Nmap Development mailing list archives
Re: Variety of bugs in nmap-4.20
From: "DePriest, Jason R." <jrdepriest () gmail com>
Date: Tue, 19 Jun 2007 12:42:29 -0500
On 6/19/07, Chris Drake <> wrote:
Hi, I'm Running the latest nmap-4.20 built from source on RedHas AS4 update 4 Linux 2.6.9-42.ELsmp #1 SMP Wed Jul 12 23:27:17 EDT 2006 i686 i686 i386 GNU/Linux
I'm running the latest official ALPHA 4.21ALPHA4 built from source on a Debian/GNU Etch system. Linux ebizsrvb 2.6.18-4-686 #1 SMP Wed Apr 18 09:55:10 UTC 2007 i686 GNU/Linux
1. I specifically ask it to send one ICMP echo request, however, it sends none, instead sending only an ARP: # /usr/bin/nmap -n --packet_trace -sP -PE 123.123.252.164 Starting Nmap 4.20 ( http://insecure.org ) at 2007-06-19 14:56 UTC SENT (0.0370s) ARP who-has 123.123.252.164 tell 123.123.252.162 RCVD (0.0390s) ARP reply 123.123.252.164 is-at 00:0C:29:DA:5E:9F Host 123.123.252.164 appears to be up. MAC Address: 00:0C:29:DA:5E:9F (VMware) Nmap finished: 1 IP address (1 host up) scanned in 0.150 seconds # ping 123.123.252.164 PING 123.123.252.164 (123.123.252.164) 56(84) bytes of data. 64 bytes from 123.123.252.164: icmp_seq=0 ttl=64 time=5.16 ms 64 bytes from 123.123.252.164: icmp_seq=1 ttl=64 time=0.717 ms
I cannot recreate this one. jrdepriest@ebizsrvb:~$ sudo nmap -n --packet_trace -sP -PE 10.226.41.224 Password: Starting Nmap 4.21ALPHA4 ( http://insecure.org ) at 2007-06-19 12:26 CDT SENT (0.0910s) ICMP 10.226.24.50 > 10.226.41.224 Echo request (type=8/code=0) ttl=39 id=12539 iplen=28 RCVD (0.0910s) ICMP 10.226.41.224 > 10.226.24.50 Echo reply (type=0/code=0) ttl=127 id=2743 iplen=28 Host 10.226.41.224 appears to be up. Nmap finished: 1 IP address (1 host up) scanned in 0.206 seconds
2. I attempt to send a single UDP packet, but 2a - it sends 2 packets 2b - it parses the --host_timeout switch wrongly (curious: works OK on a "RedHat AS4u4 "full" non-SELinux install, but fails on a vmware RedHat AS4u4 "minimal" SELinux install.) # /usr/bin/nmap -n --packet_trace -P0 -sU -p 53 --host_timeout 5000 --data_length 1 203.123.123.131 host-timeout is given in milliseconds, so you specified less than 15 seconds (0ms). This is allowed but not recommended. Starting Nmap 4.20 ( http://insecure.org ) at 2007-06-19 14:59 UTC SENT (0.0380s) UDP 123.123.252.162:48152 > 203.123.123.131:53 ttl=48 id=52931 iplen=29 SENT (1.0470s) UDP 123.123.252.162:48153 > 203.123.123.131:53 ttl=42 id=51814 iplen=29 Interesting ports on 203.123.123.131: Unable to find nmap-services! Resorting to /etc/services PORT STATE SERVICE 53/udp open|filtered domain Nmap finished: 1 IP address (1 host up) scanned in 2.130 seconds [root@vm4-DidTheyReadIt bin]#
This one on the other hand does the same for me. It correctly recognizes the time as being less than 1500ms or less than 15s, it just displays the time as 0ms in the warning. So cosmetic more than functional. I don't think '--data-length' (Append random data to sent packets) does what you think it does. Try '--max-retries 0'
3. (Cosmetic) It tells me to use -P0 when I'm already using -P0 # /usr/bin/nmap -P0 -n --packet_trace -sP -PE 123.123.252.163 Starting Nmap 4.20 ( http://insecure.org ) at 2007-06-19 14:57 UTC SENT (0.0610s) ARP who-has 123.123.252.163 tell 123.123.252.162 SENT (0.1700s) ARP who-has 123.123.252.163 tell 123.123.252.162 Note: Host seems down. If it is really up, but blocking our ping probes, try -P0 Nmap finished: 1 IP address (0 hosts up) scanned in 0.320 seconds
Dunno about this one. Yes, that is what it does. I usually just ignore that and move on. But it does seem a little wonky to tell you to try what you just did.
Kind Regards, Chris Drake
So, try out 4.21ALPHA4 to get around your first issue. Or get funky and grab the SVN. Hope this helps! -Jason -- NOTICE: This email is being sent in clear-text across the public Internet. Therefore, any attempts to include unenforceable legalese restrictions are ridiculous and pointless. If you can read this, consider yourself authorized (whether I like it or not). _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Variety of bugs in nmap-4.20 Chris Drake (Jun 19)
- Re: Variety of bugs in nmap-4.20 DePriest, Jason R. (Jun 19)
- Re: Variety of bugs in nmap-4.20 Brandon Enright (Jun 19)
- Re[2]: Variety of bugs in nmap-4.20 Chris Drake (Jun 19)
- Re: Variety of bugs in nmap-4.20 Professor Messer (Jun 19)
- Re[2]: Variety of bugs in nmap-4.20 Chris Drake (Jun 19)
- Re: Variety of bugs in nmap-4.20 Professor Messer (Jun 19)
- Re: Variety of bugs in nmap-4.20 Fyodor (Jun 19)
- Re[2]: Variety of bugs in nmap-4.20 Chris Drake (Jun 19)
- Re: Variety of bugs in nmap-4.20 Fyodor (Jun 19)