Nmap Development mailing list archives
Re: retransmission level hit
From: Royce Williams <royce () techsolvency com>
Date: Mon, 24 Nov 2014 06:30:14 -0900
On Mon, Nov 24, 2014 at 6:03 AM, Daniel Miller <bonsaiviking () gmail com> wrote:
On Sun, Nov 23, 2014 at 10:16 AM, Mike . <dmciscobgp () hotmail com> wrote:i looked at the source and docs on nmap and didn't see this answered. when we hit a retransmission level when scanning, i notice it says "giving up on port". in doing a large full socket scan, is there any way we could see what port is actually creating that? i understand exactly what the retransmission level is for and how it is generated. i was simply curious when it says PORT is that a general term as in "ports are dropping, increase", or did it hit an individual port. i think it would be useful for users to know what port signalled the mesgThe "giving up on port" message is gated with logic to prevent it from being printed more than once per host. There's technically nothing preventing it from mentioning which target port it is referring to, but doing so could possibly be confusing, since Nmap may give up on more than one port for the same reason, but only one message would be printed.
This could be mitigated by disclaiming the target port, as in: Warning: xx.xx.xx.xx giving up on port because retransmission cap hit (2) (last port: 443) ... or, if possible at the time: Warning: xx.xx.xx.xx giving up on port because retransmission cap hit (2) (8 ports, last port 443) ... etc. Royce _______________________________________________ Sent through the dev mailing list http://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- retransmission level hit Mike . (Nov 23)
- Re: retransmission level hit Daniel Miller (Nov 24)
- Re: retransmission level hit Royce Williams (Nov 24)
- Re: retransmission level hit Daniel Miller (Nov 24)