Nmap Development mailing list archives
NAP 3.55 SP2 testing
From: "Sean" <news_nospam_ () warnocksolutions com>
Date: Fri, 13 Aug 2004 09:08:43 -0700
Much better response than before. Performance is up from previous versions using a syn scan. I went ahead and ran 3.55 without the patch and sure enough my SP2 XP box just sits there for what seems like all eternity. The new patch seems to do version scanning correctly and as suspected TCP Connect scans take quite a while to complete. For comparisons I ran two scans against this host (tirpitz, an internal test machine running Windows Server 2003 and a ton of services). Time to complete a SYN scan was around half a second. The TCP connect scan was still running at over an hour when I finally just sent this e-mail. At this time I would say the TPC connect scan is broken on XP SP2 but having the application run at all again under XP is a great place to be. Thanks for all of the hard work to all of the contributors to the app and I whish I could do more than this. Sean Just a SYN scan with version scanning: Starting nmap 3.55-SP2 ( http://www.insecure.org/nmap ) at 2004-08-13 08:0 fic Daylight Time Host tirpitz.corp.warnocksolutions.com (192.168.200.201) appears to be up od. Initiating SYN Stealth Scan against tirpitz.corp.warnocksolutions.com (192 00.201) at 08:02 Adding open port 25/tcp Adding open port 593/tcp Adding open port 1067/tcp Adding open port 42/tcp Adding open port 53/tcp Adding open port 8081/tcp Adding open port 139/tcp Adding open port 3389/tcp Adding open port 6002/tcp Adding open port 3268/tcp Adding open port 443/tcp Adding open port 636/tcp Adding open port 3269/tcp Adding open port 1433/tcp Adding open port 691/tcp Adding open port 6001/tcp Adding open port 1026/tcp Adding open port 135/tcp Adding open port 445/tcp Adding open port 80/tcp Adding open port 6004/tcp Adding open port 1025/tcp Adding open port 444/tcp Adding open port 88/tcp Adding open port 389/tcp Adding open port 464/tcp Adding open port 1112/tcp The SYN Stealth Scan took 0 seconds to scan 1660 ports. Initiating service scan against 27 services on 1 host at 08:02 The service scan took 91 seconds to scan 27 services on 1 host. Interesting ports on tirpitz.corp.warnocksolutions.com (192.168.200.201): (The 1633 ports scanned but not shown below are in state: closed) PORT STATE SERVICE VERSION 25/tcp open smtp Microsoft ESMTP 6.0.3790.0 42/tcp open wins Microsoft Windows Wins 53/tcp open domain Microsoft DNS 80/tcp open http Microsoft IIS webserver 6.0 88/tcp open kerberos-sec Microsoft Windows kerberos-sec 135/tcp open msrpc Microsoft Windows msrpc 139/tcp open netbios-ssn 389/tcp open ldap Microsoft LDAP server 443/tcp open ssl Microsoft IIS SSL 444/tcp open ssl Microsoft IIS SSL 445/tcp open microsoft-ds Microsoft Windows 2003 microsoft-ds 464/tcp open kpasswd5? 593/tcp open http-rpc-epmap? 