Nmap Announce mailing list archives
Announce: nmap-3.30+V-2.90 ("Version" Scanning) [Now Really Fast]
From: "Jay Freeman \(saurik\)" <saurik () saurik com>
Date: Thu, 24 Jul 2003 02:56:46 -0500
Changelog: o Refactored the scanning code to offer an upwards of an 8x speedup. Ports are now scanned in parallel rather than one at a time. Just how many ports are scanned in parallel is based on this algorithm: unsigned ports(pow(2.5, o.timing_level)); ports = max(ports, o.min_parallelism); ports = min(ports, o.max_parallelism ? o.max_parallelism : 100); Where o.timing_level is controled by the -T command line option, o.min_parallelism by --max_parallelism, and o.min_paralellism by --min_parallelism. The equation's goal was to make the default value of -T make the default parallelism be around 16. o -sV now supports UDP ports. So far it only detects one service: DNS. I'll add more whenever I have time. If anyone has any that they'd like to offer detection strings for, I'm very open. If you want to actually test them with nmap+V, I have a walkthrough in the docs folder called service-fingerprint.txt. Each IP protocol is handled by a different file: nmap-<protocol>-fingerprints. This differs from my previous naming convention of nmap-versions. o While I was doing that I fixed the fingerprint for DNS over TCP. It wasn't very happy... I had noticed it, but I kept putting off actually doing something about it. o I added a portability layer that will let me change to libpcre in the future if a reason comes up. I debated just doing it, but so far I'm not using any of the features, so my good ol' version of regex; the one that I hacked together from an "ok" licensed file that came up after doing an `slocate regex.c` in order to support doing regular expressions on strings that contain binary garbage, is still the regex of choice for nmap+V. o Added back a better version of my "debugging stuff". I've added STL to so many parts of my code now that it no longer matters. I still need to try to tackle nmap's Win32 portability problem sometime soon. Unfortunately, this usage of STL means that this release won't compile on Win32. It isn't fundamentally broken, there are just some bad #define's in mswin32/winclude.h that keep non-nmap sanctioned system header files from working. o Removed the -FV option. It mainly stayed around because scans were so painfully slow. Originally, I think I added it because I couldn't scan protocols on ports that I didn't think they were on (this was mainly version scanning at the time, not protocol auto-detection, which was added later). Regardless, the feature seems pointless now. o Removed the feature where I reuse the already open connections from TCP connect() scans. I might add this back someday, but for now it's gone as it was too much of a pain to maintain all the _other_ code changes that this one required (as I had to tap into the addport() system in order to get the information added correctly). Besides, I figure A) if you are doing a connect() scan you aren't trying to be stealthy anyway and B) the -sV scan is most useful when it can use multiple connections anyway with -sVV. I'm not worried that I'm going to get many complaints :). o In general minimized my patch whereever possible. FTP Information (for "released" versions): Source: ftp://ftp.saurik.com/pub/nmap/nmap-3.30+V-2.90.tgz Patch: ftp://ftp.saurik.com/pub/nmap/nmap+V-2.90 New Win32 Binaries: not available for this release... sorry Old Win32: ftp://ftp.saurik.com/pub/nmap/nmap-3.30+V-2.35.win32.zip CVS Information (for current versions): Repository: :pserver:anoncvs () cvs saurik com:/cvs/nmap Module: nmap Password: anoncvs Example Output (for the curious; and yes, it should line up with a fixed width font, although it is occasionally wider than 77 characters and wraps): [root(2)@ironclad nmap-3.30+V]# ./nmap -sS -sVV -F localhost Starting nmap 3.30+V ( http://www.insecure.org/nmap/ ) at 2003-07-24 02:54 CDT Interesting ports on localhost.localdomain (127.0.0.1): (The 1174 ports scanned but not shown below are in state: closed) Port State Service Protocol Version 17/tcp open qotd Go Text GNU Go 3.2 21/tcp open ftp FTP wu-2.6.2-8 22/tcp open ssh SSH 1.99-OpenSSH_3.4p1 23/tcp open telnet Telnet 25/tcp open smtp SMTP Sendmail 8.12.6/8.12.6 53/tcp open domain DNS 80/tcp open http HTTP Apache/2.0.44 (Unix) 110/tcp open pop-3 POP3 Cyrus v2.1.11-Invoca-RPM-2.1.11-3 111/tcp open sunrpc RPC 113/tcp open auth AUTH 119/tcp open nntp NNTP INN 2.2.2 13-Dec-1999 143/tcp open imap2 IMAP Cyrus v2.1.11-Invoca-RPM-2.1.11-3 465/tcp open smtps SSL 587/tcp open submission SMTP Sendmail 8.12.6/8.12.6 783/tcp open hp-alarm-mgr SpamAssassin 953/tcp open rndc BIND rndc BIND9 993/tcp open imaps SSL 995/tcp open pop3s SSL 2000/tcp open callbook Sieve Cyrus timsieved v2.1.11-Invoca-RPM-2.1.11-3 2401/tcp open cvspserver CVS 5432/tcp open postgres PostgreSQL 7.3 8009/tcp open ajp13 Ajp13 Apache Tomcat 8080/tcp open http-proxy HTTP Apache Tomcat/4.1.18-LE-jdk14 (HTTP/1.1 Connector) Nmap run completed -- 1 IP address (1 host up) scanned in 15.962 seconds Sincerely, Jay Freeman (saurik) saurik () saurik com -------------------------------------------------- For help using this (nmap-hackers) mailing list, send a blank email to nmap-hackers-help () insecure org . List run by ezmlm-idx (www.ezmlm.org).
Current thread:
- Announce: nmap-3.30+V-2.90 ("Version" Scanning) [Now Really Fast] Jay Freeman (saurik) (Jul 24)