Nmap Development mailing list archives
Re: Xmas, FIN and NULL-scan
From: "Jay Freeman \(saurik\)" <saurik () saurik com>
Date: Thu, 4 Sep 2003 20:00:12 -0500
Gisle: I _seriously_ doubt it, but I _could_, have broken one of those scans. Have you tried it with 3.30(not so +V-2.99)? I'm sure Fyodor or someone else with more knowledge of those scans will have an easier time helping you if you isolate the added complication of my +V patch (and I, on the flip side, will have an easier time fixing it if I caused it if I know 100% that I did, in fact, cause it, hehe). Sincerely, Jay Freeman (saurik) saurik () saurik com ----- Original Message ----- From: "Gisle Vanem" <giva () bgnett no> To: "Nmap-dev" <nmap-dev () insecure org> Sent: Thursday, September 04, 2003 7:55 PM Subject: Xmas, FIN and NULL-scan
I cannot seem these scans to work on Win-XP using nmap-3.30V+2.99. I have tcpdump running in another console-window, but nothing gets sent. E.g.nmap.exe -P0 -sN -d2 --win_trace -p10-400 router***WinIP*** initializing if tables ***WinIP*** if tables complete :) ***WinIP*** trying to initialize winpcap 2.1 ***WinIP*** winpcap is present ***WinIP*** testing for raw sockets ***WinIP*** rawsock is available ***WinIP*** reading winpcap interface list pcap device: \Device\NPF_{93380695-0E31-456C-9EB0-8802E111C09D} result: physaddr (0x0001800c70b2) matches eth0 ***WinIP*** o.isr00t = 1 Starting nmap 3.30+V ( www.insecure.org/nmap ) at 2003-09-05 00:06 cet The max # of sockets we are using is: 0 10.0.0.1 will use interface 10.0.0.6 Host router (10.0.0.1) appears to be up ... good. Starting super_scan Opening a real raw socket Trying to open eth0 for recieve with winpcap. Packet capture filter: (icmp and dst host 10.0.0.6) or (tcp and src host
10.0.0.1 and dst ho
0.6 and ( dst port 61817 or dst port 61818)) Initiating NULL Scan against router (10.0.0.1) at 00:06 Sending initial query to port 197 So since I'm "root" it should allow this, no? Seems to be trouble with SOCK_RAW under Windows, but the code is impossible to follow. I tried recompiling with 'rawsock_avail = 0' but that only gave some ARP request/replies. Any ideas? --gv --------------------------------------------------------------------- For help using this (nmap-dev) mailing list, send a blank email to nmap-dev-help () insecure org . List run by ezmlm-idx (www.ezmlm.org).
--------------------------------------------------------------------- For help using this (nmap-dev) mailing list, send a blank email to nmap-dev-help () insecure org . List run by ezmlm-idx (www.ezmlm.org).
Current thread:
- Xmas, FIN and NULL-scan Gisle Vanem (Sep 04)
- Re: Xmas, FIN and NULL-scan Jay Freeman (saurik) (Sep 04)