636/tcp open ssl Microsoft IIS SSL 691/tcp open resvc Microsoft Exchange routing server 6.5.7226 1025/tcp open msrpc Microsoft Windows msrpc 1026/tcp open msrpc Microsoft Windows msrpc 1067/tcp open msrpc Microsoft Windows msrpc 1112/tcp open msrpc Microsoft Windows msrpc 1433/tcp open ms-sql-s? 3268/tcp open ldap Microsoft LDAP server 3269/tcp open ssl Microsoft IIS SSL 3389/tcp open microsoft-rdp Microsoft Terminal Service (Windows 2000 S 6001/tcp open X11:1? 6002/tcp open X11:2? 6004/tcp open X11:4? 8081/tcp open blackice-icecap? 5 services unrecognized despite returning data. If you know the service/ve please submit the following fingerprints at http://www.insecure.org/cgi-b vicefp-submit.cgi : ==============NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)============== SF-Port593-TCP:V=3.55-SP2%D=8/13%Time=411CD7FE%P=i686-pc-windows-windows%r SF:(NULL,E,"ncacn_http/1\.0")%r(GenericLines,E,"ncacn_http/1\.0")%r(GetReq SF:uest,E,"ncacn_http/1\.0")%r(HTTPOptions,E,"ncacn_http/1\.0")%r(RTSPRequ SF:est,E,"ncacn_http/1\.0")%r(RPCCheck,E,"ncacn_http/1\.0")%r(DNSVersionBi SF:ndReq,E,"ncacn_http/1\.0")%r(DNSStatusRequest,E,"ncacn_http/1\.0")%r(He SF:lp,E,"ncacn_http/1\.0")%r(SSLSessionReq,E,"ncacn_http/1\.0")%r(SMBProgN SF:eg,26,"ncacn_http/1\.0\x05\0\r\x03\x10\0\0\0\x18\0\0\0\0\x08\x01@\x04\0 SF:\x01\x05\0\0\0\0")%r(X11Probe,E,"ncacn_http/1\.0")%r(LPDString,E,"ncacn SF:_http/1\.0")%r(LDAPBindReq,E,"ncacn_http/1\.0")%r(LANDesk-RC,E,"ncacn_h SF:ttp/1\.0")%r(TerminalServer,E,"ncacn_http/1\.0")%r(NCP,E,"ncacn_http/1\ SF:.0")%r(NotesRPC,E,"ncacn_http/1\.0")%r(WMSRequest,E,"ncacn_http/1\.0")% SF:r(oracle-tns,E,"ncacn_http/1\.0"); ==============NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)============== SF-Port6001-TCP:V=3.55-SP2%D=8/13%Time=411CD804%P=i686-pc-windows-windows% SF:r(NULL,E,"ncacn_http/1\.0")%r(X11Probe,E,"ncacn_http/1\.0")%r(GenericLi SF:nes,E,"ncacn_http/1\.0")%r(GetRequest,E,"ncacn_http/1\.0")%r(HTTPOption SF:s,E,"ncacn_http/1\.0")%r(RTSPRequest,E,"ncacn_http/1\.0")%r(RPCCheck,E, SF:"ncacn_http/1\.0")%r(DNSVersionBindReq,E,"ncacn_http/1\.0")%r(DNSStatus SF:Request,E,"ncacn_http/1\.0")%r(Help,E,"ncacn_http/1\.0")%r(SSLSessionRe SF:q,E,"ncacn_http/1\.0")%r(SMBProgNeg,26,"ncacn_http/1\.0\x05\0\r\x03\x10 SF:\0\0\0\x18\0\0\0\0\x08\x01@\x04\0\x01\x05\0\0\0\0")%r(LPDString,E,"ncac SF:n_http/1\.0")%r(LDAPBindReq,E,"ncacn_http/1\.0")%r(LANDesk-RC,E,"ncacn_ SF:http/1\.0")%r(TerminalServer,E,"ncacn_http/1\.0")%r(NCP,E,"ncacn_http/1 SF:\.0")%r(NotesRPC,E,"ncacn_http/1\.0")%r(WMSRequest,E,"ncacn_http/1\.0") SF:%r(oracle-tns,E,"ncacn_http/1\.0"); ==============NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)============== SF-Port6002-TCP:V=3.55-SP2%D=8/13%Time=411CD804%P=i686-pc-windows-windows% SF:r(NULL,E,"ncacn_http/1\.0")%r(X11Probe,E,"ncacn_http/1\.0")%r(GenericLi SF:nes,E,"ncacn_http/1\.0")%r(GetRequest,E,"ncacn_http/1\.0")%r(HTTPOption SF:s,E,"ncacn_http/1\.0")%r(RTSPRequest,E,"ncacn_http/1\.0")%r(RPCCheck,E, SF:"ncacn_http/1\.0")%r(DNSVersionBindReq,E,"ncacn_http/1\.0")%r(DNSStatus