Nmap Development mailing list archives

RE: Windows port question

From: "Vassili Sukharev" <vassili.sukharev () ecora com>
Date: Thu, 20 Jun 2002 11:05:17 -0400


Thanks for all the suggestions, this one specifically solved the issue :)
(was using it under w2k without winpcap).

There's still a problem however.. linux-based nmap does the scanning of our
local machines much faster than the windows-based one.. Something like 5
seconds vs 380 seconds for a single host.. And these running times are
consistent throughout several runs/machines.. Also, as you see from the
output I post below, windows version doesn't find any open or closed TCP
ports on the same machine..

Running on linux:

./nmap -O data

Starting nmap V. 2.54BETA33 ( www.insecure.org/nmap/ )
Interesting ports on ....
(The 1538 ports scanned but not shown below are in state: closed)
Port       State       Service
21/tcp     open        ftp
22/tcp     open        ssh
23/tcp     open        telnet
25/tcp     open        smtp
79/tcp     open        finger
80/tcp     open        http
98/tcp     open        linuxconf
111/tcp    open        sunrpc
113/tcp    open        auth
143/tcp    open        imap2
513/tcp    open        login
514/tcp    open        shell
515/tcp    open        printer
977/tcp    open        unknown
1024/tcp   open        kdm
5432/tcp   open        postgres
Remote operating system guess: Linux 2.1.19 - 2.2.19
Uptime 30.686 days (since Mon May 20 18:10:54 2002)

Nmap run completed -- 1 IP address (1 host up) scanned in 5 seconds

-----------------------------------
Running on windows:

./nmap -O data

Starting nmap V. 2.54BETA36 ( www.insecure.org/nmap )
Warning:  OS detection will be MUCH less reliable because we did not find at
least 1 open and 1 clos
ed TCP port
Insufficient responses for TCP sequencing (1), OS detection may be less
accurate
Interesting ports on ....
(The 1542 ports scanned but not shown below are in state: filtered)
Port       State       Service
21/tcp     open        ftp
22/tcp     open        ssh
23/tcp     open        telnet
25/tcp     open        smtp
79/tcp     open        finger
80/tcp     open        http
98/tcp     open        linuxconf
111/tcp    open        sunrpc
113/tcp    open        auth
143/tcp    open        imap2
513/tcp    open        login
514/tcp    open        shell
515/tcp    open        printer
977/tcp    open        unknown
1024/tcp   open        kdm
5432/tcp   open        postgres
Remote OS guesses: Linux 2.1.19 - 2.2.19, Linux 2.2.19 on a DEC Alpha

Nmap run completed -- 1 IP address (1 host up) scanned in 394 seconds



Any guess as to why the windows version would be so much slower/produce
different results?

Oh, and the version discrepancy between the two runs doesn't matter in this
case, these results are reproducible with any recent version of nmap.

Thanks,
Vassili

-----Original Message-----
From: stefan [mailto:spladder () cyber2000 de]
Sent: Tuesday, June 18, 2002 6:57 AM
To: Vassili Sukharev
Subject: Re: Windows port question

You did use nmap under windows right? I tried that once either and these
results like you gained seem to look for me like you used it under win98
(where it definitly won't work) or under win2k/xp without having installed
winpcap. You need to install this program to run nmap under windows,
afterthat it should work, at least with the -P0 flag.

----- Original Message -----
From: "Vassili Sukharev" <vassili.sukharev () ecora com>
To: <nmap-dev () insecure org>
Sent: Monday, June 17, 2002 5:46 PM
Subject: Windows port question


Hi, can somebody please tell me whether OS fingerprinting functionality

has

been tested on Windows? Here's what I got upon running against a working
host on my network:

Starting nmap V. 2.54BETA36 ( www.insecure.org/nmap )
Note: Host seems down. If it is really up, but blocking our ping probes,
try -P0
Nmap run completed -- 1 IP address (0 hosts up) scanned in 43 seconds

Thanks,
Vassili Sukharev


---------------------------------------------------------------------
For help using this (nmap-dev) mailing list, send a blank email to
nmap-dev-help () insecure org . List run by ezmlm-idx (www.ezmlm.org).



---------------------------------------------------------------------
For help using this (nmap-dev) mailing list, send a blank email to 
nmap-dev-help () insecure org . List run by ezmlm-idx (www.ezmlm.org).

Current thread:

Windows port question Vassili Sukharev (Jun 17)
- Re: Windows port question Bradley Kite (Jun 17)
- Re: Windows port question Roeland Th. Jansen (Jun 17)
  - Re: Windows port question ~Kevin Davis³ (Jun 17)
- <Possible follow-ups>
- RE: Windows port question Vassili Sukharev (Jun 20)
  - Re: Windows port question Andy Lutomirski (Jun 20)
    - RE: Windows port question Vassili Sukharev (Jun 20)