Nmap Development mailing list archives
RE: NMAP 3.5 Winpcap 3.0
From: "Sean Warnock" <removeme_news () warnocksolutions com>
Date: Tue, 27 Apr 2004 07:53:56 -0700
Well the suggestion to run -d or -dd helped out a bit. This does give a little more information on what is going on. Here is the output it generated the following command line.
nmap tirpitz -v -dStarting nmap 3.50 ( http://www.insecure.org/nmap ) at 2004-04-27 06:51 Pacific Daylight Time Packet capture filter: (icmp and dst host 192.168.200.29) or ((tcp or udp) and dst host 192.168.200.29 and ( dst port 33848 or dst port 33849 or dst port 33850 or dst port 33851 or dst port 33852)) We got a ping packet back from 192.168.200.202: id = 21168 seq = 26229 checksum = 18138 Hostupdate called for machine 192.168.200.202 state UNKNOWN/COMBO -> HOST_UP (trynum 0, dotimeadj: yes time: 0) Finished block: srtt: 0 rttvar: 5000 timeout: 300000 block_tries: 1 up_this_block: 1 down_this_block: 0 group_sz: 1
massping done: num_hosts: 1 num_responses: 1Host tirpitz.corp.warnocksolutions.com (192.168.200.202) appears to be up ... good.
Starting pos_scan (SYN Stealth Scan)Packet capture filter: dst host 192.168.200.29 and (icmp or (tcp and src host 192.168.200.202)) Initiating SYN Stealth Scan against tirpitz.corp.warnocksolutions.com (192.168.200.202) at 06:51 Activating firewall speed-optimization mode for host tirpitz.corp.warnocksolutions.com (192.168.200.202) -- adjusting ideal_queries from 30 to 30 Finished round #1. Current stats: numqueries_ideal: 30; min_width: 1; max_width: 150; packet_incr: 4; senddelay: 0us; fallback: 70% Finished round #2. Current stats: numqueries_ideal: 30; min_width: 1; max_width: 150; packet_incr: 4; senddelay: 0us; fallback: 70%
The SYN Stealth Scan took 72 seconds to scan 1659 ports.All 1659 scanned ports on tirpitz.corp.warnocksolutions.com (192.168.200.202) are: filtered
Final times for host: srtt: 0 rttvar: 5000 to: 300000 Nmap run completed -- 1 IP address (1 host up) scanned in 72.212 secondsIf I do a -sT (fully open port scan) I do get a proper listing such as the second command output below. Can anyone help me out decoding what nmap is doing on the first scan? I am almost certain this is related to Windows XP SP2 RC1 but I just don't know what I'm looking at.
nmap tirpitz -v -dd -sTStarting nmap 3.50 ( http://www.insecure.org/nmap ) at 2004-04-27 06:57 Pacific Daylight Time
Interesting ports on tirpitz.corp.warnocksolutions.com (192.168.200.202): (The 1627 ports scanned but not shown below are in state: filtered) PORT STATE SERVICE 25/tcp open smtp 26/tcp open unknown 42/tcp open nameserver 53/tcp open domain 80/tcp open http 88/tcp open kerberos-sec 135/tcp open msrpc 139/tcp open netbios-ssn 389/tcp open ldap 443/tcp open https 445/tcp open microsoft-ds 464/tcp open kpasswd5 593/tcp open http-rpc-epmap 636/tcp open ldapssl 691/tcp open resvc 1026/tcp open LSA-or-nterm 1029/tcp open ms-lsa 1040/tcp open netsaint 1080/tcp open socks 1220/tcp open quicktime 1433/tcp open ms-sql-s 3268/tcp open globalcatLDAP 3269/tcp open globalcatLDAPssl 3372/tcp open msdtc 3389/tcp open ms-term-serv 6101/tcp open VeritasBackupExec 6106/tcp open isdninfo 8000/tcp open http-alt 8081/tcp open blackice-icecap 8443/tcp open https-alt 10000/tcp open snet-sensor-mgmt 38292/tcp open landesk-cba Nmap run completed -- 1 IP address (1 host up) scanned in 412.440 seconds ---------------------------------------------------------------------For help using this (nmap-dev) mailing list, send a blank email to nmap-dev-help () insecure org . List archive: http://seclists.org
Current thread:
- NMAP 3.5 Winpcap 3.0 Sean Warnock (Apr 23)
- <Possible follow-ups>
- RE: NMAP 3.5 Winpcap 3.0 testic (Apr 23)
- RE: NMAP 3.5 Winpcap 3.0 Sean Warnock (Apr 27)