Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Strange bug under windows

From: David Fifield <david () bamsoftware com>
Date: Mon, 22 Feb 2010 14:52:01 -0700
On Tue, Feb 16, 2010 at 10:41:12PM +1100, taemun wrote:

I've noticed recently, when doing nmap -Avv so.me.I.P that nmap will
sporadically produce the following error:

------------------------
...... some stuff.......
Scanning 11 services on so.me.I.P
Strange connect error from so.me.I.P (10013): No such file or directory
Assertion failed: 0, file .\src\nsock_core.c, line 377

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.
------------------------

I had never seen this happen up until some weeks ago, and it seems to
come and go as is pleases. Although, when its happening, hammering
doesn't make nmap change its mind and not crash.

It only happens with the service scan.


Thanks. It looks like the assert is doing its job (at least you're doing
your job by reporting the failure):

    default:
      Snprintf(buf, sizeof(buf), "Strange connect error from %s (%d)", inet_ntop_ez(&iod->peer, iod->peerlen), optval);
      perror(buf);
      assert(0); /* I'd like for someone to report it */
      break;

Error number 10013 is WSAECCESS, "Permission denied." There's more about
it at http://msdn.microsoft.com/en-us/library/ms740668(VS.85).aspx. I
suspect we'll end up adding it to the list of NSE_STATUS_ERROR-causing
error codes in handle_connect_result.

It would really help if you could narrow down the conditions that cause
it to happen, so that we can add a bit of documentation in the code for
why it's present. If you get the failure again, try isolating it to a
single IP address and port. Use the -d2 option to see which payloads are
being run. Use a binary search to narrow it down to one port: if you're
scanning 10 ports, break it into two groups of 5 that you scan
separately. Then if the failure happens in only one of those two groups,
try to narrow that one down in the same way.

David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: