Nmap Development mailing list archives
Re: XML output incomplete
From: David Fifield <david () bamsoftware com>
Date: Thu, 10 Sep 2020 12:44:40 -0600
On Fri, Sep 04, 2020 at 10:23:35AM +0100, Owen Mooney wrote:
Normal output below: # Nmap 7.80 scan initiated Fri Sep 4 09:49:26 2020 as: nmap -T5 -sU -sS -PS22,80,443,445,3389,135,139 -PU53,161 -PE --traceroute -sV -oN normal.txt -oX xml.xml 172.17.0.2 Warning: 172.17.0.2 giving up on port because retransmission cap hit (2). Nmap scan report for 172.17.0.2 Host is up (0.00017s latency). Skipping host 172.17.0.2 due to host timeout Service detection performed. Please report any incorrect results at https://nmap.org/submit/ . # Nmap done at Fri Sep 4 10:04:32 2020 -- 1 IP address (1 host up) scanned in 905.65 seconds No mention of port 80 open, however the "Skipping host..." line might be a clue. Is it possible that a host can be skipped after some ports have already been found open? I have attached the pcap file to this email for reference. It shows that Nmap generated a SYN to port 80 and got an ACK in response, and then sent a http request further on in the scan.
Okay, this explains it. Unfortunately, when a host reaches the host timeout, it discards all partial scan results. https://nmap.org/book/man-performance.html A host that times out is skipped. No port table, OS detection, or version detection results are printed for that host. The host timeout with -T5 is 900 seconds, which you can see was exceeded: "1 IP address (1 host up) scanned in 905.65 seconds". https://nmap.org/book/performance-timing-templates.html It's unusual for -sV to take 900 seconds for a single host. You can try --version-trace to watch what -sV is doing. -T5 may be too aggressive for this host. Alternatively, you can specify -T5 and longer --host-timeout together, I think. _______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- XML output incomplete Owen Mooney (Sep 03)
- Re: XML output incomplete David Fifield (Sep 03)
- Re: XML output incomplete Owen Mooney (Sep 10)
- Re: XML output incomplete David Fifield (Sep 10)
- Re: XML output incomplete Owen Mooney (Sep 10)
- Re: XML output incomplete Owen Mooney (Sep 10)
- Re: XML output incomplete David Fifield (Sep 03)