Nmap Development mailing list archives
Re: Bug: specified source port not honored in ncat
From: Gabriel Friedmann <gabriel () gsource org>
Date: Wed, 19 May 2010 12:18:24 -0500
Thank you, David. I found that the server i was using also had a webserver running on TCP port 80. This prevented ncat from binding to source port 80. What confused me was that NMAP syn scan was still able to run (which is how i found the open ports to begin with). I expected ncat to complain loudly and fail if it could not honor my request. Instead it went for a best-effort to get the job done. That is friendlier behavior than i was expecting and it puzzled me when services were not being version checked after the ports were determined to be open with a syn scan. Of course, there are other cases where TCP ports may be detected open and fail an actual handshake, so i agree that this was not a bug. Sorry about that. As for the suspected related issue (which turns out may be unrelated): Even with the webserver off and ncat verified to be setting the source port as specified, i still seeing NSE not honoring the source port flag when trying to do a version scan. On Wed, May 19, 2010 at 11:41 AM, David Fifield <david () bamsoftware com>wrote:
On Tue, May 18, 2010 at 01:13:18PM -0500, Gabriel Friedmann wrote:Bug: Specifying --source-port (or -p) for ncat conections does not appeartobe honored. Ncat: Version 5.30BETA1 My host: Linux, CentOS 5.5 Please note that the source (ghost) source port is selected to be 40967 instead of the specified port 80. ---------Command--------- [gabriel@ghost ~]$ *sudo ncat -vvv --source-port 80 74.125.79.99 80* Ncat: Version 5.30BETA1 ( http://nmap.org/ncat ) NSOCK (0.0030s) TCP connection requested to 74.125.79.99:80 (IOD #1) EID8NSOCK (0.0030s) Bind to 0.0.0.0 failed (IOD #1) EID 8 NSOCK (0.0230s) Callback: CONNECT SUCCESS for EID 8 [74.125.79.99:80] Ncat: Connected to 74.125.79.99:80. NSOCK (0.0230s) Read request from IOD #1 [74.125.79.99:80] (timeout:-1ms)EID 18 NSOCK (0.0230s) Read request for 0 bytes from IOD #2 (peer unspecified)EID26This looks like it is caused by some configuration of your system. Notice the line NSOCK (0.0030s) Bind to 0.0.0.0 failed (IOD #1) EID 8 That means that Ncat tried to set the source port but the operating system did not allow it. Maybe it's because of SELinux or something else. Setting the source port works for me. # ncat -vvv -p 80 google.com 80 Ncat: Version 5.30BETA1 ( http://nmap.org/ncat ) NSOCK (0.0030s) TCP connection requested to 66.102.7.104:80 (IOD #1) EID 8 NSOCK (0.1120s) Callback: CONNECT SUCCESS for EID 8 [66.102.7.104:80] Ncat: Connected to 66.102.7.104:80. NSOCK (0.1120s) Read request from IOD #1 [66.102.7.104:80] (timeout: -1ms) EID 18 NSOCK (0.1120s) Read request for 0 bytes from IOD #2 (peer unspecified) EID 26 And the tcpdump output: 10:38:40.991011 IP 192.168.0.21.80 > 66.102.7.104.80: Flags [S], seq 3032478975, win 5792, options [mss 1460,sackOK,TS val 95159737 ecr 2587190733,nop,wscale 5], length 0 10:38:41.095993 IP 66.102.7.104.80 > 192.168.0.21.80: Flags [S.], seq 990492735, ack 3032478976, win 5672, options [mss 1430,sackOK,TS val 2587206052 ecr 95159737,nop,wscale 6], length 0 10:38:41.096088 IP 192.168.0.21.80 > 66.102.7.104.80: Flags [.], ack 1, win 181, options [nop,nop,TS val 95159842 ecr 2587206052], length 0 David Fifield
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Bug: specified source port not honored in ncat Gabriel Friedmann (May 19)
- Re: Bug: specified source port not honored in ncat David Fifield (May 19)
- Re: Bug: specified source port not honored in ncat Gabriel Friedmann (May 22)
- Re: Bug: specified source port not honored in ncat David Fifield (May 19)