Running Nmap on Windows
We wrote about Nmap in this article, but this assumed that you were running Nmap on GNU/Linux. There is another version available, now, for Windows. We used nmapwin_1.3.0_src.zip on a Windows 2000 workstation. It is important to scan your network, especially when there is a lot of virus activity. Hopefully before, but we know how things are. :) To protect from Blaster, it is useful to find all machines listening on port 135, for instance.
The installation of Nmap is pretty straightforward. next, next, next, etc. If you get this error saying "Network Packet filter not found. NMapWin needs the WinPCap Packet library/driver":
You need to install the network monitor driver:
You could also try the WinPCap stuff that comes with Nmap, but we used the network monitor driver with no troubles. You don't even have to reboot! Here is the GUI:
Here is the output of our scan:
Starting nmap V. 3.00 ( www.insecure.org/nmap )
Interesting ports on (10.50.100.1):
(The 1598 ports scanned but not shown below are in state: closed)
Port State Service
111/tcp open sunrpc
631/tcp open ipp
6000/tcp open X11
Remote OS guesses: Linux Kernel 2.4.0 - 2.5.20, Linux 2.4.19-pre4 on Alpha
Interesting ports on BILLYBOB (10.50.100.2):
(The 1595 ports scanned but not shown below are in state: closed)
Port State Service
135/tcp open loc-srv
139/tcp open netbios-ssn
1025/tcp open NFS-or-IIS
5000/tcp open UPnP
5800/tcp open vnc-http
5900/tcp open vnc
Remote operating system guess: Windows 2000/XP/ME
Interesting ports on (10.50.100.15):
(The 1589 ports scanned but not shown below are in state: closed)
Port State Service
13/tcp open daytime
21/tcp open ftp
22/tcp open ssh
25/tcp open smtp
37/tcp open time
53/tcp open domain
80/tcp open http
111/tcp open sunrpc
631/tcp open ipp
838/tcp open unknown
6000/tcp open X11
32770/tcp open sometimes-rpc3
Remote operating system guess: Linux Kernel 2.4.0 - 2.5.20
Uptime 35.575 days (since Thu Jul 10 18:00:07 2003)
Warning: OS detection will be MUCH less reliable because we did not find at
least 1 open and 1 closed TCP port
All 1601 scanned ports on (10.50.100.21) are: closed
Remote OS guesses: Linux Kernel 2.4.0 - 2.5.20, Linux 2.4.19-pre4 on Alpha,
Linux Kernel 2.4.0 - 2.5.20 w/o tcp_timestamps, Gentoo 1.2 linux
(Kernel 2.4.19-gentoo-rc5), Linux 2.5.25 or Gentoo 1.2 Linux 2.4.19 rc1-rc7),
Linux 2.4.7 (X86)
Interesting ports on (10.50.100.22):
(The 1600 ports scanned but not shown below are in state: closed)
Port State Service
22/tcp open ssh
Remote operating system guess: Linux Kernel 2.4.0 - 2.5.20
Uptime 16.453 days (since Tue Jul 29 20:56:41 2003)
Interesting ports on (10.50.100.51):
(The 1598 ports scanned but not shown below are in state: closed)
Port State Service
22/tcp open ssh
111/tcp open sunrpc
1024/tcp open kdm
Remote operating system guess: Linux Kernel 2.4.0 - 2.5.20
Uptime 0.062 days (since Fri Aug 15 06:20:10 2003)
Interesting ports on (10.50.100.52):
(The 1598 ports scanned but not shown below are in state: closed)
Port State Service
22/tcp open ssh
111/tcp open sunrpc
1024/tcp open kdm
Remote operating system guess: Linux Kernel 2.4.0 - 2.5.20
Uptime 0.062 days (since Fri Aug 15 06:19:21 2003)
Interesting ports on (10.50.100.53):
(The 1597 ports scanned but not shown below are in state: closed)
Port State Service
22/tcp open ssh
111/tcp open sunrpc
1024/tcp open kdm
10000/tcp open snet-sensor-mgmt
Remote operating system guess: Linux Kernel 2.4.0 - 2.5.20
Uptime 0.062 days (since Fri Aug 15 06:19:12 2003)
Interesting ports on (10.50.100.54):
(The 1598 ports scanned but not shown below are in state: closed)
Port State Service
22/tcp open ssh
111/tcp open sunrpc
1024/tcp open kdm
Remote operating system guess: Linux Kernel 2.4.0 - 2.5.20
Uptime 0.062 days (since Fri Aug 15 06:19:28 2003)
Interesting ports on CAESAR (10.50.100.66):
(The 1591 ports scanned but not shown below are in state: closed)
Port State Service
7/tcp open echo
9/tcp open discard
13/tcp open daytime
17/tcp open qotd
19/tcp open chargen
135/tcp open loc-srv
139/tcp open netbios-ssn
1031/tcp open iad2
5800/tcp open vnc-http
5900/tcp open vnc
Remote operating system guess: Microsoft NT 4.0 SP5-SP6
Interesting ports on EPHINY (10.50.100.67):
(The 1592 ports scanned but not shown below are in state: closed)
Port State Service
135/tcp open loc-srv
139/tcp open netbios-ssn
445/tcp open microsoft-ds
1025/tcp open NFS-or-IIS
1026/tcp open LSA-or-nterm
3372/tcp open msdtc
3389/tcp open ms-term-serv
5800/tcp open vnc-http
5900/tcp open vnc
Remote operating system guess: Windows Millennium Edition (Me), Win 2000,
or WinXP
Interesting ports on MEG (10.50.100.68):
(The 1586 ports scanned but not shown below are in state: closed)
Port State Service
53/tcp open domain
88/tcp open kerberos-sec
135/tcp open loc-srv
139/tcp open netbios-ssn
389/tcp open ldap
445/tcp open microsoft-ds
464/tcp open kpasswd5
593/tcp open http-rpc-epmap
636/tcp open ldapssl
1025/tcp open NFS-or-IIS
1026/tcp open LSA-or-nterm
1058/tcp open nim
3268/tcp open globalcatLDAP
3269/tcp open globalcatLDAPssl
3389/tcp open ms-term-serv
Remote operating system guess: Microsoft Windows.NET Enterprise Server
(build 3604-3615 beta)
Interesting ports on MONDO (10.50.100.72):
(The 1595 ports scanned but not shown below are in state: closed)
Port State Service
22/tcp open ssh
111/tcp open sunrpc
139/tcp open netbios-ssn
515/tcp open printer
799/tcp open controlit
32770/tcp open sometimes-rpc3
Remote operating system guess: Linux Kernel 2.4.0 - 2.5.20
Uptime 32.583 days (since Sun Jul 13 17:49:30 2003)
Warning: OS detection will be MUCH less reliable because we did not find at
least 1 open and 1 closed TCP port
All 1601 scanned ports on (10.50.100.82) are: closed
Remote OS guesses: Linux Kernel 2.4.0 - 2.5.20, Linux 2.4.19-pre4 on Alpha,
Linux Kernel 2.4.0 - 2.5.20 w/o tcp_timestamps, Gentoo 1.2 linux
(Kernel 2.4.19-gentoo-rc5), Linux 2.5.25 or Gentoo 1.2 Linux 2.4.19 rc1-rc7),
Linux 2.4.7 (X86), Linux 2.4.17 on HP 9000 s700, Mac OS 8.5
Host (10.50.100.255) seems to be a subnet broadcast address
(returned 10 extra pings). Skipping host.
Nmap run completed -- 255 IP addresses (14 hosts up) scanned in 93 seconds
|
|
|