Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

NAP 3.55 SP2 testing

From: "Sean" <news_nospam_ () warnocksolutions com>
Date: Fri, 13 Aug 2004 09:08:43 -0700
    Much better response than before.  Performance is up from previous versions using a syn scan.  I went ahead and ran 
3.55 without the patch and sure enough my SP2 XP box just sits there for what seems like all eternity.  The new patch 
seems to do version scanning correctly and as suspected TCP Connect scans take quite a while to complete.  For 
comparisons I ran two scans against this host (tirpitz, an internal test machine running Windows Server 2003 and a ton 
of services).  Time to complete a SYN scan was around half a second.  The TCP connect scan was still running at over an 
hour when I finally just sent this e-mail.  At this time I would say the TPC connect scan is broken on XP SP2 but 
having the application run at all again under XP is a great place to be.  Thanks for all of the hard work to all of the 
contributors to the app and I whish I could do more than this.

Sean

Just a SYN scan with version scanning:
Starting nmap 3.55-SP2 ( http://www.insecure.org/nmap ) at 2004-08-13 08:0
fic Daylight Time
Host tirpitz.corp.warnocksolutions.com (192.168.200.201) appears to be up
od.
Initiating SYN Stealth Scan against tirpitz.corp.warnocksolutions.com (192
00.201) at 08:02
Adding open port 25/tcp
Adding open port 593/tcp
Adding open port 1067/tcp
Adding open port 42/tcp
Adding open port 53/tcp
Adding open port 8081/tcp
Adding open port 139/tcp
Adding open port 3389/tcp
Adding open port 6002/tcp
Adding open port 3268/tcp
Adding open port 443/tcp
Adding open port 636/tcp
Adding open port 3269/tcp
Adding open port 1433/tcp
Adding open port 691/tcp
Adding open port 6001/tcp
Adding open port 1026/tcp
Adding open port 135/tcp
Adding open port 445/tcp
Adding open port 80/tcp
Adding open port 6004/tcp
Adding open port 1025/tcp
Adding open port 444/tcp
Adding open port 88/tcp
Adding open port 389/tcp
Adding open port 464/tcp
Adding open port 1112/tcp
The SYN Stealth Scan took 0 seconds to scan 1660 ports.
Initiating service scan against 27 services on 1 host at 08:02
The service scan took 91 seconds to scan 27 services on 1 host.
Interesting ports on tirpitz.corp.warnocksolutions.com (192.168.200.201):
(The 1633 ports scanned but not shown below are in state: closed)
PORT     STATE SERVICE          VERSION
25/tcp   open  smtp             Microsoft ESMTP 6.0.3790.0
42/tcp   open  wins             Microsoft Windows Wins
53/tcp   open  domain           Microsoft DNS
80/tcp   open  http             Microsoft IIS webserver 6.0
88/tcp   open  kerberos-sec     Microsoft Windows kerberos-sec
135/tcp  open  msrpc            Microsoft Windows msrpc
139/tcp  open  netbios-ssn
389/tcp  open  ldap             Microsoft LDAP server
443/tcp  open  ssl              Microsoft IIS SSL
444/tcp  open  ssl              Microsoft IIS SSL
445/tcp  open  microsoft-ds     Microsoft Windows 2003 microsoft-ds
464/tcp  open  kpasswd5?
593/tcp  open  http-rpc-epmap?
636/tcp  open  ssl              Microsoft IIS SSL
691/tcp  open  resvc            Microsoft Exchange routing server 6.5.7226

1025/tcp open  msrpc            Microsoft Windows msrpc
1026/tcp open  msrpc            Microsoft Windows msrpc
1067/tcp open  msrpc            Microsoft Windows msrpc
1112/tcp open  msrpc            Microsoft Windows msrpc
1433/tcp open  ms-sql-s?
3268/tcp open  ldap             Microsoft LDAP server
3269/tcp open  ssl              Microsoft IIS SSL
3389/tcp open  microsoft-rdp    Microsoft Terminal Service (Windows 2000 S

