Nmap Development mailing list archives
nmap -sS localhost hangs (not a DNS or fw problem)
From: Andreas <andreas () conectiva com br>
Date: Tue, 27 Jan 2004 13:56:40 -0200
I was wondering if somebody else saw this too. I just built nmap 3.50 and whenever I syn-scan "localhost" (or 127.0.0.1), nmap just hangs (actually, it takes hours to finish). Scanning other machines on the network works just fine and is quick (a few seconds). A localhost connect scan (-sT) works everytime. tcpdump shows initially a lot of activity, then it all stops: # nmap -sS localhost Starting nmap 3.50 ( http://www.insecure.org/nmap/ ) at 2004-01-27 13:47 BRST # tcpdump -i lo -n tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on lo, link-type EN10MB (Ethernet), capture size 96 bytes 13:47:14.318287 IP 127.0.0.1 > 127.0.0.1: icmp 8: echo request seq 204 13:47:14.318301 IP 127.0.0.1 > 127.0.0.1: icmp 8: echo reply seq 204 13:47:14.318704 IP 127.0.0.1.47794 > 127.0.0.1.80: . ack 3438477342 win 3072 13:47:14.318712 IP 127.0.0.1.80 > 127.0.0.1.47794: R 3438477342:3438477342(0) win 0 13:47:14.628629 IP 127.0.0.1.47770 > 127.0.0.1.1401: S 1644515232:1644515232(0) win 1024 13:47:14.628644 IP 127.0.0.1.1401 > 127.0.0.1.47770: R 0:0(0) ack 1644515233 win 0 13:47:14.628997 IP 127.0.0.1.47770 > 127.0.0.1.239: S 1644515232:1644515232(0) win 3072 (...) 13:47:14.880772 IP 127.0.0.1.47770 > 127.0.0.1.380: S 1644515232:1644515232(0) win 1024 13:47:14.880775 IP 127.0.0.1.380 > 127.0.0.1.47770: R 0:0(0) ack 1644515233 win 0 13:47:14.880980 IP 127.0.0.1.47770 > 127.0.0.1.7003: S 1644515232:1644515232(0) win 1024 13:47:14.880984 IP 127.0.0.1.7003 > 127.0.0.1.47770: R 0:0(0) ack 1644515233 win 0 13:47:14.881203 IP 127.0.0.1.47770 > 127.0.0.1.706: S 1644515232:1644515232(0) win 2048 13:47:14.881206 IP 127.0.0.1.706 > 127.0.0.1.47770: R 0:0(0) ack 1644515233 win 0 (hangs) Curiously, it always stops after the same number of scanned ports: 341 This scan finishes: # nmap -sS localhost -r -p 1-340 This one doesn't (and anyone with more than 340 ports): # nmap -sS localhost -r -p 1-341 Some timing issue? Something to do with raw sockets? I'm running 2.6.1, and this also happens in a 2.4.21 box I have around here, but with a different port number limit, there it's a litter higher (399 ports). But it's different hardware also. --------------------------------------------------------------------- For help using this (nmap-dev) mailing list, send a blank email to nmap-dev-help () insecure org . List archive: http://seclists.org
Current thread:
- nmap -sS localhost hangs (not a DNS or fw problem) Andreas (Jan 27)
- libpcap airam (Jan 27)
- Re: libpcap MadHat (Jan 27)
- libpcap airam (Jan 27)