Learning Nmap Security Network Port Scanner: Service and Application Version Detection Intensity

This is the sixteenth post detailing my notes on Nmap Network Scanning.

Following on from the last Nmap post on service and application version detection, Nmap considers rarity and probes of high rarity are not tried unless the intensity level is changed.

The standard version detection switch -sV is set at default intensity level 7; however, the following options are available.

Setting intensity between 0 – 9: –version-intensity 3

Setting intensity level 2: –version-light

setting intensity level 9: –version-all

Here’s some scan examples performed on the windows portion of my hacking lab which yielded exactly the same results in this instance:

nmap -sV –version-light 192.168.1.79

Starting Nmap 6.25 ( http://nmap.org ) at 2013-07-28 09:22 BST
Nmap scan report for lab.home (192.168.1.79)
Host is up (0.047s latency).
Not shown: 990 closed ports
PORT STATE SERVICE VERSION
21/tcp open ftp Microsoft ftpd
25/tcp open smtp Microsoft ESMTP 6.0.2600.2180
80/tcp open http Microsoft IIS httpd 5.1
135/tcp open msrpc Microsoft Windows RPC
139/tcp open netbios-ssn
443/tcp open https?
445/tcp open microsoft-ds Microsoft Windows XP microsoft-ds
912/tcp open vmware-auth VMware Authentication Daemon 1.0 (Uses VNC, SOAP)
1025/tcp open msrpc Microsoft Windows RPC
1433/tcp open ms-sql-s Microsoft SQL Server 2005 9.00.1399; RTM
MAC Address: 00:0C:76:17:A4:17 (Micro-star International CO.)
Service Info: Host: lab; OS: Windows; CPE: cpe:/o:microsoft:windows

Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 8.78 seconds

And:

nmap -sV –version-all 192.168.1.79

Starting Nmap 6.25 ( http://nmap.org ) at 2013-07-28 09:10 BST
Nmap scan report for lab.home (192.168.1.79)
Host is up (0.0063s latency).
Not shown: 990 closed ports
PORT STATE SERVICE VERSION
21/tcp open ftp Microsoft ftpd
25/tcp open smtp Microsoft ESMTP 6.0.2600.2180
80/tcp open http Microsoft IIS httpd 5.1
135/tcp open msrpc Microsoft Windows RPC
139/tcp open netbios-ssn
443/tcp open https?
445/tcp open microsoft-ds Microsoft Windows XP microsoft-ds
912/tcp open vmware-auth VMware Authentication Daemon 1.0 (Uses VNC, SOAP)
1025/tcp open msrpc Microsoft Windows RPC
1433/tcp open ms-sql-s Microsoft SQL Server 2005 9.00.1399; RTM
MAC Address: 00:0C:76:17:A4:17 (Micro-star International CO.)
Service Info: Host: lab; OS: Windows; CPE: cpe:/o:microsoft:windows

Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 62.62 seconds

Obviously the lighter intensity scan was considerably faster.