6001/tcp open  X11:1?
6002/tcp open  X11:2?
6004/tcp open  X11:4?
8081/tcp open  blackice-icecap?
5 services unrecognized despite returning data. If you know the service/ve
 please submit the following fingerprints at http://www.insecure.org/cgi-b
vicefp-submit.cgi :
==============NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)==============
SF-Port593-TCP:V=3.55-SP2%D=8/13%Time=411CD7FE%P=i686-pc-windows-windows%r
SF:(NULL,E,"ncacn_http/1\.0")%r(GenericLines,E,"ncacn_http/1\.0")%r(GetReq
SF:uest,E,"ncacn_http/1\.0")%r(HTTPOptions,E,"ncacn_http/1\.0")%r(RTSPRequ
SF:est,E,"ncacn_http/1\.0")%r(RPCCheck,E,"ncacn_http/1\.0")%r(DNSVersionBi
SF:ndReq,E,"ncacn_http/1\.0")%r(DNSStatusRequest,E,"ncacn_http/1\.0")%r(He
SF:lp,E,"ncacn_http/1\.0")%r(SSLSessionReq,E,"ncacn_http/1\.0")%r(SMBProgN
SF:eg,26,"ncacn_http/1\.0\x05\0\r\x03\x10\0\0\0\x18\0\0\0\0\x08\x01@\x04\0
SF:\x01\x05\0\0\0\0")%r(X11Probe,E,"ncacn_http/1\.0")%r(LPDString,E,"ncacn
SF:_http/1\.0")%r(LDAPBindReq,E,"ncacn_http/1\.0")%r(LANDesk-RC,E,"ncacn_h
SF:ttp/1\.0")%r(TerminalServer,E,"ncacn_http/1\.0")%r(NCP,E,"ncacn_http/1\
SF:.0")%r(NotesRPC,E,"ncacn_http/1\.0")%r(WMSRequest,E,"ncacn_http/1\.0")%
SF:r(oracle-tns,E,"ncacn_http/1\.0");
==============NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)==============
SF-Port6001-TCP:V=3.55-SP2%D=8/13%Time=411CD804%P=i686-pc-windows-windows%
SF:r(NULL,E,"ncacn_http/1\.0")%r(X11Probe,E,"ncacn_http/1\.0")%r(GenericLi
SF:nes,E,"ncacn_http/1\.0")%r(GetRequest,E,"ncacn_http/1\.0")%r(HTTPOption
SF:s,E,"ncacn_http/1\.0")%r(RTSPRequest,E,"ncacn_http/1\.0")%r(RPCCheck,E,
SF:"ncacn_http/1\.0")%r(DNSVersionBindReq,E,"ncacn_http/1\.0")%r(DNSStatus
SF:Request,E,"ncacn_http/1\.0")%r(Help,E,"ncacn_http/1\.0")%r(SSLSessionRe
SF:q,E,"ncacn_http/1\.0")%r(SMBProgNeg,26,"ncacn_http/1\.0\x05\0\r\x03\x10
SF:\0\0\0\x18\0\0\0\0\x08\x01@\x04\0\x01\x05\0\0\0\0")%r(LPDString,E,"ncac
SF:n_http/1\.0")%r(LDAPBindReq,E,"ncacn_http/1\.0")%r(LANDesk-RC,E,"ncacn_
SF:http/1\.0")%r(TerminalServer,E,"ncacn_http/1\.0")%r(NCP,E,"ncacn_http/1
SF:\.0")%r(NotesRPC,E,"ncacn_http/1\.0")%r(WMSRequest,E,"ncacn_http/1\.0")
SF:%r(oracle-tns,E,"ncacn_http/1\.0");
==============NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)==============
SF-Port6002-TCP:V=3.55-SP2%D=8/13%Time=411CD804%P=i686-pc-windows-windows%
SF:r(NULL,E,"ncacn_http/1\.0")%r(X11Probe,E,"ncacn_http/1\.0")%r(GenericLi
SF:nes,E,"ncacn_http/1\.0")%r(GetRequest,E,"ncacn_http/1\.0")%r(HTTPOption
SF:s,E,"ncacn_http/1\.0")%r(RTSPRequest,E,"ncacn_http/1\.0")%r(RPCCheck,E,
SF:"ncacn_http/1\.0")%r(DNSVersionBindReq,E,"ncacn_http/1\.0")%r(DNSStatus
SF:Request,E,"ncacn_http/1\.0")%r(Help,E,"ncacn_http/1\.0")%r(SSLSessionRe
SF:q,E,"ncacn_http/1\.0")%r(SMBProgNeg,26,"ncacn_http/1\.0\x05\0\r\x03\x10
SF:\0\0\0\x18\0\0\0\0\x08\x01@\x04\0\x01\x05\0\0\0\0")%r(LPDString,E,"ncac
SF:n_http/1\.0")%r(LDAPBindReq,E,"ncacn_http/1\.0")%r(LANDesk-RC,E,"ncacn_
SF:http/1\.0")%r(TerminalServer,E,"ncacn_http/1\.0")%r(NCP,E,"ncacn_http/1
SF:\.0")%r(NotesRPC,E,"ncacn_http/1\.0")%r(WMSRequest,E,"ncacn_http/1\.0")
SF:%r(oracle-tns,E,"ncacn_http/1\.0");
==============NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)==============
SF-Port6004-TCP:V=3.55-SP2%D=8/13%Time=411CD804%P=i686-pc-windows-windows%
