Nmap Development mailing list archives
RE: ncat --max-conns
From: Jon Greaves <jon_greaves () hotmail com>
Date: Thu, 24 Sep 2009 08:02:08 +0000
Thanks David, It is at this point I wish I had the ability to help as the fix doesn't sound that difficult. I really should go and buy a good book on C Jon
Date: Tue, 22 Sep 2009 16:02:01 -0600 From: david () bamsoftware com To: jon_greaves () hotmail com Subject: Re: ncat --max-conns CC: nmap-dev () insecure org On Mon, Sep 21, 2009 at 07:03:34PM +0000, Jon Greaves wrote:On Mon, Sep 21, 2009 at 06:57:44PM +0000, Jon Greaves wrote:On Mon, Sep 21, 2009 at 09:41:38AM +0000, Jon Greaves wrote:I've just started playing ncat and am running into something odd with --max-conns the documantation suggest the this command does the following "Maximum n simultaneous connections". My ncat redirection runs quite happily until for several hours then stops accepting connection with the following error New connection denied: connection limit reached (100) I guess this makes sense but I'm pretty sure I don't have 100 simultaneous connections via ncat as each connection should be being closed down after connection am I missing something or is there a value i can use with --max-conns that tells it to just accept unlimited connections.Thanks for this report. What is the command line that you use?ncat -l server1 143 --max-conns 100 --sh-exec "ncat --ssl imap.gmail.com 993" I know 100 is the default but if you set it to say 10 you get the same behaviour it kind of feels like its doing a count of total connections rather that simultaneous connectionsAnother question: is this on Windows or another operating system?windows and i'm running version 5 of nmapThis is a known bug with --exec and --sh-exec on Windows. The problem is that the connection count is increased when a new connection is made, but it is never decreased. Normally it is decreased when a SIGCHLD signal is received, but that's not available on Windows. I'll make a note to have this fixed before the next release. If someone wants to volunteer to fix it, I think what will be necessary is to make the conn_count variable accessible by the ncat_exec_win.c source file, and then decrement conn_count at the end of subprocess_thread_func. An even better way to do it would be to pass a callback function pointer to netrun, which would be called when a process ends. David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- ncat --max-conns Jon Greaves (Sep 21)
- Re: ncat --max-conns David Fifield (Sep 21)
- RE: ncat --max-conns Jon Greaves (Sep 21)
- Re: ncat --max-conns David Fifield (Sep 21)
- RE: ncat --max-conns Jon Greaves (Sep 21)
- Re: ncat --max-conns David Fifield (Sep 22)
- RE: ncat --max-conns Jon Greaves (Sep 24)
- RE: ncat --max-conns Jon Greaves (Sep 21)
- Re: ncat --max-conns David Fifield (Sep 21)