Running Nmap on Windows

We wrote about Nmap in this article, but this assumed that you were running Nmap on GNU/Linux. There is another version available, now, for Windows. We used nmapwin_1.3.0_src.zip on a Windows 2000 workstation. It is important to scan your network, especially when there is a lot of virus activity. Hopefully before, but we know how things are. 🙂 To protect from Blaster, it is useful to find all machines listening on port 135, for instance.

The installation of Nmap is pretty straightforward. next, next, next, etc. If you get this error saying “Network Packet filter not found. NMapWin needs the WinPCap Packet library/driver”:

nm1

You need to install the network monitor driver:

nm2

You could also try the WinPCap stuff that comes with Nmap, but we used the network monitor driver with no troubles. You don’t even have to reboot! Here is the GUI:

nm3

Here is the output of our scan:

Starting nmap V. 3.00 ( www.insecure.org/nmap )
Interesting ports on  (10.50.100.1):
(The 1598 ports scanned but not shown below are in state: closed)
Port       State       Service
111/tcp    open        sunrpc                  
631/tcp    open        ipp                     
6000/tcp   open        X11                     
Remote OS guesses: Linux Kernel 2.4.0 - 2.5.20, Linux 2.4.19-pre4 on Alpha
Interesting ports on BILLYBOB (10.50.100.2):
(The 1595 ports scanned but not shown below are in state: closed)
Port       State       Service
135/tcp    open        loc-srv                 
139/tcp    open        netbios-ssn             
1025/tcp   open        NFS-or-IIS              
5000/tcp   open        UPnP                    
5800/tcp   open        vnc-http                
5900/tcp   open        vnc                     
Remote operating system guess: Windows 2000/XP/ME
Interesting ports on  (10.50.100.15):
(The 1589 ports scanned but not shown below are in state: closed)
Port       State       Service
13/tcp     open        daytime                 
21/tcp     open        ftp                     
22/tcp     open        ssh                     
25/tcp     open        smtp                    
37/tcp     open        time                    
53/tcp     open        domain                  
80/tcp     open        http                    
111/tcp    open        sunrpc                  
631/tcp    open        ipp                     
838/tcp    open        unknown                 
6000/tcp   open        X11                     
32770/tcp  open        sometimes-rpc3          
Remote operating system guess: Linux Kernel 2.4.0 - 2.5.20
Uptime 35.575 days (since Thu Jul 10 18:00:07 2003)
Warning:  OS detection will be MUCH less reliable because we did not find at 
least 1 open and 1 closed TCP port
All 1601 scanned ports on  (10.50.100.21) are: closed
Remote OS guesses: Linux Kernel 2.4.0 - 2.5.20, Linux 2.4.19-pre4 on Alpha, 
Linux Kernel 2.4.0 - 2.5.20 w/o tcp_timestamps, Gentoo 1.2 linux 
(Kernel 2.4.19-gentoo-rc5), Linux 2.5.25 or Gentoo 1.2 Linux 2.4.19 rc1-rc7), 
Linux 2.4.7 (X86)
Interesting ports on  (10.50.100.22):
(The 1600 ports scanned but not shown below are in state: closed)
Port       State       Service
22/tcp     open        ssh                     
Remote operating system guess: Linux Kernel 2.4.0 - 2.5.20
Uptime 16.453 days (since Tue Jul 29 20:56:41 2003)
Interesting ports on  (10.50.100.51):
(The 1598 ports scanned but not shown below are in state: closed)
Port       State       Service
22/tcp     open        ssh                     
111/tcp    open        sunrpc                  
1024/tcp   open        kdm                     
Remote operating system guess: Linux Kernel 2.4.0 - 2.5.20
Uptime 0.062 days (since Fri Aug 15 06:20:10 2003)
Interesting ports on  (10.50.100.52):
(The 1598 ports scanned but not shown below are in state: closed)
Port       State       Service
22/tcp     open        ssh                     
111/tcp    open        sunrpc                  
1024/tcp   open        kdm                     
Remote operating system guess: Linux Kernel 2.4.0 - 2.5.20
Uptime 0.062 days (since Fri Aug 15 06:19:21 2003)
Interesting ports on  (10.50.100.53):
(The 1597 ports scanned but not shown below are in state: closed)
