Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Update Re: Nmap 3.94ALPHA1 Windows XP SP2 - possible nsock issues in service scan

From: kx <kxmail () gmail com>
Date: Mon, 5 Dec 2005 18:55:58 -0500
nsock successfully connects on Windows if a connect scan is used
instead of a syn scan.  I know with a connect scan, no pcap descriptor
is opened:

scan_engine.cc
  if (USI->scantype == CONNECT_SCAN)
    return; /* No sniffer needed! */

Is it possible that the opening of the pcap descriptor is affecting
normal socket connect calls in nsock on Windows, even though the pcap
descriptor is closed in the USI destructor?

Again, nsock is having no trouble sending the SYN, but seems to be
unable to recognized the returned SYN/ACK.

Just curious if anyone has any ideas.

Cheers,
  kx

On 12/2/05, kx <kxmail () gmail com> wrote:

I was getting different results with Linux vs Windows when trying to
match the admin webserver for my Linksys router:

nmap -P0 -sSV -p80 -v -v 192.168.1.1 -packet_trace -d9

Linux gives:

80/tcp open  http    Linksys router web admin server (device model
BEFSR41/BEFSR11/BEFSRU31)

But on Windows, it finds the port on the initial SYN scan, then fails
to connect:

(below)

Using ethereal, I can verify that my router is sending SYN/ACK packets
back to my Windows box, but from there I am stumped.

Any suggestions for the best way to debug this?

Thanks,
 kx

Windows:

Initiating service scan against 1 service on 192.168.1.1 at 01:06
Starting probes against new service: 192.168.1.1:80 (tcp)
NSOCK (0.4690s) TCP connection requested to 192.168.1.1:80 (IOD #1) EID 8
NSOCK (0.4690s) nsock_loop() started (no timeout). 1 events pending
NSOCK (5.4690s) Callback: CONNECT TIMEOUT for EID 8 [192.168.1.1:80]
Got nsock CONNECT response with status TIMEOUT - aborting this service
The service scan took 5.00s to scan 1 service on 1 host.

For contrast, here is the successful linux trace:

Initiating service scan against 1 service on 192.168.1.1 at 00:51
Starting probes against new service: 192.168.1.1:80 (tcp)
NSOCK (0.1540s) TCP connection requested to 192.168.1.1:80 (IOD #1) EID 8
NSOCK (0.1550s) nsock_loop() started (no timeout). 1 events pending
NSOCK (0.1560s) Callback: CONNECT SUCCESS for EID 8 [192.168.1.1:80]
NSOCK (0.1560s) Read request from IOD #1 [192.168.1.1:80] (timeout:
6000ms) EID 18
NSOCK (6.1550s) Callback: READ TIMEOUT for EID 18 [192.168.1.1:80]
NSOCK (6.1550s) Write request for 18 bytes to IOD #1 EID 27
[192.168.1.1:80]: GET / HTTP/1.0....
NSOCK (6.1550s) Read request from IOD #1 [192.168.1.1:80] (timeout:
5000ms) EID 34
NSOCK (6.1560s) Callback: WRITE SUCCESS for EID 27 [192.168.1.1:80]
NSOCK (6.1670s) Callback: READ SUCCESS for EID 34 [192.168.1.1:80] (547 bytes)
Service scan match (Probe GetRequest matched with GetRequest):
192.168.1.1:80 is http.  Version: |Linksys router web admin
server||device model BEFSR41/BEFSR11/BEFSRU31|
The service scan took 6.02s to scan 1 service on 1 host.




_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Previous By Date Next
Previous By Thread Next

Current thread: