Nmap Development mailing list archives
RE: Windows port question
From: "Vassili Sukharev" <vassili.sukharev () ecora com>
Date: Thu, 20 Jun 2002 13:46:24 -0400
Worked great, thanks Andy!
-----Original Message----- From: Andy Lutomirski [mailto:Luto () myrealbox com] Sent: Thursday, June 20, 2002 1:02 PM To: nmap-dev () insecure org Subject: Re: Windows port question The connect() call on Windows is broken (I mean it is intentionally non-conformant and hideously slow on failure to interoperate with the broken TCP listeners on Windows...). The result is that connect scans suck on Windows. Try using -sS to get a SYN scan -- better in any case. Andy ----- Original Message ----- From: "Vassili Sukharev" <vassili.sukharev () ecora com> To: <nmap-dev () insecure org> Sent: Thursday, June 20, 2002 8:05 AM Subject: RE: Windows port questionThanks for all the suggestions, this one specifically solvedthe issue :)(was using it under w2k without winpcap). There's still a problem however.. linux-based nmap does the scanning ofourlocal machines much faster than the windows-based one.. Something like 5 seconds vs 380 seconds for a single host.. And these running times are consistent throughout several runs/machines.. Also, as you see from the output I post below, windows version doesn't find any open or closed TCP ports on the same machine.. Running on linux: ./nmap -O data Starting nmap V. 2.54BETA33 ( www.insecure.org/nmap/ ) Interesting ports on .... (The 1538 ports scanned but not shown below are in state: closed) Port State Service 21/tcp open ftp 22/tcp open ssh 23/tcp open telnet 25/tcp open smtp 79/tcp open finger 80/tcp open http 98/tcp open linuxconf 111/tcp open sunrpc 113/tcp open auth 143/tcp open imap2 513/tcp open login 514/tcp open shell 515/tcp open printer 977/tcp open unknown 1024/tcp open kdm 5432/tcp open postgres Remote operating system guess: Linux 2.1.19 - 2.2.19 Uptime 30.686 days (since Mon May 20 18:10:54 2002) Nmap run completed -- 1 IP address (1 host up) scanned in 5 seconds ----------------------------------- Running on windows: ./nmap -O data Starting nmap V. 2.54BETA36 ( www.insecure.org/nmap ) Warning: OS detection will be MUCH less reliable because wedid not find atleast 1 open and 1 clos ed TCP port Insufficient responses for TCP sequencing (1), OS detection may be less accurate Interesting ports on .... (The 1542 ports scanned but not shown below are in state: filtered) Port State Service 21/tcp open ftp 22/tcp open ssh 23/tcp open telnet 25/tcp open smtp 79/tcp open finger 80/tcp open http 98/tcp open linuxconf 111/tcp open sunrpc 113/tcp open auth 143/tcp open imap2 513/tcp open login 514/tcp open shell 515/tcp open printer 977/tcp open unknown 1024/tcp open kdm 5432/tcp open postgres Remote OS guesses: Linux 2.1.19 - 2.2.19, Linux 2.2.19 on a DEC Alpha Nmap run completed -- 1 IP address (1 host up) scanned in 394 seconds Any guess as to why the windows version would be so much slower/produce different results? Oh, and the version discrepancy between the two runs doesn't matter inthiscase, these results are reproducible with any recent version of nmap. Thanks, Vassili-----Original Message----- From: stefan [mailto:spladder () cyber2000 de] Sent: Tuesday, June 18, 2002 6:57 AM To: Vassili Sukharev Subject: Re: Windows port question You did use nmap under windows right? I tried that onceeither and theseresults like you gained seem to look for me like you used itunder win98(where it definitly won't work) or under win2k/xp without havinginstalledwinpcap. You need to install this program to run nmap under windows, afterthat it should work, at least with the -P0 flag. ----- Original Message ----- From: "Vassili Sukharev" <vassili.sukharev () ecora com> To: <nmap-dev () insecure org> Sent: Monday, June 17, 2002 5:46 PM Subject: Windows port questionHi, can somebody please tell me whether OS fingerprintingfunctionalityhasbeen tested on Windows? Here's what I got upon running against aworkinghost on my network: Starting nmap V. 2.54BETA36 ( www.insecure.org/nmap ) Note: Host seems down. If it is really up, but blocking our pingprobes,try -P0 Nmap run completed -- 1 IP address (0 hosts up) scanned in43 secondsThanks, Vassili Sukharev---------------------------------------------------------------------For help using this (nmap-dev) mailing list, send a blank email to nmap-dev-help () insecure org . List run by ezmlm-idx (www.ezmlm.org).--------------------------------------------------------------------- For help using this (nmap-dev) mailing list, send a blank email to nmap-dev-help () insecure org . List run by ezmlm-idx (www.ezmlm.org).--------------------------------------------------------------------- For help using this (nmap-dev) mailing list, send a blank email to nmap-dev-help () insecure org . List run by ezmlm-idx (www.ezmlm.org).
--------------------------------------------------------------------- For help using this (nmap-dev) mailing list, send a blank email to nmap-dev-help () insecure org . List run by ezmlm-idx (www.ezmlm.org).
Current thread:
- Windows port question Vassili Sukharev (Jun 17)
- Re: Windows port question Bradley Kite (Jun 17)
- Re: Windows port question Roeland Th. Jansen (Jun 17)
- Re: Windows port question ~Kevin DavisĀ³ (Jun 17)
- <Possible follow-ups>
- RE: Windows port question Vassili Sukharev (Jun 20)
- Re: Windows port question Andy Lutomirski (Jun 20)
- RE: Windows port question Vassili Sukharev (Jun 20)
- Re: Windows port question Andy Lutomirski (Jun 20)