Nmap Development mailing list archives
Re: How to detect all windows servers in network
From: "DePriest, Jason R." <jrdepriest () gmail com>
Date: Tue, 20 Feb 2007 10:56:00 -0600
On 2/20/07, Ankur Konwar wrote:
My task is to detect all the windows nt 4.0 and windows 2000/higher servers in my WAN. How do I use nmap to detect only these two operating system computers. What ports differentiate windows nt 4.0 and windows 2000/higher. is there any way of diffentiating similarily between windows 2000 servers and windows 2003 servers? Please help Ankur Konwar --
While I cannot answer your specific question, Microsoft does have some potentially useful information on their website (I know, hard to believe). This lists the ports used by many of their applications which include the NetBIOS and SMB ports used for lots of server domain traffic. http://www.microsoft.com/technet/security/smallbusiness/topics/serversecurity/ref_net_ports_ms_prod.mspx There are also some helpful knowledge base articles. Windows NT, Terminal Server, and Microsoft Exchange Services Use TCP/IP Ports http://support.microsoft.com/kb/150543 Service overview and network port requirements for the Windows Server system http://support.microsoft.com/kb/832017 I think the biggest difference between NT 4.0 and 2000/2003 is the addition of port 445 to the list. But there are circumstances where NT 4.0 could be using 445, too. If I were you, I would start with scanning for all systems that have ports 135/tcp and 137/tcp open and call them 'Probably Windows'. Then find all of those systems that also have port 445/tcp and call them 'Probably Windows 2000 or 2003' and the ones that don't have 445/tcp 'Probably Windows NT 4.0' Then give them a the -sV -O treatment to verify. At least you will be narrowing down the range of IPs you hit with a fill scan. -Jason _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- How to detect all windows servers in network Ankur Konwar (Feb 20)
- Re: How to detect all windows servers in network DePriest, Jason R. (Feb 20)
- Re: How to detect all windows servers in network DePriest, Jason R. (Feb 20)
- Re: How to detect all windows servers in network Brett Cunningham (Feb 20)