Nmap Development mailing list archives
Nmap Exclude and Addrset
From: "Colin L. Rice" <dah4k0r () gmail com>
Date: Fri, 17 Jun 2011 15:19:16 -0500
Hello, We recently decided to move the address set in ncat_hostmatch.c to libnetutil in order to utilize its address set in Nmap. This has been done. As a consequence IPv6 excludes are now supported and this: nmap -6 --exclude nmap.org/112 nmap.org scanme.nmap.org -d goes from : Starting Nmap 5.52.IPv6.Beta2 ( http://nmap.org ) at 2011-06-17 15:12 CDT PORTS: Using top 1000 ports found open (TCP:1000, UDP:0, SCTP:0) --------------- Timing report --------------- hostgroups: min 1, max 100000 rtt-timeouts: init 1000, min 100, max 10000 max-scan-delay: TCP 1000, UDP 1000, SCTP 1000 parallelism: min 0, max 0 max-retries: 10, host-timeout: 0 min-rate: 0, max-rate: 0 --------------------------------------------- Invalid host expression: nmap.org/112 -- slash not allowed. IPv6 addresses can currently only be specified individually QUITTING! To: Starting Nmap 5.52.IPv6.Beta2 ( http://nmap.org ) at 2011-06-17 15:14 CDT PORTS: Using top 1000 ports found open (TCP:1000, UDP:0, SCTP:0) --------------- Timing report --------------- hostgroups: min 1, max 100000 rtt-timeouts: init 1000, min 100, max 10000 max-scan-delay: TCP 1000, UDP 1000, SCTP 1000 parallelism: min 0, max 0 max-retries: 10, host-timeout: 0 min-rate: 0, max-rate: 0 --------------------------------------------- Initiating Ping Scan at 15:14 Scanning scanme.nmap.org (2600:3c01::f03c:91ff:fe93:cd19) [2 ports] Completed Ping Scan at 15:14, 0.00s elapsed (1 total hosts) Overall sending rates: 3853.56 packets / s. Initiating System DNS resolution of 1 host. at 15:14 Completed System DNS resolution of 1 host. at 15:14, 0.00s elapsed Nmap scan report for scanme.nmap.org (2600:3c01::f03c:91ff:fe93:cd19) [host down, received net-unreach] Read from /usr/local/bin/../share/nmap: nmap-payloads nmap-services. Note: Host seems down. If it is really up, but blocking our ping probes, try -Pn Nmap done: 1 IP address (0 hosts up) scanned in 0.06 seconds On a technical note there is another file in libnetutil addrset.c. An addrset is a c linked list which holds a union of bitvectors and ipv6 addresses/masks. It works quite well in filtering out allowed versus disallowed structures. Some of its functions are slightly changed from the ncat_hostmatch in order to pass options in the functions and not use o.blah which differs between programs. Everything has been updated including the tests in ncat/test. There should be no difference in ncats behavior. If you notice one give me a yell. Cheers, -Colin _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Nmap Exclude and Addrset Colin L. Rice (Jun 17)
- Re: Nmap Exclude and Addrset Shinnok (Jun 18)
- Re: Nmap Exclude and Addrset Daniel Miller (Jun 18)
- Re: Nmap Exclude and Addrset Colin L. Rice (Jun 18)
- Re: Nmap Exclude and Addrset David Fifield (Jun 18)
- Re: Nmap Exclude and Addrset Daniel Miller (Jun 18)
- Re: Nmap Exclude and Addrset Shinnok (Jun 18)