Nmap Development mailing list archives
nmap bug: specified source port not honored in version scanning
From: Gabriel Friedmann <gabriel () gsource org>
Date: Tue, 18 May 2010 13:25:26 -0500
Bug: Specifying --source-port for nmap scan does not appear to be honored in version scanning/NSE nmap: Version 5.30BETA1 My host: Linux, CentOS 5.5 Please note that the initial port scan behaves as expected, but version scanning will not work due to a dynamically selected source port. ---------Command--------- [gabriel@ghost ~]$ *sudo nmap -vvv -sS -sV -P0 -p 3009 --source-port 80 10.10.10.10* Starting Nmap 5.30BETA1 ( http://nmap.org ) at 2010-05-18 20:15 CEST NSE: Loaded 6 scripts for scanning. Initiating Parallel DNS resolution of 1 host. at 20:15 Completed Parallel DNS resolution of 1 host. at 20:15, 0.00s elapsed DNS resolution of 1 IPs took 0.00s. Mode: Async [#: 2, OK: 1, NX: 0, DR: 0, SF: 0, TR: 1, CN: 0] Initiating SYN Stealth Scan at 20:15 Scanning 10.10.10.10 (10.10.10.10) [1 port] Discovered open port 3009/tcp on 10.10.10.10 Completed SYN Stealth Scan at 20:15, 0.18s elapsed (1 total ports) Initiating Service scan at 20:15 Scanning 1 service on 10.10.10.10 (10.10.10.10) Completed Service scan at 20:15, 5.00s elapsed (1 service on 1 host) NSE: Script scanning 10.10.10.10. NSE: Starting runlevel 1 (of 1) scan. Initiating NSE at 20:15 Completed NSE at 20:16, 30.00s elapsed NSE: Script Scanning completed. Nmap scan report for 10.10.10.10 (10.10.10.10) Host is up (0.17s latency). Scanned at 2010-05-18 20:15:34 CEST for 36s PORT STATE SERVICE VERSION *3009/tcp open unknown* Read data files from: /usr/local/share/nmap Service detection performed. Please report any incorrect results at http://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 35.93 seconds Raw packets sent: 1 (44B) | Rcvd: 1 (44B) ------TCP Dump-------- [gabriel@ghost ~]$ *sudo tcpdump host 10.10.10.10* tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes 20:15:34.646261 IP *ghost.http >* 10.10.10.10.pxc-ntfy: S 1124169178:1124169178(0) win 2048 <mss 1460> 20:15:34.812344 IP 10.10.10.10.pxc-ntfy *> ghost.http*: S 1213767856:1213767856(0) ack 1124169179 win 8190 <mss 1460> 20:15:34.812361 IP *ghost.http* > 10.10.10.10.pxc-ntfy: R 1124169179:1124169179(0) win 0 20:15:35.011499 IP *ghost.60429 >* 10.10.10.10.pxc-ntfy: S 2941975072:2941975072(0) win 5840 <mss 1460,sackOK,timestamp 563581313 0,nop,wscale 7> 20:15:38.010276 IP *ghost.60429 >* 10.10.10.10.pxc-ntfy: S 2941975072:2941975072(0) win 5840 <mss 1460,sackOK,timestamp 563582063 0,nop,wscale 7> 20:15:40.016049 IP *ghost.60430 >* 10.10.10.10.pxc-ntfy: S 2942099726:2942099726(0) win 5840 <mss 1460,sackOK,timestamp 563582564 0,nop,wscale 7> 20:15:43.014586 IP *ghost.60430 >* 10.10.10.10.pxc-ntfy: S 2942099726:2942099726(0) win 5840 <mss 1460,sackOK,timestamp 563583314 0,nop,wscale 7> 20:15:49.014960 IP *ghost.60430 > *10.10.10.10.pxc-ntfy: S 2942099726:2942099726(0) win 5840 <mss 1460,sackOK,timestamp 563584814 0,nop,wscale 7> 20:16:01.015715 IP *ghost.60430 >* 10.10.10.10.pxc-ntfy: S 2942099726:2942099726(0) win 5840 <mss 1460,sackOK,timestamp 563587814 0,nop,wscale 7> Hint: Maybe related: ncat also appears to not honor the source port. _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- nmap bug: specified source port not honored in version scanning Gabriel Friedmann (May 19)