Re: two problems and a question with nmap or nmapwin

[Fyodor <fyodor () insecure org>]

On Mon, May 05, 2003 at 10:42:37AM -0400, Robert Thompson wrote:

> it takes FOREVER to finish.  Makes no difference if I do it through
> nmapwin or nmap from a command line.  It CRAWLS!  For example, here is
> the screenshot back from a nmap commandline run:
>  
> nmap -sT -P0 -F -T 3 172.16.0.15
>  
> Starting nmap V. 3.00 ( www.insecure.org/nmap )
[cut]
> Nmap run completed -- 1 IP address (1 host up) scanned in 230 seconds

First of all, you might want to try a more recent version - 3.27
windows binaries are available in the command-line .zip package.  I
have also written Jens Vogt to see if he will update Nmapwin.

Also, I notice you are doing a connect() scan.  The README-WIN32 file
which comes with Nmap notes:

== TCP connect() scan can be agonizingly slow.  You may have luck by
   adding a new registy DWORD value to
   HKML\SYSTEM\CurrentControlSet\Services\TcpIp\Parameters named
   "MaxUserPort", with a large value like 65534).  See MS KB Q196271.

Have you tried this?  Please let use know whether it helps.

> I want an nmap command that will give me back a list of all of the
> IP addresses on this side of my firewall so that I can know that I
> have all of them in my network diagram.

You can try nmap -sP [your networks/ips here ]

The command above will show you all the hosts that responded to a ping
or an ACK to port 80.  You can get as complicated with it as you want
if you think they might be running firewall rules to be more stealthy.
Sometimes I like to use:

nmap -sP -PS22,25,53,80,113,31338 -PA80,113,21000 -PU53,19000 -PE -PM -g 53 -oA nmap/netname-scanlog-date 
[netblockstoscan]

If you aren't familiar with any of those options, see
http://www.insecure.org/nmap/data/nmap_manpage.html .

Cheers,
-F


---------------------------------------------------------------------
For help using this (nmap-dev) mailing list, send a blank email to 
nmap-dev-help () insecure org . List run by ezmlm-idx (www.ezmlm.org).