Nmap Development mailing list archives
Re: [nmap] set source port in unprivileged mode
From: Fyodor <fyodor () nmap org>
Date: Fri, 9 Jan 2015 01:32:59 -0800
On Fri, Jan 2, 2015 at 6:47 PM, Simone Chiarelli <simchi88 () gmail com> wrote:
It’s possible to set source port in tcp/connect scan mode even while unprivileged (for ports higher than 1023). Would it be feasible to add such feature to nmap?
Hi Simone. Thanks for the suggestion. Right now our connect() scan doesn't support setting the source port (-g) at all--either with privileges or without. We would certainly consider such a feature if someone wrote a patch and it worked well. However, I'm worried that problems might crop up with retransmissions and also the case where we do a TCP connect() ping to the host followed by a port scan against the same port. Some systems might not let us create a repeat connection with the same 4-tuple (src and dest host and ports) so quickly due to wait states or other issues. I haven't really tested it or thought about it much though. It would need to be tested on at least Linux, Windows, and Mac. I think the vast majority of people who would want to use -g have root privileges and are using SYN scan for their TCP scanning. So we haven't seen a lot of demand for adding this support to connect scan. But like I said, we'd definitely consider a patch if someone wants the feature enough to write and test it. Cheers, Fyodor
_______________________________________________ Sent through the dev mailing list http://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Re: [nmap] set source port in unprivileged mode Fyodor (Jan 09)