Nmap Development mailing list archives
Re: XML output incomplete
From: Owen Mooney <omooney () tcd ie>
Date: Thu, 10 Sep 2020 22:19:03 +0100
Ah I see, so this is expected behaviour. Guess I should have read the fine print! Is this something that might be changed in a future release? It's not too important for my use case, but it seems a shame to throw away port scan data that has already been generated at a later point in the scan. On Thu, 10 Sep 2020 at 19:44, David Fifield <david () bamsoftware com> wrote:
On Fri, Sep 04, 2020 at 10:23:35AM +0100, Owen Mooney wrote:Normal output below: # Nmap 7.80 scan initiated Fri Sep 4 09:49:26 2020 as: nmap -T5 -sU -sS-PS22,80,443,445,3389,135,139 -PU53,161 -PE --traceroute -sV -oN normal.txt -oX xml.xml 172.17.0.2Warning: 172.17.0.2 giving up on port because retransmission cap hit (2). Nmap scan report for 172.17.0.2 Host is up (0.00017s latency). Skipping host 172.17.0.2 due to host timeout Service detection performed. Please report any incorrect results athttps://nmap.org/submit/ .# Nmap done at Fri Sep 4 10:04:32 2020 -- 1 IP address (1 host up)scanned in 905.65 secondsNo mention of port 80 open, however the "Skipping host..." line might beaclue. Is it possible that a host can be skipped after some ports havealreadybeen found open? I have attached the pcap file to this email for reference. It shows thatNmapgenerated a SYN to port 80 and got an ACK in response, and then sent ahttprequest further on in the scan.Okay, this explains it. Unfortunately, when a host reaches the host timeout, it discards all partial scan results. https://nmap.org/book/man-performance.html A host that times out is skipped. No port table, OS detection, or version detection results are printed for that host. The host timeout with -T5 is 900 seconds, which you can see was exceeded: "1 IP address (1 host up) scanned in 905.65 seconds". https://nmap.org/book/performance-timing-templates.html It's unusual for -sV to take 900 seconds for a single host. You can try --version-trace to watch what -sV is doing. -T5 may be too aggressive for this host. Alternatively, you can specify -T5 and longer --host-timeout together, I think.
_______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- XML output incomplete Owen Mooney (Sep 03)
- Re: XML output incomplete David Fifield (Sep 03)
- Re: XML output incomplete Owen Mooney (Sep 10)
- Re: XML output incomplete David Fifield (Sep 10)
- Re: XML output incomplete Owen Mooney (Sep 10)
- Re: XML output incomplete Owen Mooney (Sep 10)
- Re: XML output incomplete David Fifield (Sep 03)