Doug Vitale Tech Blog

McAfee SuperScan

SuperScan from McAfee is a full-featured network scanner. Like Angry IP Scanner, it does not need to be installed and is initiated by simply launching an executable. Unlike Angry IP Scanner, SuperScan is only available for Windows. SuperScan is designed to test network hosts for open ports and running services.

To launch SuperScan in Vista or Windows 7, you can’t just double-click SuperScan4.exe. You need to right-click this file and choose ‘Run as Administrator’. Then the main SuperScan interface appears.

SuperScan v4.1 main interface

The SuperScan v4.1 main interface

The Host and Service Discovery tab allows you to customize your UDP and TCP port scans. SuperScan supports two basic UDP port scanning methods: Data and Data + ICMP. The Data option sends UDP data packets that solicit replies from services running on well-known ports (port numbers in the range from 0 to 1023). The Data + ICMP option uses the same data probe method. If a port does not respond with an “ICMP Destination Port Unreachable” message, SuperScan treats it as an open port. It generates a test beforehand to see if scanning a known-closed port will generate the message. Note that this method can be prone to false-positives since some systems exhibit ICMP reply throttling.

SuperScan supports two basic TCP port scanning methods: Connect and SYN. The Connect option performs the full standard TCP three-way handshake while the SYN option only sends SYN packets. My Nmap article explains scan types in more detail.

SuperScan v4.1 scan customization features

SuperScan v4.1 scan customization features

The Scan Options tab allows you to specify the number of passes to perform and it also lets you set the timeout value for banner grabbing. If you are using TCP SYN scanning, you can choose which source IP address the packets should use from the Source IP dropdown.

The scan speed slider bar controls how fast the scanner sends out packets

For a less intrusive scan you could set the scan speed slider to a very slow setting if bandwidth usage is a major concern or you could select ‘Randomize IP and port scan order’ to help avoid intrusion detection systems as well as traffic bottlenecks affecting certain hosts.

SuperScan scan options

SuperScan v4.1 scan options

Clicking ‘Options’ in the Windows Enumeration tab will enable you to enter Windows credentials for your scan to use.

SuperScan v4.1 Windows-specific enumeration options

SuperScan v4.1 Windows-specific enumeration options

Recommended reading

If you found the content of this article helpful and want to expand your knowledge further, please consider buying a relevant book or two using the links below. Thanks!

Network Security Assessment on Amazon Network Security Assessment  Network Security Bible on Amazon Network Security Bible

Network Security Auditing on Amazon Network Security Auditing  Security Warrior on Amazon Security Warrior

Written by Doug Vitale

November 3, 2011 at 3:29 PM

%d bloggers like this: