Re: how to find out a list of available ftp servers on LAN

[Turbo <sandeep_kr () students iiit net>]

Thanks to all. I never thought I will find so helpful members here.

On Tue, 1 May 2007, Lukasz Szmit wrote:

> On Sun, 2007-04-29 at 05:28 +0530, Turbo wrote:
> > I am using following command :-
> > nmap -n -P0 -p 21 -oG ftpLog.gnmap -iL IPs.txt
> > Are their other better options? or improvements to above command?
> > It takes around 7 mins to scan a list of 8960 IPs. Its ok, but I am still
> > looking for faster options.
>
>
> I'd use:
> nmap -n -P0 -sT -p 21 --max-retries 0 --open -oG ftpLog.gnmap -iL
> IPs.txt

Wow! --open is good. That would save me one grep!
This is the exact command that I am using now:-
nmap -n -P0 -p 21 --max_rtt_timeout 100 --max_retries 0 --open -oG 
ftpLog.gnmap -iL IPs.txt
I don't have root privileges and so nmap defaults to -sT. The above 
command takes about 4 mins on my network. I am also going to try out other 
tools mentioned.
Thanks all. Still open to improvememnts...

> If you're trying to discover accessible FTP' on you LAN, Connect scan
> (-sT) is fine, otherwise use SYN (-sS) which *may* bypass some firewalls
> and give better results.
>
> Setting max-retries to 0 will result in nmap sending just a single probe
> - this gives a significant improvement in scan time on my box for a /24
> compared to defaults (1.172 seconds vs. 14.754 seconds). You may miss
> some slow-to-respond boxes.
>
> The --open option will spare you some noise in the output as
> closed/filtered ports won't be reported.
>
> regards,

--
I do know everything, just not all at once. It's a virtual memory problem.
Home Page : http://students.iiit.ac.in/~sandeep_kr
Blog : http://sandy007smarty.blogspot.com