Re: Xmas, FIN and NULL-scan

["Jay Freeman \(saurik\)" <saurik () saurik com>]

Gisle:

I _seriously_ doubt it, but I _could_, have broken one of those scans. Have
you tried it with 3.30(not so +V-2.99)? I'm sure Fyodor or someone else with
more knowledge of those scans will have an easier time helping you if you
isolate the added complication of my +V patch (and I, on the flip side, will
have an easier time fixing it if I caused it if I know 100% that I did, in
fact, cause it, hehe).

Sincerely,
Jay Freeman (saurik)
saurik () saurik com

----- Original Message -----
From: "Gisle Vanem" <giva () bgnett no>
To: "Nmap-dev" <nmap-dev () insecure org>
Sent: Thursday, September 04, 2003 7:55 PM
Subject: Xmas, FIN and NULL-scan


> I cannot seem these scans to work on Win-XP using nmap-3.30V+2.99.
> I have tcpdump running in another console-window, but nothing gets sent.
>
> E.g.
> > nmap.exe -P0 -sN -d2 --win_trace -p10-400 router
> ***WinIP***  initializing if tables
> ***WinIP***  if tables complete :)
> ***WinIP***  trying to initialize winpcap 2.1
> ***WinIP***  winpcap is present
> ***WinIP***  testing for raw sockets
> ***WinIP***  rawsock is available
> ***WinIP***  reading winpcap interface list
> pcap device:  \Device\NPF_{93380695-0E31-456C-9EB0-8802E111C09D}
>  result:       physaddr (0x0001800c70b2) matches eth0
> ***WinIP***  o.isr00t = 1
>
> Starting nmap 3.30+V ( www.insecure.org/nmap ) at 2003-09-05 00:06 cet
> The max # of sockets we are using is: 0
> 10.0.0.1 will use interface 10.0.0.6
> Host router (10.0.0.1) appears to be up ... good.
> Starting super_scan
> Opening a real raw socket
> Trying to open eth0 for recieve with winpcap.
> Packet capture filter: (icmp and dst host 10.0.0.6) or (tcp and src host
10.0.0.1 and dst ho
> 0.6 and ( dst port 61817 or dst port 61818))
> Initiating NULL Scan against router (10.0.0.1) at 00:06
> Sending initial query to port 197
>
> So since I'm "root" it should allow this, no?
>
> Seems to be trouble with SOCK_RAW under Windows, but the code
> is impossible to follow. I tried recompiling with 'rawsock_avail = 0'
> but that only gave some ARP request/replies. Any ideas?
>
> --gv
>
>
>
>
> ---------------------------------------------------------------------
> For help using this (nmap-dev) mailing list, send a blank email to
> nmap-dev-help () insecure org . List run by ezmlm-idx (www.ezmlm.org).


---------------------------------------------------------------------
For help using this (nmap-dev) mailing list, send a blank email to 
nmap-dev-help () insecure org . List run by ezmlm-idx (www.ezmlm.org).