Nmap Development mailing list archives
Re: nmap: nsock_core.c:294: handle_connect_result: Assertion `0' failed.
From: David Fifield <david () bamsoftware com>
Date: Thu, 30 Apr 2009 17:06:37 -0600
On Thu, Apr 30, 2009 at 09:19:07AM +0200, Fabio wrote:
On Wed, Apr 29, 2009 at 03:29:20PM +0200, Fabio wrote:When trying to scan some hosts to search for the Conficker virus I get the following assertion. This is nmap 4.85BETA8 compiled from source on a SPARC machine under Linux, gcc 4.0.3. $ ./nmap -p139,445 --script p2p-conficker,smb-os-discovery,smb-check-vulns --script-args checkconficker=1,safe=1 -T4 192.168.29.55 Starting Nmap 4.85BETA8 ( http://nmap.org ) at 2009-04-29 15:44 CEST Strange connect error from 192.168.29.55 (42): Operation now in progress nmap: nsock_core.c:294: handle_connect_result: Assertion `0' failed. AbortedThis is a strange error. Errno 42 is ENOMSG, "No message of desired type". But perror is printing out the message for EINPROGRESS, "Operation now in progress". I suppose it is possible for errno and the error code returned by getsockopt to be different in this part of the code. Does this assertion failure happen every time? If so, it would help if you could send a packet capture created with tcpdump or a similar tool.The assertion is 100% reproducible with that host. A packet capture (with tcpdump -vvv) is attached.
Thanks. The packet trace is pretty strange. Here you send the TCP ping probes, so far so good. 09:29:05.777093 IP (tos 0x0, ttl 56, id 3417, offset 0, flags [none], proto: TCP (6), length: 44) 192.168.29.1.49218 > 192.168.29.55.139: S, cksum 0x5feb (correct), 1691702033:1691702033(0) win 1024 <mss 1460> 09:29:05.777462 IP (tos 0x0, ttl 52, id 4850, offset 0, flags [none], proto: TCP (6), length: 44) 192.168.29.1.49218 > 192.168.29.55.445: S, cksum 0x5eb9 (correct), 1691702033:1691702033(0) win 1024 <mss 1460> The remote host says that it doesn't understand TCP? 09:29:05.777795 IP (tos 0x0, ttl 128, id 25678, offset 0, flags [none], proto: ICMP (1), length: 56) 192.168.29.55 > 192.168.29.1: ICMP 192.168.29.55 protocol 6 unreachable, length 36 Then the scanning machine sends back another TCP packet, this time with no header. IP (tos 0x0, ttl 56, id 3417, offset 0, flags [none], proto: TCP (6), length: 44) 192.168.29.1.49218 > 192.168.29.55.139: tcp 24 [bad hdr length 0 - too short, < 20] What is the operating system of 192.168.29.55? Is there anything special about the scanning SPARC machine? Has anyone seen traffic like that and can provide an explanation? I guess the ENOMSG is caused by the "protocol 6 unreachable" replies. Can you try the attached patch and see if it fixes the problem? David Fifield
Attachment:
nsock-enomsg.diff
Description:
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Re: nmap: nsock_core.c:294: handle_connect_result: Assertion `0' failed. Fabio (Apr 30)
- Re: nmap: nsock_core.c:294: handle_connect_result: Assertion `0' failed. David Fifield (Apr 30)
- <Possible follow-ups>
- Re: nmap: nsock_core.c:294: handle_connect_result: Assertion `0' failed. Fabio (May 04)
- Re: nmap: nsock_core.c:294: handle_connect_result: Assertion `0' failed. David Fifield (May 12)
- Re: nmap: nsock_core.c:294: handle_connect_result: Assertion `0' failed. Fabio (May 13)