« Return to Thread: How to detect all windows servers in network
Re: How to detect all windows servers in network
by Brett Cunningham
::
Rate this Message:
I'm not sure what the workstation's OS you'd run the scan on, but if it's a
nix box, grep it! That, or we use OCS Inventory (see:
http://ocsinventory.sourceforge.net/) which works very well.
On 2/20/07, DePriest, Jason R. <jrdepriest@...> wrote:
>
> On 2/20/07, Ankur Konwar wrote:
> >
> > My task is to detect all the windows nt 4.0 and windows 2000/higher
> servers
> > in my WAN. How do I use nmap to detect only these two operating system
> > computers. What ports differentiate windows nt 4.0 and windows
> 2000/higher.
> > is there any way of diffentiating similarily between windows 2000
> servers
> > and windows 2003 servers?
> > Please help
> > Ankur Konwar
> > --
>
> Opps. I just realized you may have been looking for the distinction
> between a Workstation and a Server instead of Windows NT and Windows
> 2k/2k3.
>
> Well... since Workstations almost always run the Server service and
> Servers run the Workstation service, I don't know what to tell you.
>
> I just did a scan against a Windows 2000 Professional workstation and
> a Windows 2000 Server server: nmap -sS -sU -sV -O
> Here are some notable comparisons.
> * Both have 135/tcp, 139/tcp, 445/tcp, and 137/udp
> * Both have 1434/udp with identical signatures, even though one is
> MSDE and the other is full-blown MSSQL.
> * nmap comes to ~almost~ the same conclusion on both for the operating
> system
> Both -
> Device type: general purpose
> Running: Microsoft Windows NT/2K/XP
> TCP Sequence Prediction: Class=truly random
> Difficulty=9999999 (Good luck!)
> IPID Sequence Generation: Incremental
> Service Info: OS: Windows
> 2000 Pro -
> OS details: Microsoft Windows XP Pro SP1/SP2 or 2000 SP4
> 2000 Server -
> OS details: Microsoft Windows 2000 SP4 or XP SP1
> * The Server has port 1031/tcp open and the Pro system does not.
> * The Server has port 3389/tcp open and the Pro system does not. This
> is for remote desktop access and means that I have installed and
> enabled Terminal Services on this server. But not all servers will
> have this enabled and some workstations will have it enabled.
> * The Server has port 427/udp open and the Pro system does not. This
> seems to be a part of IBM Director software.
>
> So you could look for server management software like HP / Compaq
> Insight and IBM Director. But that assumes that every server system
> actually has this type of software installed. You would have to check
> out the sites for the individual server manufacturers and see what
> ports their software can use. You'd need to go back a few revisions,
> too since folks might not keep it updated.
>
> If all of the systems are in a domain and you have domain admin rights
> (or access to them), you could use Microsoft Sysinternals' psinfo tool
> and just query every system looking for those that come back as
> Product Type: Server.
>
> I don't think there is a magical port combination that will yield just
> servers and not workstations.
>
> -Jason
>
> _______________________________________________
> Sent through the nmap-dev mailing list
> http://cgi.insecure.org/mailman/listinfo/nmap-dev
> Archived at http://SecLists.Org
>
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
nix box, grep it! That, or we use OCS Inventory (see:
http://ocsinventory.sourceforge.net/) which works very well.
On 2/20/07, DePriest, Jason R. <jrdepriest@...> wrote:
>
> On 2/20/07, Ankur Konwar wrote:
> >
> > My task is to detect all the windows nt 4.0 and windows 2000/higher
> servers
> > in my WAN. How do I use nmap to detect only these two operating system
> > computers. What ports differentiate windows nt 4.0 and windows
> 2000/higher.
> > is there any way of diffentiating similarily between windows 2000
> servers
> > and windows 2003 servers?
> > Please help
> > Ankur Konwar
> > --
>
> Opps. I just realized you may have been looking for the distinction
> between a Workstation and a Server instead of Windows NT and Windows
> 2k/2k3.
>
> Well... since Workstations almost always run the Server service and
> Servers run the Workstation service, I don't know what to tell you.
>
> I just did a scan against a Windows 2000 Professional workstation and
> a Windows 2000 Server server: nmap -sS -sU -sV -O
> Here are some notable comparisons.
> * Both have 135/tcp, 139/tcp, 445/tcp, and 137/udp
> * Both have 1434/udp with identical signatures, even though one is
> MSDE and the other is full-blown MSSQL.
> * nmap comes to ~almost~ the same conclusion on both for the operating
> system
> Both -
> Device type: general purpose
> Running: Microsoft Windows NT/2K/XP
> TCP Sequence Prediction: Class=truly random
> Difficulty=9999999 (Good luck!)
> IPID Sequence Generation: Incremental
> Service Info: OS: Windows
> 2000 Pro -
> OS details: Microsoft Windows XP Pro SP1/SP2 or 2000 SP4
> 2000 Server -
> OS details: Microsoft Windows 2000 SP4 or XP SP1
> * The Server has port 1031/tcp open and the Pro system does not.
> * The Server has port 3389/tcp open and the Pro system does not. This
> is for remote desktop access and means that I have installed and
> enabled Terminal Services on this server. But not all servers will
> have this enabled and some workstations will have it enabled.
> * The Server has port 427/udp open and the Pro system does not. This
> seems to be a part of IBM Director software.
>
> So you could look for server management software like HP / Compaq
> Insight and IBM Director. But that assumes that every server system
> actually has this type of software installed. You would have to check
> out the sites for the individual server manufacturers and see what
> ports their software can use. You'd need to go back a few revisions,
> too since folks might not keep it updated.
>
> If all of the systems are in a domain and you have domain admin rights
> (or access to them), you could use Microsoft Sysinternals' psinfo tool
> and just query every system looking for those that come back as
> Product Type: Server.
>
> I don't think there is a magical port combination that will yield just
> servers and not workstations.
>
> -Jason
>
> _______________________________________________
> Sent through the nmap-dev mailing list
> http://cgi.insecure.org/mailman/listinfo/nmap-dev
> Archived at http://SecLists.Org
>
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
« Return to Thread: How to detect all windows servers in network
| Free embeddable forum powered by Nabble | Forum Help |