SF:r(NULL,E,"ncacn_http/1\.0")%r(X11Probe,E,"ncacn_http/1\.0")%r(GenericLi
SF:nes,E,"ncacn_http/1\.0")%r(GetRequest,E,"ncacn_http/1\.0")%r(HTTPOption
SF:s,E,"ncacn_http/1\.0")%r(RTSPRequest,E,"ncacn_http/1\.0")%r(RPCCheck,E,
SF:"ncacn_http/1\.0")%r(DNSVersionBindReq,E,"ncacn_http/1\.0")%r(DNSStatus
SF:Request,E,"ncacn_http/1\.0")%r(Help,E,"ncacn_http/1\.0")%r(SSLSessionRe
SF:q,E,"ncacn_http/1\.0")%r(SMBProgNeg,26,"ncacn_http/1\.0\x05\0\r\x03\x10
SF:\0\0\0\x18\0\0\0\0\x08\x01@\x04\0\x01\x05\0\0\0\0")%r(LPDString,E,"ncac
SF:n_http/1\.0")%r(LDAPBindReq,E,"ncacn_http/1\.0")%r(LANDesk-RC,E,"ncacn_
SF:http/1\.0")%r(TerminalServer,E,"ncacn_http/1\.0")%r(NCP,E,"ncacn_http/1
SF:\.0")%r(NotesRPC,E,"ncacn_http/1\.0")%r(WMSRequest,E,"ncacn_http/1\.0")
SF:%r(oracle-tns,E,"ncacn_http/1\.0");
==============NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)==============
SF-Port8081-TCP:V=3.55-SP2%D=8/13%Time=411CD80A%P=i686-pc-windows-windows%
SF:r(GetRequest,A5,"HTTP/1\.1\x20503\x20Service\x20Unavailable\r\nContent-
SF:Type:\x20text/html\r\nDate:\x20Fri,\x2013\x20Aug\x202004\x2015:01:10\x2
SF:0GMT\r\nConnection:\x20close\r\nContent-Length:\x2028\r\n\r\n<h1>Servic
SF:e\x20Unavailable</h1>")%r(HTTPOptions,A5,"HTTP/1\.1\x20503\x20Service\x
SF:20Unavailable\r\nContent-Type:\x20text/html\r\nDate:\x20Fri,\x2013\x20A
SF:ug\x202004\x2015:01:15\x20GMT\r\nConnection:\x20close\r\nContent-Length
SF::\x2028\r\n\r\n<h1>Service\x20Unavailable</h1>")%r(RTSPRequest,95,"HTTP
SF:/1\.1\x20400\x20Bad\x20Request\r\nContent-Type:\x20text/html\r\nDate:\x
SF:20Fri,\x2013\x20Aug\x202004\x2015:01:15\x20GMT\r\nConnection:\x20close\
SF:r\nContent-Length:\x2020\r\n\r\n<h1>Bad\x20Request</h1>")%r(RPCCheck,A4
SF:,"HTTP/1\.1\x20400\x20Bad\x20Request\r\nContent-Type:\x20text/html\r\nD
SF:ate:\x20Fri,\x2013\x20Aug\x202004\x2015:01:15\x20GMT\r\nConnection:\x20
SF:close\r\nContent-Length:\x2035\r\n\r\n<h1>Bad\x20Request\x20\(Invalid\x
SF:20Verb\)</h1>")%r(DNSVersionBindReq,A4,"HTTP/1\.1\x20400\x20Bad\x20Requ
SF:est\r\nContent-Type:\x20text/html\r\nDate:\x20Fri,\x2013\x20Aug\x202004
SF:\x2015:01:15\x20GMT\r\nConnection:\x20close\r\nContent-Length:\x2035\r\
SF:n\r\n<h1>Bad\x20Request\x20\(Invalid\x20Verb\)</h1>")%r(DNSStatusReques
SF:t,A4,"HTTP/1\.1\x20400\x20Bad\x20Request\r\nContent-Type:\x20text/html\
SF:r\nDate:\x20Fri,\x2013\x20Aug\x202004\x2015:01:15\x20GMT\r\nConnection:
SF:\x20close\r\nContent-Length:\x2035\r\n\r\n<h1>Bad\x20Request\x20\(Inval
SF:id\x20Verb\)</h1>")%r(Help,A4,"HTTP/1\.1\x20400\x20Bad\x20Request\r\nCo
SF:ntent-Type:\x20text/html\r\nDate:\x20Fri,\x2013\x20Aug\x202004\x2015:01
SF::15\x20GMT\r\nConnection:\x20close\r\nContent-Length:\x2035\r\n\r\n<h1>
SF:Bad\x20Request\x20\(Invalid\x20Verb\)</h1>")%r(SSLSessionReq,A4,"HTTP/1
SF:\.1\x20400\x20Bad\x20Request\r\nContent-Type:\x20text/html\r\nDate:\x20
SF:Fri,\x2013\x20Aug\x202004\x2015:01:15\x20GMT\r\nConnection:\x20close\r\
SF:nContent-Length:\x2035\r\n\r\n<h1>Bad\x20Request\x20\(Invalid\x20Verb\)
SF:</h1>")%r(SMBProgNeg,A4,"HTTP/1\.1\x20400\x20Bad\x20Request\r\nContent-
SF:Type:\x20text/html\r\nDate:\x20Fri,\x2013\x20Aug\x202004\x2015:01:15\x2
SF:0GMT\r\nConnection:\x20close\r\nContent-Length:\x2035\r\n\r\n<h1>Bad\x2
SF:0Request\x20\(Invalid\x20Verb\)</h1>");

