3.45 corrupting 3.00 results - Win2k command line version.

["Nathan" <nathan.grandbois () cerdant com>]

The Windows release of version 3.45 isn't working for me. I don't know why
but here is what happens. It is reporting all ports as filtered. I've used
version 3.00 for a while and it worked great. Now that doesn't work either.
Below I have scanned a machine on my internal network for the netbios ports,
nmap 3.00 now reports them as filtered. I then nc to those ports to prove
they are open. I then FTP to a site to get the banner, run nmap 3.45 which
tells me it is filtered.
Version 3.00 was working fine until I ran 3.45. I did choose the registry
update for 3.45. My system is a win2k pro with all the latest
patches/service packs. If you need any more information/test results let me
know and I'll get them to you. If this email address is not where I should
be sending this, please direct me to the correct one.

Thank you very much!
Nathan


C:\Tools\NMapWin\bin>nmap -sS -P0 -v -v -debug -T Normal -p 135-139
192.168.110.199

Starting nmap V. 3.00 ( www.insecure.org/nmap )
The first host is 192, and the last one is 192
The first host is 168, and the last one is 168
The first host is 110, and the last one is 110
The first host is 199, and the last one is 199
Host CERDANT1 (192.168.110.199) appears to be up ... good.
Starting pos_scan (SYN Stealth Scan)
Packet capture filter: dst host 192.168.110.10 and (icmp or (tcp and src
host 192.168.110.199))
Initiating SYN Stealth Scan against CERDANT1 (192.168.110.199)
Moving port or prog 139 to the potentially firewalled list
Moving port or prog 137 to the potentially firewalled list
Moving port or prog 136 to the potentially firewalled list
Moving port or prog 135 to the potentially firewalled list
Moving port or prog 138 to the potentially firewalled list
Preparing for retry, nonresponsive port 138 noted
Preparing for retry, nonresponsive port 135 noted
Preparing for retry, nonresponsive port 136 noted
Preparing for retry, nonresponsive port 137 noted
Preparing for retry, nonresponsive port 139 noted
Done with round 1
Moving port or prog 138 to the potentially firewalled list
Moving port or prog 135 to the potentially firewalled list
Moving port or prog 136 to the potentially firewalled list
Moving port or prog 137 to the potentially firewalled list
Moving port or prog 139 to the potentially firewalled list
Done with round 2
The SYN Stealth Scan took 36 seconds to scan 5 ports.
Interesting ports on CERDANT1 (192.168.110.199):
Port       State       Service
135/tcp    filtered    msrpc
136/tcp    filtered    profile
137/tcp    filtered    netbios-ns
138/tcp    filtered    netbios-dgm
139/tcp    filtered    netbios-ssn
Final times for host: srtt: -1 rttvar: -1  to: 6000000

Nmap run completed -- 1 IP address (1 host up) scanned in 38 seconds

C:\Tools\NMapWin\bin>cd ..

C:\Tools\NMapWin>cd ..

C:\Tools>cd netcat

C:\Tools\netcat>nc -v -v 192.168.110.199 135
CERDANT1 [192.168.110.199] 135 (epmap) open
^C
C:\Tools\netcat>nc -v -v 192.168.110.199 137
CERDANT1 [192.168.110.199] 137 (netbios-ns): connection refused
sent 0, rcvd 0: NOTSOCK

C:\Tools\netcat>nc -v -v 192.168.110.199 139
CERDANT1 [192.168.110.199] 139 (netbios-ssn) open
^C
C:\Tools\netcat>nc -v -v 192.168.110.199 138
CERDANT1 [192.168.110.199] 138 (?): connection refused
sent 0, rcvd 0: NOTSOCK

C:\Tools\netcat>
C:\Tools\netcat>ftp 63.216.25.131
Connected to 63.216.25.131.
220-
220- ftp.nai.com FTP server (SFTPD)
220
User (63.216.25.131:(none)): ^C
C:\Tools\netcat>nmap -sS -sV -P0 -p 21 -v -v -debug --version_trace
63.216.25.131
***WinIP***  winpcap is present
***WinIP***  rawsock is available

Starting nmap 3.45 ( http://www.insecure.org/nmap ) at 2003-09-18 15:03
Eastern Daylight Time
The max # of sockets we are using is: 0
The first host is 63, and the last one is 63
The first host is 216, and the last one is 216
The first host is 25, and the last one is 25
The first host is 131, and the last one is 131
63.216.25.131 will use interface 192.168.110.10
Host 63-216-25-131.sdsl.cais.net (63.216.25.131) appears to be up ... good.
Starting pos_scan (SYN Stealth Scan)
Opening a real raw socket
Trying to open eth1 for recieve with winpcap.
Packet capture filter: dst host 192.168.110.10 and (icmp or (tcp and src
host 63.216.25.131))
Initiating SYN Stealth Scan against 63-216-25-131.sdsl.cais.net
(63.216.25.131) at 15:03
Ideal number of queries: 30 outstanding: 1 max 150 ports_left 1 timeout
6000000 senddelay: 0us
Ideal number of queries: 30 outstanding: 1 max 150 ports_left 1 timeout
6000000 senddelay: 0us
Ideal number of queries: 30 outstanding: 1 max 150 ports_left 1 timeout
6000000 senddelay: 0us
Ideal number of queries: 30 outstanding: 0 max 150 ports_left 1 timeout
6000000 senddelay: 0us
Finished round #1. Current stats: numqueries_ideal: 30; min_width: 1;
max_width: 150; packet_incr: 4; senddelay: 0us; fa
llback: 70%
Ideal number of queries: 30 outstanding: 1 max 150 ports_left 1 timeout
6000000 senddelay: 0us
Ideal number of queries: 30 outstanding: 1 max 150 ports_left 1 timeout
6000000 senddelay: 0us
Ideal number of queries: 30 outstanding: 1 max 150 ports_left 1 timeout
6000000 senddelay: 0us
Ideal number of queries: 30 outstanding: 0 max 150 ports_left 1 timeout
6000000 senddelay: 0us
Adding filtered port 21/tcp
Finished round #2. Current stats: numqueries_ideal: 30; min_width: 1;
max_width: 150; packet_incr: 4; senddelay: 0us; fa
llback: 70%
The SYN Stealth Scan took 36 seconds to scan 1 ports.
Fetchfile found C:\tools\NMap\/nmap-service-probes

Interesting ports on 63-216-25-131.sdsl.cais.net (63.216.25.131):
Fetchfile found C:\tools\NMap\/nmap-services

PORT   STATE    SERVICE VERSION
21/tcp filtered ftp
Final times for host: srtt: -1 rttvar: -1  to: 6000000

Nmap run completed -- 1 IP address (1 host up) scanned in 36.793 seconds

C:\Tools\netcat>


---------------------------------------------------------------------
For help using this (nmap-dev) mailing list, send a blank email to 
nmap-dev-help () insecure org . List run by ezmlm-idx (www.ezmlm.org).