Port       State       Service
22/tcp     open        ssh                     
111/tcp    open        sunrpc                  
1024/tcp   open        kdm                     
10000/tcp  open        snet-sensor-mgmt        
Remote operating system guess: Linux Kernel 2.4.0 - 2.5.20
Uptime 0.062 days (since Fri Aug 15 06:19:12 2003)
Interesting ports on  (10.50.100.54):
(The 1598 ports scanned but not shown below are in state: closed)
Port       State       Service
22/tcp     open        ssh                     
111/tcp    open        sunrpc                  
1024/tcp   open        kdm                     
Remote operating system guess: Linux Kernel 2.4.0 - 2.5.20
Uptime 0.062 days (since Fri Aug 15 06:19:28 2003)
Interesting ports on CAESAR (10.50.100.66):
(The 1591 ports scanned but not shown below are in state: closed)
Port       State       Service
7/tcp      open        echo                    
9/tcp      open        discard                 
13/tcp     open        daytime                 
17/tcp     open        qotd                    
19/tcp     open        chargen                 
135/tcp    open        loc-srv                 
139/tcp    open        netbios-ssn             
1031/tcp   open        iad2                    
5800/tcp   open        vnc-http                
5900/tcp   open        vnc                     
Remote operating system guess: Microsoft NT 4.0 SP5-SP6
Interesting ports on EPHINY (10.50.100.67):
(The 1592 ports scanned but not shown below are in state: closed)
Port       State       Service
135/tcp    open        loc-srv                 
139/tcp    open        netbios-ssn             
445/tcp    open        microsoft-ds            
1025/tcp   open        NFS-or-IIS              
1026/tcp   open        LSA-or-nterm            
3372/tcp   open        msdtc                   
3389/tcp   open        ms-term-serv            
5800/tcp   open        vnc-http                
5900/tcp   open        vnc                     
Remote operating system guess: Windows Millennium Edition (Me), Win 2000, 
or WinXP
Interesting ports on MEG (10.50.100.68):
(The 1586 ports scanned but not shown below are in state: closed)
Port       State       Service
53/tcp     open        domain                  
88/tcp     open        kerberos-sec            
135/tcp    open        loc-srv                 
139/tcp    open        netbios-ssn             
389/tcp    open        ldap                    
445/tcp    open        microsoft-ds            
464/tcp    open        kpasswd5                
593/tcp    open        http-rpc-epmap          
636/tcp    open        ldapssl                 
1025/tcp   open        NFS-or-IIS              
1026/tcp   open        LSA-or-nterm            
1058/tcp   open        nim                     
3268/tcp   open        globalcatLDAP           
3269/tcp   open        globalcatLDAPssl        
3389/tcp   open        ms-term-serv            
Remote operating system guess: Microsoft Windows.NET Enterprise Server 
(build 3604-3615 beta)
Interesting ports on MONDO (10.50.100.72):
(The 1595 ports scanned but not shown below are in state: closed)
Port       State       Service
22/tcp     open        ssh                     
111/tcp    open        sunrpc                  
139/tcp    open        netbios-ssn             
515/tcp    open        printer                 
799/tcp    open        controlit               
32770/tcp  open        sometimes-rpc3          
Remote operating system guess: Linux Kernel 2.4.0 - 2.5.20
Uptime 32.583 days (since Sun Jul 13 17:49:30 2003)
Warning:  OS detection will be MUCH less reliable because we did not find at 
least 1 open and 1 closed TCP port
All 1601 scanned ports on  (10.50.100.82) are: closed
Remote OS guesses: Linux Kernel 2.4.0 - 2.5.20, Linux 2.4.19-pre4 on Alpha, 
Linux Kernel 2.4.0 - 2.5.20 w/o tcp_timestamps, Gentoo 1.2 linux 
(Kernel 2.4.19-gentoo-rc5), Linux 2.5.25 or Gentoo 1.2 Linux 2.4.19 rc1-rc7), 
Linux 2.4.7 (X86), Linux 2.4.17 on HP 9000 s700, Mac OS 8.5
Host   (10.50.100.255) seems to be a subnet broadcast address 
(returned 10 extra pings). Skipping host.
Nmap run completed -- 255 IP addresses (14 hosts up) scanned in 93 seconds