SF:Request,E,"ncacn_http/1\.0")%r(Help,E,"ncacn_http/1\.0")%r(SSLSessionRe SF:q,E,"ncacn_http/1\.0")%r(SMBProgNeg,26,"ncacn_http/1\.0\x05\0\r\x03\x10 SF:\0\0\0\x18\0\0\0\0\x08\x01@\x04\0\x01\x05\0\0\0\0")%r(LPDString,E,"ncac SF:n_http/1\.0")%r(LDAPBindReq,E,"ncacn_http/1\.0")%r(LANDesk-RC,E,"ncacn_ SF:http/1\.0")%r(TerminalServer,E,"ncacn_http/1\.0")%r(NCP,E,"ncacn_http/1 SF:\.0")%r(NotesRPC,E,"ncacn_http/1\.0")%r(WMSRequest,E,"ncacn_http/1\.0") SF:%r(oracle-tns,E,"ncacn_http/1\.0"); ==============NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)============== SF-Port6004-TCP:V=3.55-SP2%D=8/13%Time=411CD804%P=i686-pc-windows-windows% SF:r(NULL,E,"ncacn_http/1\.0")%r(X11Probe,E,"ncacn_http/1\.0")%r(GenericLi SF:nes,E,"ncacn_http/1\.0")%r(GetRequest,E,"ncacn_http/1\.0")%r(HTTPOption SF:s,E,"ncacn_http/1\.0")%r(RTSPRequest,E,"ncacn_http/1\.0")%r(RPCCheck,E, SF:"ncacn_http/1\.0")%r(DNSVersionBindReq,E,"ncacn_http/1\.0")%r(DNSStatus SF:Request,E,"ncacn_http/1\.0")%r(Help,E,"ncacn_http/1\.0")%r(SSLSessionRe SF:q,E,"ncacn_http/1\.0")%r(SMBProgNeg,26,"ncacn_http/1\.0\x05\0\r\x03\x10 SF:\0\0\0\x18\0\0\0\0\x08\x01@\x04\0\x01\x05\0\0\0\0")%r(LPDString,E,"ncac SF:n_http/1\.0")%r(LDAPBindReq,E,"ncacn_http/1\.0")%r(LANDesk-RC,E,"ncacn_ SF:http/1\.0")%r(TerminalServer,E,"ncacn_http/1\.0")%r(NCP,E,"ncacn_http/1 SF:\.0")%r(NotesRPC,E,"ncacn_http/1\.0")%r(WMSRequest,E,"ncacn_http/1\.0") SF:%r(oracle-tns,E,"ncacn_http/1\.0"); ==============NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)============== SF-Port8081-TCP:V=3.55-SP2%D=8/13%Time=411CD80A%P=i686-pc-windows-windows% SF:r(GetRequest,A5,"HTTP/1\.1\x20503\x20Service\x20Unavailable\r\nContent- SF:Type:\x20text/html\r\nDate:\x20Fri,\x2013\x20Aug\x202004\x2015:01:10\x2 SF:0GMT\r\nConnection:\x20close\r\nContent-Length:\x2028\r\n\r\n<h1>Servic SF:e\x20Unavailable</h1>")%r(HTTPOptions,A5,"HTTP/1\.1\x20503\x20Service\x SF:20Unavailable\r\nContent-Type:\x20text/html\r\nDate:\x20Fri,\x2013\x20A SF:ug\x202004\x2015:01:15\x20GMT\r\nConnection:\x20close\r\nContent-Length SF::\x2028\r\n\r\n<h1>Service\x20Unavailable</h1>")%r(RTSPRequest,95,"HTTP SF:/1\.1\x20400\x20Bad\x20Request\r\nContent-Type:\x20text/html\r\nDate:\x SF:20Fri,\x2013\x20Aug\x202004\x2015:01:15\x20GMT\r\nConnection:\x20close\ SF:r\nContent-Length:\x2020\r\n\r\n<h1>Bad\x20Request</h1>")%r(RPCCheck,A4 SF:,"HTTP/1\.1\x20400\x20Bad\x20Request\r\nContent-Type:\x20text/html\r\nD SF:ate:\x20Fri,\x2013\x20Aug\x202004\x2015:01:15\x20GMT\r\nConnection:\x20 SF:close\r\nContent-Length:\x2035\r\n\r\n<h1>Bad\x20Request\x20\(Invalid\x SF:20Verb\)</h1>")%r(DNSVersionBindReq,A4,"HTTP/1\.1\x20400\x20Bad\x20Requ SF:est\r\nContent-Type:\x20text/html\r\nDate:\x20Fri,\x2013\x20Aug\x202004 SF:\x2015:01:15\x20GMT\r\nConnection:\x20close\r\nContent-Length:\x2035\r\ SF:n\r\n<h1>Bad\x20Request\x20\(Invalid\x20Verb\)</h1>")%r(DNSStatusReques SF:t,A4,"HTTP/1\.1\x20400\x20Bad\x20Request\r\nContent-Type:\x20text/html\ SF:r\nDate:\x20Fri,\x2013\x20Aug\x202004\x2015:01:15\x20GMT\r\nConnection: SF:\x20close\r\nContent-Length:\x2035\r\n\r\n<h1>Bad\x20Request\x20\(Inval SF:id\x20Verb\)</h1>")%r(Help,A4,"HTTP/1\.1\x20400\x20Bad\x20Request\r\nCo SF:ntent-Type:\x20text/html\r\nDate:\x20Fri,\x2013\x20Aug\x202004\x2015:01 SF::15\x20GMT\r\nConnection:\x20close\r\nContent-Length:\x2035\r\n\r\n<h1> SF:Bad\x20Request\x20\(Invalid\x20Verb\)</h1>")%r(SSLSessionReq,A4,"HTTP/1 SF:\.1\x20400\x20Bad\x20Request\r\nContent-Type:\x20text/html\r\nDate:\x20 SF:Fri,\x2013\x20Aug\x202004\x2015:01:15\x20GMT\r\nConnection:\x20close\r\ SF:nContent-Length:\x2035\r\n\r\n<h1>Bad\x20Request\x20\(Invalid\x20Verb\) SF:</h1>")%r(SMBProgNeg,A4,"HTTP/1\.1\x20400\x20Bad\x20Request\r\nContent- SF:Type:\x20text/html\r\nDate:\x20Fri,\x2013\x20Aug\x202004\x2015:01:15\x2 SF:0GMT\r\nConnection:\x20close\r\nContent-Length:\x2035\r\n\r\n<h1>Bad\x2 SF:0Request\x20\(Invalid\x20Verb\)</h1>"); Nmap run completed -- 1 IP address (1 host up) scanned in 90.937 seconds C:\nmap\nmap-3.55-SP2> Basic SYN scan Starting nmap 3.55-SP2 ( http://www.insecure.org/nmap ) at 2004-08-13 08:16 Paci fic Daylight Time Host tirpitz.corp.warnocksolutions.com (192.168.200.201) appears to be up ... go od. Initiating SYN Stealth Scan against tirpitz.corp.warnocksolutions.com (192.168.2 00.201) at 08:16 Adding open port 1025/tcp Adding open port 53/tcp Adding open port 88/tcp Adding open port 42/tcp Adding open port 1067/tcp Adding open port 6001/tcp Adding open port 3389/tcp Adding open port 135/tcp Adding open port 1433/tcp Adding open port 8081/tcp Adding open port 80/tcp Adding open port 1112/tcp Adding open port 389/tcp Adding open port 139/tcp Adding open port 691/tcp Adding open port 25/tcp Adding open port 636/tcp Adding open port 6004/tcp Adding open port 593/tcp Adding open port 3269/tcp Adding open port 464/tcp Adding open port 6002/tcp Adding open port 443/tcp Adding open port 3268/tcp Adding open port 1026/tcp Adding open port 445/tcp Adding open port 444/tcp The SYN Stealth Scan took 0 seconds to scan 1660 ports. Interesting ports on tirpitz.corp.warnocksolutions.com (192.168.200.201): (The 1633 ports scanned but not shown below are in state: closed) PORT STATE SERVICE 25/tcp open smtp 42/tcp open nameserver 53/tcp open domain 80/tcp open http 88/tcp open kerberos-sec 135/tcp open msrpc 139/tcp open netbios-ssn 389/tcp open ldap 443/tcp open https 444/tcp open snpp 445/tcp open microsoft-ds 464/tcp open kpasswd5 593/tcp open http-rpc-epmap 636/tcp open ldapssl 691/tcp open resvc 1025/tcp open NFS-or-IIS 1026/tcp open LSA-or-nterm 1067/tcp open instl_boots 1112/tcp open msql 1433/tcp open ms-sql-s 3268/tcp open globalcatLDAP 3269/tcp open globalcatLDAPssl 3389/tcp open ms-term-serv 6001/tcp open X11:1 6002/tcp open X11:2 6004/tcp open X11:4 8081/tcp open blackice-icecap Nmap run completed -- 1 IP address (1 host up) scanned in 0.578 seconds
Current thread:
- NAP 3.55 SP2 testing Sean (Aug 13)