Re: scanning for a specific service with nmap



On Wed, Jul 30, 2008 at 01:39:41AM -0400, Jorge L. Vazquez wrote:
guys I how could I use nmap to scan the network for a specific
server/service without having every single host alive coming back in the
scan but only that machine in which the service is running... for
example, let's say I want to scan the network to find only MSSQL server
which by default uses port 1433, in that case I would use nmap with
something like this...

nmap -sSV -P0 -p T:1433 192.168.10.0/24


this scan eventually will detect the machine that is running the SQL
server, the only problem is that it returns every single host alive,
only that port status is close as it should be expected, but I wonder if
it is possible to only have returned the host running SQL service.

Try switching '-P0' with '-PS 1433' or somethign similar. Instead of
turning off ping and assuming all hosts are alive (-P0 behavior), this
will use port 1433 to test whether or not a host is alive. Of course
it will probably then proceed to re-scan the same port redundantly, but
at least it should get the output you desire.

tim

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Top 5 Common Mistakes in
Securing Web Applications
Get 45 Min Video and PPT Slides

www.cenzic.com/landing/securityfocus/hackinar
------------------------------------------------------------------------



Relevant Pages

  • Re: How to tinc windows 2k client to linux server
    ... on server side or client ... when Ping fails the next step is to try TraceRt ... > a specific and known working service, e.g., a web server from the ... Bogus data received from ciserver (83.65.166.XXX port 655). ...
    (microsoft.public.win2000.networking)
  • RE: ICMP (Ping)
    ... Seeing a webservice that is open or a telnet port would allow most of them ... to zero in on that server. ... Subject: ICMP (Ping) ... How you assume they will attack the network or probe ...
    (Security-Basics)
  • AW: ICMP (Ping)
    ... Nmap ping scans first unless you tell it not to. ... Seeing a webservice that is open or a telnet port would allow most of them ... to zero in on that server. ... How you assume they will attack the network or probe it? ...
    (Security-Basics)
  • RE: Some technical errors
    ... If the SMTP server is not running on port 25 TCP it is not a public ... Manager - Computer Assurance Services BDO Chartered Accountants & ...
    (Security-Basics)
  • Re: Managing "capabilities" for security
    ... default tickets are held by the kernel and can be chosen by the parent ... The default ticket for any particular call is assumed unless the ... than to check that the server address on the ticket is good. ... the kernel had to invoke the RPC if the service port IN YOUR ...
    (comp.arch.embedded)