Nmap run completed -- 1 IP address (1 host up) scanned in 90.937 seconds

C:\nmap\nmap-3.55-SP2>

Basic SYN scan
Starting nmap 3.55-SP2 ( http://www.insecure.org/nmap ) at 2004-08-13 08:16 Paci
fic Daylight Time
Host tirpitz.corp.warnocksolutions.com (192.168.200.201) appears to be up ... go
od.
Initiating SYN Stealth Scan against tirpitz.corp.warnocksolutions.com (192.168.2
00.201) at 08:16
Adding open port 1025/tcp
Adding open port 53/tcp
Adding open port 88/tcp
Adding open port 42/tcp
Adding open port 1067/tcp
Adding open port 6001/tcp
Adding open port 3389/tcp
Adding open port 135/tcp
Adding open port 1433/tcp
Adding open port 8081/tcp
Adding open port 80/tcp
Adding open port 1112/tcp
Adding open port 389/tcp
Adding open port 139/tcp
Adding open port 691/tcp
Adding open port 25/tcp
Adding open port 636/tcp
Adding open port 6004/tcp
Adding open port 593/tcp
Adding open port 3269/tcp
Adding open port 464/tcp
Adding open port 6002/tcp
Adding open port 443/tcp
Adding open port 3268/tcp
Adding open port 1026/tcp
Adding open port 445/tcp
Adding open port 444/tcp
The SYN Stealth Scan took 0 seconds to scan 1660 ports.
Interesting ports on tirpitz.corp.warnocksolutions.com (192.168.200.201):
(The 1633 ports scanned but not shown below are in state: closed)
PORT     STATE SERVICE
25/tcp   open  smtp
42/tcp   open  nameserver
53/tcp   open  domain
80/tcp   open  http
88/tcp   open  kerberos-sec
135/tcp  open  msrpc
139/tcp  open  netbios-ssn
389/tcp  open  ldap
443/tcp  open  https
444/tcp  open  snpp
445/tcp  open  microsoft-ds
464/tcp  open  kpasswd5
593/tcp  open  http-rpc-epmap
636/tcp  open  ldapssl
691/tcp  open  resvc
1025/tcp open  NFS-or-IIS
1026/tcp open  LSA-or-nterm
1067/tcp open  instl_boots
1112/tcp open  msql
1433/tcp open  ms-sql-s
3268/tcp open  globalcatLDAP
3269/tcp open  globalcatLDAPssl
3389/tcp open  ms-term-serv
6001/tcp open  X11:1
6002/tcp open  X11:2
6004/tcp open  X11:4
8081/tcp open  blackice-icecap

Nmap run completed -- 1 IP address (1 host up) scanned in 0.578 seconds
Previous By Date Next
Previous By Thread Next

Current thread: