * Both have 1434/udp with identical signatures, even though one is MSDE and the other is full-blown MSSQL. * nmap comes to ~almost~ the same conclusion on both for the operating system Both - Device type: general purpose Running: Microsoft Windows NT/2K/XP TCP Sequence Prediction: Class=truly random Difficulty=9999999 (Good luck!) IPID Sequence Generation: Incremental Service Info: OS: Windows 2000 Pro - OS details: Microsoft Windows XP Pro SP1/SP2 or 2000 SP4 2000 Server - OS details: Microsoft Windows 2000 SP4 or XP SP1 * The Server has port 1031/tcp open and the Pro system does not. * The Server has port 3389/tcp open and the Pro system does not. This is for remote desktop access and means that I have installed and enabled Terminal Services on this server. But not all servers will have this enabled and some workstations will have it enabled. * The Server has port 427/udp open and the Pro system does not. This seems to be a part of IBM Director software. So you could look for server management software like HP / Compaq Insight and IBM Director. But that assumes that every server system actually has this type of software installed. You would have to check out the sites for the individual server manufacturers and see what ports their software can use. You'd need to go back a few revisions, too since folks might not keep it updated. If all of the systems are in a domain and you have domain admin rights (or access to them), you could use Microsoft Sysinternals' psinfo tool and just query every system looking for those that come back as Product Type: Server. I don't think there is a magical port combination that will yield just servers and not workstations. -Jason _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- How to detect all windows servers in network Ankur Konwar (Feb 20)
- Re: How to detect all windows servers in network DePriest, Jason R. (Feb 20)
- Re: How to detect all windows servers in network DePriest, Jason R. (Feb 20)
- Re: How to detect all windows servers in network Brett Cunningham (Feb 20)