We wrote about Nmap in this article, but this assumed that you were running Nmap on GNU/Linux. There is another version available, now, for Windows. We used nmapwin_1.3.0_src.zip on a Windows 2000 workstation. It is important to scan your network, especially when there is a lot of virus activity. Hopefully before, but we know how things are. 🙂 To protect from Blaster, it is useful to find all machines listening on port 135, for instance.
The installation of Nmap is pretty straightforward. next, next, next, etc. If you get this error saying “Network Packet filter not found. NMapWin needs the WinPCap Packet library/driver”:
You need to install the network monitor driver:
You could also try the WinPCap stuff that comes with Nmap, but we used the network monitor driver with no troubles. You don’t even have to reboot! Here is the GUI:
Here is the output of our scan:
Starting nmap V. 3.00 ( www.insecure.org/nmap ) Interesting ports on (10.50.100.1): (The 1598 ports scanned but not shown below are in state: closed) Port State Service 111/tcp open sunrpc 631/tcp open ipp 6000/tcp open X11 Remote OS guesses: Linux Kernel 2.4.0 - 2.5.20, Linux 2.4.19-pre4 on Alpha Interesting ports on BILLYBOB (10.50.100.2): (The 1595 ports scanned but not shown below are in state: closed) Port State Service 135/tcp open loc-srv 139/tcp open netbios-ssn 1025/tcp open NFS-or-IIS 5000/tcp open UPnP 5800/tcp open vnc-http 5900/tcp open vnc Remote operating system guess: Windows 2000/XP/ME Interesting ports on (10.50.100.15): (The 1589 ports scanned but not shown below are in state: closed) Port State Service 13/tcp open daytime 21/tcp open ftp 22/tcp open ssh 25/tcp open smtp 37/tcp open time 53/tcp open domain 80/tcp open http 111/tcp open sunrpc 631/tcp open ipp 838/tcp open unknown 6000/tcp open X11 32770/tcp open sometimes-rpc3 Remote operating system guess: Linux Kernel 2.4.0 - 2.5.20 Uptime 35.575 days (since Thu Jul 10 18:00:07 2003) Warning: OS detection will be MUCH less reliable because we did not find at least 1 open and 1 closed TCP port All 1601 scanned ports on (10.50.100.21) are: closed Remote OS guesses: Linux Kernel 2.4.0 - 2.5.20, Linux 2.4.19-pre4 on Alpha, Linux Kernel 2.4.0 - 2.5.20 w/o tcp_timestamps, Gentoo 1.2 linux (Kernel 2.4.19-gentoo-rc5), Linux 2.5.25 or Gentoo 1.2 Linux 2.4.19 rc1-rc7), Linux 2.4.7 (X86) Interesting ports on (10.50.100.22): (The 1600 ports scanned but not shown below are in state: closed) Port State Service 22/tcp open ssh Remote operating system guess: Linux Kernel 2.4.0 - 2.5.20 Uptime 16.453 days (since Tue Jul 29 20:56:41 2003) Interesting ports on (10.50.100.51): (The 1598 ports scanned but not shown below are in state: closed) Port State Service 22/tcp open ssh 111/tcp open sunrpc 1024/tcp open kdm Remote operating system guess: Linux Kernel 2.4.0 - 2.5.20 Uptime 0.062 days (since Fri Aug 15 06:20:10 2003) Interesting ports on (10.50.100.52): (The 1598 ports scanned but not shown below are in state: closed) Port State Service 22/tcp open ssh 111/tcp open sunrpc 1024/tcp open kdm Remote operating system guess: Linux Kernel 2.4.0 - 2.5.20 Uptime 0.062 days (since Fri Aug 15 06:19:21 2003) Interesting ports on (10.50.100.53): (The 1597 ports scanned but not shown below are in state: closed) Port State Service 22/tcp open ssh 111/tcp open sunrpc 1024/tcp open kdm 10000/tcp open snet-sensor-mgmt Remote operating system guess: Linux Kernel 2.4.0 - 2.5.20 Uptime 0.062 days (since Fri Aug 15 06:19:12 2003) Interesting ports on (10.50.100.54): (The 1598 ports scanned but not shown below are in state: closed) Port State Service 22/tcp open ssh 111/tcp open sunrpc 1024/tcp open kdm Remote operating system guess: Linux Kernel 2.4.0 - 2.5.20 Uptime 0.062 days (since Fri Aug 15 06:19:28 2003) Interesting ports on CAESAR (10.50.100.66): (The 1591 ports scanned but not shown below are in state: closed) Port State Service 7/tcp open echo 9/tcp open discard 13/tcp open daytime 17/tcp open qotd 19/tcp open chargen 135/tcp open loc-srv 139/tcp open netbios-ssn 1031/tcp open iad2 5800/tcp open vnc-http 5900/tcp open vnc Remote operating system guess: Microsoft NT 4.0 SP5-SP6 Interesting ports on EPHINY (10.50.100.67): (The 1592 ports scanned but not shown below are in state: closed) Port State Service 135/tcp open loc-srv 139/tcp open netbios-ssn 445/tcp open microsoft-ds 1025/tcp open NFS-or-IIS 1026/tcp open LSA-or-nterm 3372/tcp open msdtc 3389/tcp open ms-term-serv 5800/tcp open vnc-http 5900/tcp open vnc Remote operating system guess: Windows Millennium Edition (Me), Win 2000, or WinXP Interesting ports on MEG (10.50.100.68): (The 1586 ports scanned but not shown below are in state: closed) Port State Service 53/tcp open domain 88/tcp open kerberos-sec 135/tcp open loc-srv 139/tcp open netbios-ssn 389/tcp open ldap 445/tcp open microsoft-ds 464/tcp open kpasswd5 593/tcp open http-rpc-epmap 636/tcp open ldapssl 1025/tcp open NFS-or-IIS 1026/tcp open LSA-or-nterm 1058/tcp open nim 3268/tcp open globalcatLDAP 3269/tcp open globalcatLDAPssl 3389/tcp open ms-term-serv Remote operating system guess: Microsoft Windows.NET Enterprise Server (build 3604-3615 beta) Interesting ports on MONDO (10.50.100.72): (The 1595 ports scanned but not shown below are in state: closed) Port State Service 22/tcp open ssh 111/tcp open sunrpc 139/tcp open netbios-ssn 515/tcp open printer 799/tcp open controlit 32770/tcp open sometimes-rpc3 Remote operating system guess: Linux Kernel 2.4.0 - 2.5.20 Uptime 32.583 days (since Sun Jul 13 17:49:30 2003) Warning: OS detection will be MUCH less reliable because we did not find at least 1 open and 1 closed TCP port All 1601 scanned ports on (10.50.100.82) are: closed Remote OS guesses: Linux Kernel 2.4.0 - 2.5.20, Linux 2.4.19-pre4 on Alpha, Linux Kernel 2.4.0 - 2.5.20 w/o tcp_timestamps, Gentoo 1.2 linux (Kernel 2.4.19-gentoo-rc5), Linux 2.5.25 or Gentoo 1.2 Linux 2.4.19 rc1-rc7), Linux 2.4.7 (X86), Linux 2.4.17 on HP 9000 s700, Mac OS 8.5 Host (10.50.100.255) seems to be a subnet broadcast address (returned 10 extra pings). Skipping host. Nmap run completed -- 255 IP addresses (14 hosts up) scanned in 93 seconds |
