Nmap Development mailing list archives
Update Re: Nmap 3.94ALPHA1 Windows XP SP2 - possible nsock issues in service scan
From: kx <kxmail () gmail com>
Date: Mon, 5 Dec 2005 18:55:58 -0500
nsock successfully connects on Windows if a connect scan is used instead of a syn scan. I know with a connect scan, no pcap descriptor is opened: scan_engine.cc if (USI->scantype == CONNECT_SCAN) return; /* No sniffer needed! */ Is it possible that the opening of the pcap descriptor is affecting normal socket connect calls in nsock on Windows, even though the pcap descriptor is closed in the USI destructor? Again, nsock is having no trouble sending the SYN, but seems to be unable to recognized the returned SYN/ACK. Just curious if anyone has any ideas. Cheers, kx On 12/2/05, kx <kxmail () gmail com> wrote:
I was getting different results with Linux vs Windows when trying to match the admin webserver for my Linksys router: nmap -P0 -sSV -p80 -v -v 192.168.1.1 -packet_trace -d9 Linux gives: 80/tcp open http Linksys router web admin server (device model BEFSR41/BEFSR11/BEFSRU31) But on Windows, it finds the port on the initial SYN scan, then fails to connect: (below) Using ethereal, I can verify that my router is sending SYN/ACK packets back to my Windows box, but from there I am stumped. Any suggestions for the best way to debug this? Thanks, kx Windows: Initiating service scan against 1 service on 192.168.1.1 at 01:06 Starting probes against new service: 192.168.1.1:80 (tcp) NSOCK (0.4690s) TCP connection requested to 192.168.1.1:80 (IOD #1) EID 8 NSOCK (0.4690s) nsock_loop() started (no timeout). 1 events pending NSOCK (5.4690s) Callback: CONNECT TIMEOUT for EID 8 [192.168.1.1:80] Got nsock CONNECT response with status TIMEOUT - aborting this service The service scan took 5.00s to scan 1 service on 1 host. For contrast, here is the successful linux trace: Initiating service scan against 1 service on 192.168.1.1 at 00:51 Starting probes against new service: 192.168.1.1:80 (tcp) NSOCK (0.1540s) TCP connection requested to 192.168.1.1:80 (IOD #1) EID 8 NSOCK (0.1550s) nsock_loop() started (no timeout). 1 events pending NSOCK (0.1560s) Callback: CONNECT SUCCESS for EID 8 [192.168.1.1:80] NSOCK (0.1560s) Read request from IOD #1 [192.168.1.1:80] (timeout: 6000ms) EID 18 NSOCK (6.1550s) Callback: READ TIMEOUT for EID 18 [192.168.1.1:80] NSOCK (6.1550s) Write request for 18 bytes to IOD #1 EID 27 [192.168.1.1:80]: GET / HTTP/1.0.... NSOCK (6.1550s) Read request from IOD #1 [192.168.1.1:80] (timeout: 5000ms) EID 34 NSOCK (6.1560s) Callback: WRITE SUCCESS for EID 27 [192.168.1.1:80] NSOCK (6.1670s) Callback: READ SUCCESS for EID 34 [192.168.1.1:80] (547 bytes) Service scan match (Probe GetRequest matched with GetRequest): 192.168.1.1:80 is http. Version: |Linksys router web admin server||device model BEFSR41/BEFSR11/BEFSRU31| The service scan took 6.02s to scan 1 service on 1 host.
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev
Current thread:
- Update Re: Nmap 3.94ALPHA1 Windows XP SP2 - possible nsock issues in service scan kx (Dec 05)