Nmap Development mailing list archives

nmap patch: unique list of tcp, udp and protocol ranges

From: William McVey <wam () cisco com>
Date: Wed, 11 Jul 2001 15:22:42 -0400

I was recently surprised to observe that when nmap does a tcp and
udp scan in the same pass, it scans the same list of ports under both
protocols.  This is independent of the tcp or udp specification in the
nmap-services file.  Similarly, when doing a tcp and udp scan of ports
specified with the -p option, each of the specified ports is tcp scanned
then udp scanned.  This is due to a single array being used to store the
"port list".

I've released a patch against nmap-2.54BETA25 (I'd completed my changes
by the time BETA26 came out) which changes the "port list" to a port list
structure containing a list (and a count) of tcp ports numbers to scan,
udp port numbers to scan and IP protocol numbers to scan.  The patch is
available at http://www.networkexploits.com/projects/nmap/

Also included in the patch is an enhanced -p option.  If your port range
contains a 'T:' all ports specified from then on (until another protocol
identifier) are TCP ports to scan.  Similarly, 'U:' will specify a udp
range and 'P:' specifies protocol numbers.  For example:
        
        nmap -sT -sU -p T:1-1024,U:1-22,69,161,2049,31337 localhost

If no T:, U:, or P: flags are associated with the argument to -p, the
program behaves like it always did (the range to all of the port lists
for each protocol type).

There is one bug I know about, which shouldn't be encountered very often.
If you specify a tcp scan and only specify udp ports (or vice versa) via
an nmap-services file or with the -p option, then the scan will hang.
I will be working on squashing this bug soon, but I wanted to release
the patch since it may take me a while to get back to working on nmap.

  -- William

P.S.  I have another patch on the same site that adds a --portfile option
to specify an alternate file other than NMAPDIR/nmap-services to use for 
fast mode (-F).  If this is of use to you, be sure to let Fyodor know so he 
can gauge whether it should be made part of the main nmap distribution.

---------------------------------------------------------------------
For help using this (nmap-dev) mailing list, send a blank email to 
nmap-dev-help () insecure org . List run by ezmlm-idx (www.ezmlm.org).

Current thread:

nmap patch: unique list of tcp, udp and protocol ranges William McVey (Jul 11)
- <Possible follow-ups>
- RE: nmap patch: unique list of tcp, udp and protocol ranges Preston M. Norvell (Jul 19)
  - Re: nmap patch: unique list of tcp, udp and protocol ranges H D Moore (Jul 19)