Knowledge Center

How to use the 'nmap' tool to determine which protocols and cipher suites are in use in an ePolicy Orchestrator environment
Technical Articles ID:   KB91115
Last Modified:  4/4/2019


McAfee ePolicy Orchestrator (ePO) 5.10.x, 5.9.x, 5.3.x


When you troubleshoot Secure Sockets Layer (SSL) or Transport Layer Security (TLS) connection issues in an ePO environment, it is helpful to know which protocols and cipher suites are offered by a service or process. This article describes how to use the open-source nmap tool to identify protocols and cipher suites.

The open-source nmap tool can list the cipher suites and protocols that are supported by a process that listens on a given port.

NOTE: The examples below are given for when nmap is run on a Windows system, but it is also available for other operating systems and the command line is the same.
  1. Obtain and install the latest version of nmap at https://nmap.org. The nmap tool does not have to be installed on the same system as the port you want to query, but it must be installed on a system that can connect to the target system.

    Example: If you are troubleshooting connections between an ePO Server and an SQL Server, you do not have to install nmap on the SQL Server itself.

    • ​​It is not recommended to install the full version of nmap on the ePO server or the SQL Server. The full installation using the executable installer includes the npcap packet capture library. The full install creates a new network adaptor which can be used by the ePO server or SQL Server, and can cause disruption with services connecting to those servers. For this reason, McAfee recommends installing the full version of nmap on a separate system that can access the target that you want to scan.
    • If it is not possible to use a separate system, and you must use the ePO server, McAfee recommends installing the command-line version rather than the full install. The command-line version does not install the npcap library automatically. Note that you must install the Visual C++ 2013 Redistributable package from Microsoft.
  2. On the system where you have installed nmap, open a command window as an administrator:
    1. Press the Windows key + R.
    2. In the Run box, type cmd, and then press Ctrl+Shift+Enter.
    3. If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Continue.
  3. Navigate to the folder where nmap is installed. 

    NOTE: The command used by nmap requires the following pieces of information:
    • The host name or IP address of the system that is hosting the service you want to query.
    • The port to connect to, which is the port that the service is listening on.
  4. Run the following command:

    nmap -sV --script ssl-enum-ciphers -p [port] [host_name]

    • [port] is the port to scan
    • [host_name] is the name or IP address of the target system
Example: If you wanted to scan an SQL Server on a system called SQLServer that was listening on port 1433, the command would be:

nmap -sV --script ssl-enum-ciphers -p 1433 SQLServer

The above command scans the relevant port and outputs the results to the command window.

If you want to save the results to a file, you can either cut and paste from the command window, or you can run the command again and redirect the output to a file:

nmap -sV --script ssl-enum-ciphers -p 1433 SQLServer > C:\Ciphers.txt

The above command saves the results to C:\Ciphers.txt. 

Rate this document


This article is available in the following languages:

English United States
Spanish Spain

Glossary of Technical Terms

 Highlight Glossary Terms

Please take a moment to browse our Glossary of Technical Terms.