IPEye

You’ve just learned about two Windows port scanners that have nice graphical interfaces and format information, but they have few stealth options available. IPEye is a command-line port scanner for Windows 2000 and XP that does some of the same TCP stealth scans as nmap, including SYN, FIN, Xmas tree, and null scans. The tool is small, lightweight, free, and available for download from http://ntsecurity.nu/toolbox/ipeye/. Unfortunately, IPEye works only on Windows 2000 and XP.

Implementation

IPEye’s options are similar to those of the other port scanners we’ve covered. You can spread out the timing of your scans as well as your source IP and source port (although no fancy spoofing options are supported).

To show how IPEye compares to other port scanners we’ve covered, we’ll run a scan similar to one we’ve been running throughout the chapter: a SYN scan against 192.168.1.100 on ports 20–80. The execution and output of the command are illustrated here:

IPEye gives us a summary of its activity. It finds the FTP, SSH, Telnet, and web ports open and displays that information in a concise table. It doesn’t include any fancy output options, but IPEye gets the stealth job done. The logs on 192.168.1.100 didn’t show anything.

IPEye also has the ability to specify source addresses and ports using the –sip and –sp options. For added stealth against IDSs, the –d flag lets the user set the delay between port probes. The default is 750 milliseconds.