Nmap Announce mailing list archives

Re: Nmap 2.30BETA20 Released

From: Andrew Brown <atatat () atatdot net>
Date: Thu, 20 Apr 2000 19:21:31 -0400

I am pleased to announce that Nmap 2.30BETA20 has been released.  It
contains a few bugfixes and is a stable release candidate.  I plan to
release the next stable version within a week.  It may just be 2.30BETA20
with the version number changed.  So try it out and let me know if you 
find any problems.


hopefully you're not too close to actually cutting the release that
you can't roll in one nifty new feature.

attached is a patch that allows nmap to detect cisco equipment in a
way similar to a syn scan.  here's a demo:

# ./nmap -sC 204.17.3.0/24

Starting nmap V. 2.30BETA20 by fyodor () insecure org ( www.insecure.org/nmap/ )
Host   (204.17.3.0) seems to be a subnet broadcast address (returned 25 extra pings).  Still scanning it.
Host  (204.17.3.1) appears to be a cisco.
Host  (204.17.3.47) appears to be a cisco.
Host   (204.17.3.255) seems to be a subnet broadcast address (returned 25 extra pings).  Still scanning it.
Nmap run completed -- 256 IP addresses (68 hosts up) scanned in 7 seconds

i mainly hacked it in around the syn scan code, but with only one port
in mind: 1999/tcp.  cisco's will usually not have any processes
listening on this port and will respond with the expected reset
packet.  the trick is that ciscos put six bytes of data (that are not
accounted for in the ip packet length or tcp data length numbers) at
the end of the reset packet that say "cisco\0".

there's also a small patch to services.c to ignore a couple of
protocol types sometimes found in /etc/services that nmap doesn't
handle (reducing the number of complaints when running it with a few
-d's).

i'd also like to suggest that you distribute the "massive" services
file that i've been maintaining for a year or so at

    http://www.graffiti.com/services

as the nmap-services file.  it's basically a large merge of the iana
port-numbers list and the services files from solaris, the bsds, a few
linuxes, and some submissions i've gotten, giving a really nice big
list.  it's really good for scanning *everything*.  :)

-- 
|-----< "CODE WARRIOR" >-----|
codewarrior () daemon org             * "ah!  i see you have the internet
twofsonet () graffiti com (Andrew Brown)                that goes *ping*!"
andrew () crossbar com       * "information is power -- share the wealth."

Attachment: nmap-2.30BETA20.patch
Description:

Current thread:

Nmap 2.30BETA20 Released Fyodor (Apr 10)
- Re: Nmap 2.30BETA20 Released nmap-hackers (Apr 13)
- Re: Nmap 2.30BETA20 Released Andrew Brown (Apr 20)
  - Re: Nmap 2.30BETA20 Released Max Vision (Apr 21)
    - Re: Nmap 2.30BETA20 Released Jeffrey Paul (Apr 21)
    - Re: Nmap 2.30BETA20 Released Max Vision (Apr 21)
    - Re: Nmap 2.30BETA20 Released Andrew Brown (Apr 21)
  - Re: Nmap 2.30BETA20 Released Justin (Apr 21)
    - Re: Nmap 2.30BETA20 Released Andrew Brown (Apr 21)
    - Re: Nmap 2.30BETA20 Released Dragos Ruiu (Apr 21)
  - Re: Nmap 2.30BETA20 Released Fyodor (Apr 22)
- <Possible follow-ups>
- Re: Nmap 2.30BETA20 Released Alek O. Komarnitsky (N-CSC) (Apr 21)