Nmap Development mailing list archives
-sT on windows
From: jah <jah () zadkiel plus com>
Date: Sat, 08 Dec 2007 22:59:36 +0000
The ref guide says: --send-eth (Use raw ethernet sending) .... By default, Nmap chooses the one [ip or eth] which is generally best for the platform it is running on ... Does this still hold true? I'm getting the following when I specify -sT: C:\>nmap -sT -p135 192.168.1.1 -d10 --log-errors -n -PN ***WinIP*** trying to initialize WinPcap Winpcap present, dynamic linked to: WinPcap version 4.0.2 (packet.dll version 4.0.0.1040), based on libpcap version 0.9.5 Starting Nmap 4.49RC4 ( http://insecure.org ) at 2007-12-08 22:42 GMT Standard Time Fetchfile found C:\Program Files\Nmap\nmap-services The max # of sockets we are using is: 0 --------------- Timing report --------------- hostgroups: min 1, max 100000 rtt-timeouts: init 1000, min 100, max 10000 max-scan-delay: TCP 1000, UDP 1000 parallelism: min 0, max 0 max-retries: 10, host-timeout: 0 --------------------------------------------- doing 0.0.0.0 = 192.168.1.1 Initiating Connect Scan at 22:42 Scanning 192.168.1.1 [1 port] CONN (0.1100s) TCP localhost > 192.168.1.1:135 => Unknown error **TIMING STATS** (0.1100s): IP, probes active/freshportsleft/retry_stack/outstanding/retranwait/onbench, cwnd/ccthresh/d elay, timeout/srtt/rttvar/ Groupstats (1/1 incomplete): 1/*/*/*/*/* 10.00/75/* 1000000/-1/-1 192.168.1.1: 1/0/0/1/0/0 10.00/75/0 1000000/-1/-1 Discovered open port 135/tcp on 192.168.1.1 Changing ping technique for 192.168.1.1 to connect Timeout vals: srtt: -1 rttvar: -1 to: 1000000 delta 15000 ==> srtt: 15000 rttvar: 15000 to: 100000 Timeout vals: srtt: -1 rttvar: -1 to: 1000000 delta 15000 ==> srtt: 15000 rttvar: 15000 to: 100000 Moving 192.168.1.1 to completed hosts list with 0 outstanding probes. Completed Connect Scan at 22:42, 0.05s elapsed (1 total ports) Host 192.168.1.1 appears to be up ... good. Interesting ports on 192.168.1.1: PORT STATE SERVICE REASON 135/tcp open msrpc syn-ack Final times for host: srtt: 15000 rttvar: 15000 to: 100000 Read from C:\Program Files\Nmap: nmap-services. Nmap done: 1 IP address (1 host up) scanned in 0.172 seconds Note the CONN (0.1100s) TCP localhost > 192.168.1.1:135 => Unknown error which is pretty much the same as when, in addition, I specify --send-ip: C:\>nmap -sT -p135 192.168.1.1 -d10 --log-errors -n -PN --send-ip ***WinIP*** trying to initialize WinPcap Winpcap present, dynamic linked to: WinPcap version 4.0.2 (packet.dll version 4.0.0.1040), based on libpcap version 0.9. 5 Starting Nmap 4.49RC4 ( http://insecure.org ) at 2007-12-08 22:45 GMT Standard Time Fetchfile found C:\Program Files\Nmap\nmap-services WARNING: raw IP (rather than raw ethernet) packet sending attempted on Windows. This probably won't work. Consider --se nd-eth next time. The max # of sockets we are using is: 0 --------------- Timing report --------------- hostgroups: min 1, max 100000 rtt-timeouts: init 1000, min 100, max 10000 max-scan-delay: TCP 1000, UDP 1000 parallelism: min 0, max 0 max-retries: 10, host-timeout: 0 --------------------------------------------- doing 0.0.0.0 = 192.168.1.1 Initiating Connect Scan at 22:45 Scanning 192.168.1.1 [1 port] CONN (0.1090s) TCP localhost > 192.168.1.1:135 => Unknown error **TIMING STATS** (0.1250s): IP, probes active/freshportsleft/retry_stack/outstanding/retranwait/onbench, cwnd/ccthresh/d elay, timeout/srtt/rttvar/ Groupstats (1/1 incomplete): 1/*/*/*/*/* 10.00/75/* 1000000/-1/-1 192.168.1.1: 1/0/0/1/0/0 10.00/75/0 1000000/-1/-1 Discovered open port 135/tcp on 192.168.1.1 Changing ping technique for 192.168.1.1 to connect Timeout vals: srtt: -1 rttvar: -1 to: 1000000 delta 16000 ==> srtt: 16000 rttvar: 16000 to: 100000 Timeout vals: srtt: -1 rttvar: -1 to: 1000000 delta 16000 ==> srtt: 16000 rttvar: 16000 to: 100000 Moving 192.168.1.1 to completed hosts list with 0 outstanding probes. Completed Connect Scan at 22:45, 0.05s elapsed (1 total ports) Host 192.168.1.1 appears to be up ... good. Interesting ports on 192.168.1.1: PORT STATE SERVICE REASON 135/tcp open msrpc syn-ack Final times for host: srtt: 16000 rttvar: 16000 to: 100000 Read from C:\Program Files\Nmap: nmap-services. Nmap done: 1 IP address (1 host up) scanned in 0.172 seconds If I specify --send-eth, I get the expected result. raw ethernet is used in syn scans without the need to specify it. I swear I'll learn some C soon and be a bit more helpful. jah _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- -sT on windows jah (Dec 08)
- <Possible follow-ups>
- RE: -sT on windows jah (Dec 08)
- RE: -sT on windows jah (Dec 08)
- Re: -sT on windows David Fifield (Dec 08)
- Re: -sT on windows jah (Dec 08)
- RE: -sT on windows Rob Nicholls (Dec 09)
- Re: -sT on windows David Fifield (Dec 08)