Nmap Development mailing list archives
Port state detection sometimes fails when scanning a single port in aggresive timing
From: Andres Marin Lopez <andres.marin () uc3m es>
Date: Fri, 27 Oct 2017 15:02:58 +0200
Hi! I have detected that nmap 7.60 when scanning a single port fails to detect the state of the port in aggressive timing strategy. I discovered with -T3 in Version 7.50 but in version 7.60 it only happens using -T5. With --packet-trace I see that nmap does not wait to receive the SYN,ACK, though tcpdump shows it. This does not happen if you scan two or more ports, so it may be a bug in the code. Here follow the traces with new version of nmap: amarin@lamp:/tmp$ sudo nmap -sS -n -T5 10.0.3.115 --packet-trace -p80 Starting Nmap 7.60 ( https://nmap.org ) at 2017-10-27 12:14 CEST SENT (0.0666s) ARP who-has 10.0.3.115 tell 10.0.3.229 RCVD (0.0678s) ARP reply 10.0.3.115 is-at CA:63:91:E8:33:60 SENT (0.3389s) TCP 10.0.3.229:53832 > 10.0.3.115:80 S ttl=58 id=64238 iplen=44 seq=2707334846 win=1024 <mss 1460> SENT (0.3890s) TCP 10.0.3.229:53833 > 10.0.3.115:80 S ttl=54 id=20639 iplen=44 seq=2707400383 win=1024 <mss 1460> Nmap scan report for 10.0.3.115 Host is up (0.0012s latency). PORT STATE SERVICE 80/tcp filtered http MAC Address: CA:63:91:E8:33:60 (Unknown) Nmap done: 1 IP address (1 host up) scanned in 0.51 seconds And now scanning two ports: amarin@lamp:/tmp$ sudo nmap -sS -n -T5 10.0.3.115 --packet-trace -p80,443 Starting Nmap 7.60 ( https://nmap.org ) at 2017-10-27 12:14 CEST SENT (0.0622s) ARP who-has 10.0.3.115 tell 10.0.3.229 RCVD (0.0634s) ARP reply 10.0.3.115 is-at CA:63:91:E8:33:60 SENT (0.3585s) TCP 10.0.3.229:43973 > 10.0.3.115:80 S ttl=37 id=26374 iplen=44 seq=102116974 win=1024 <mss 1460> SENT (0.3586s) TCP 10.0.3.229:43973 > 10.0.3.115:443 S ttl=45 id=5429 iplen=44 seq=102116974 win=1024 <mss 1460> RCVD (0.3595s) TCP 10.0.3.115:80 > 10.0.3.229:43973 SA ttl=64 id=0 iplen=44 seq=3642482007 win=14600 <mss 1460> RCVD (0.3595s) TCP 10.0.3.115:443 > 10.0.3.229:43973 SA ttl=64 id=0 iplen=44 seq=2915678535 win=14600 <mss 1460> Nmap scan report for 10.0.3.115 Host is up (0.0011s latency). PORT STATE SERVICE 80/tcp open http 443/tcp open https MAC Address: CA:63:91:E8:33:60 (Unknown) Nmap done: 1 IP address (1 host up) scanned in 0.60 seconds amarin@lamp:/tmp$ nmap -V Nmap version 7.60 ( https://nmap.org ) Platform: x86_64-pc-linux-gnu Compiled with: liblua-5.3.3 openssl-1.1.0f libssh2-1.8.0 libz-1.2.8 libpcre-8.39 libpcap-1.8.1 nmap-libdnet-1.12 ipv6 Compiled without: Available nsock engines: epoll poll select Thanks for this unvaluable tool!! -- ANDRES MARIN LOPEZ Universidad Carlos III de Madrid
_______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Port state detection sometimes fails when scanning a single port in aggresive timing Andres Marin Lopez (Oct 29)