Nmap Development mailing list archives
Re: Nmap 4.20 on Mac OS X
From: "Kurt Grutzmacher" <grutz () jingojango net>
Date: Mon, 6 Nov 2006 18:39:14 -0800
$ sudo tcpdump -s 1500 -i en1 host scanme.insecure.org tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on en1, link-type EN10MB (Ethernet), capture size 1500 bytes 17:51:19.793055 IP 192.168.1.101 > scanme.nmap.org: ICMP echo request, id 1722, seq 26044, length 8 17:51:19.793259 IP 192.168.1.101.35918 > scanme.nmap.org.http: . ack 1806637406 win 2048 17:51:19.808150 IP scanme.nmap.org > 192.168.1.101: ICMP echo reply, id 1722, seq 26044, length 8 17:51:20.793436 IP 192.168.1.101 > scanme.nmap.org: ICMP echo request, id 1722, seq 26300, length 8 17:51:20.793582 IP 192.168.1.101.35914 > scanme.nmap.org.http: . ack 2247039390 win 2048 17:51:20.809035 IP scanme.nmap.org > 192.168.1.101: ICMP echo reply, id 1722, seq 26300, length 8 17:51:20.813024 IP scanme.nmap.org.http > 192.168.1.101.35914: R 2247039390:2247039390(0) win 0 $ sudo ./nmap -sS scanme.insecure.org --packet_trace Starting Nmap 4.20ALPHA5 ( http://insecure.org/nmap/ ) at 2006-11-06 17:51 PST SENT (0.0400s) ICMP 192.168.1.101 > 205.217.153.62 Echo request (type=8/code=0) ttl=42 id=34357 iplen=7168 SENT (0.0400s) TCP 192.168.1.101:35918 > 205.217.153.62:80 A ttl=45 id=25921 iplen=10240 seq=3983481182 win=2048 ack=1806637406 SENT (1.0400s) ICMP 192.168.1.101 > 205.217.153.62 Echo request (type=8/code=0) ttl=51 id=44438 iplen=7168 SENT (1.0410s) TCP 192.168.1.101:35914 > 205.217.153.62:80 A ttl=57 id=48556 iplen=10240 seq=3702462878 win=2048 ack=2247039390 Note: Host seems down. If it is really up, but blocking our ping probes, try -P0 Nmap finished: 1 IP address (0 hosts up) scanned in 2.041 seconds When trying against a local device: grutzImac:~/src/nmap/nmap-4.20ALPHA5-compiled grutz$ sudo ./nmap -sS 192.168.1.1 --packet_trace Starting Nmap 4.20ALPHA5 ( http://insecure.org/nmap/ ) at 2006-11-06 18:28 PST SENT (0.0720s) ARP who-has 192.168.1.1 tell 192.168.1.101 SENT (0.1730s) ARP who-has 192.168.1.1 tell 192.168.1.101 Note: Host seems down. If it is really up, but blocking our ping probes, try -P0 Nmap finished: 1 IP address (0 hosts up) scanned in 0.283 seconds I see a lot of change in packet construction within tcpip.cc so I'll start peeking and poking around there to see what's what. Subesquent tests with 4.20ALPHA1 through 4.20ALPHA4 have shown no issues. My previous statement of ALPHA4 having some issues appears to have been isolated as I haven't been able to repeat it. ALPHA4 is definately the last version that worked. _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Nmap 4.20 on Mac OS X Christophe Thil (Nov 06)
- Re: Nmap 4.20 on Mac OS X Fyodor (Nov 06)
- Re: Nmap 4.20 on Mac OS X Hayden Stainsby (Nov 06)
- Re: Nmap 4.20 on Mac OS X Kurt Grutzmacher (Nov 06)
- Re: Nmap 4.20 on Mac OS X Kurt Grutzmacher (Nov 06)
- Re: Nmap 4.20 on Mac OS X Fyodor (Nov 06)
- Re: Nmap 4.20 on Mac OS X Kurt Grutzmacher (Nov 06)
- Re: Nmap 4.20 on Mac OS X doug (Nov 07)
- Re: Nmap 4.20 on Mac OS X Fyodor (Nov 19)
- Re: Nmap 4.20 on Mac OS X Hayden Stainsby (Nov 06)
- Re: Nmap 4.20 on Mac OS X Fyodor (Nov 06)
- <Possible follow-ups>
- Re: Nmap 4.20 on Mac OS X Christophe Thil (Nov 19)