Nmap 3.9999 now available

[Fyodor <fyodor () insecure org>]

Hello everyone,

I am pleased to announce the release of Nmap 3.9999.  From the version
number, you can probably guess that we are getting very close to the
big 4.0 release.  But this version has many changes, so I wanted to
give you a chance to fully test it out before releasing 4.0.  Please
let me know if you find any problems in the next few days.

Now back to the changes -- I think you'll like these.  One new feature
is runtime integration, which allows you to press [enter] at any time
for a status report with an estimated completion time for the current
scan.  Another is asynchronous DNS, which speeds up large network
scans as Nmap doesn't have to resolve each IP serially using the
(slow) host resolver anymore.  Windows users may appreciate that there
is now an executable installer -- nmap-3.9999-setup.exe, which takes
care of things like WinPcap and the registry performance improvements
for you.  The traditional Windows .zip file format is still available
as well.  The version detection database has been updated with all
remaining 2005 service submissions.  It now contains 3,153 signatures
for 381 service protocols.  Please keep those submissions coming in
'06!  Nmap has some new options, such as --max-retries and --badsum.
And there is more in the CHANGELOG below.

As usual, you can find the goods at:

http://www.insecure.org/nmap/download.html

Enjoy, and let me know (see
http://www.insecure.org/nmap/man/man-bugs.html ) if you find any
problems. Here are the changes since 3.95:

o Added run time interaction as documented at
  http://www.insecure.org/nmap/man/man-runtime-interaction.html .
  While Nmap is running, you can now press 'v' to increase verbosity,
  'd' to increase the debugging level, 'p' to enable packet tracing,
  or the capital versions (V,D,P) to do the opposite.  Any other key
  (such as enter) will print out a status message giving the estimated
  time until scan completion.  Most of this work was done by Paul
  Tarjan (ptarjan(a)stanford.edu), Andrew Lutomirski
  (luto(a)myrealbox.com), and Gisle Vanem (giva(a)bgnett.no).

o Reverse DNS resolution is now done in parallel rather than one at a
  time.  All scans of large networks (particularly list, ping and
  just-a-few-ports scans) should benefit substantially from this
  change.  If you encounter any problems, please let us know.  The new
  --system_dns option was added so you can use the (slow) system
  resolver if you prefer that for some reason.  You can specify a
  comma separated list of DNS server IP addresses for Nmap to use with
  the new --dns_servers option.  Otherwise, Nmap looks in
  /etc/resolve.conf (UNIX) or the system registry (Windows) to obtain
  the nameservers already configured for your system.  This excellent
  patch was written by Doug Hoyte (doug(a)hcsw.org).

o Created a Windows executable installer using the open source NSIS
  (Nullsoft Scriptable Install System).  It handles Pcap installation,
  registry performance changes, and adding Nmap to your cmd.exe
  executable path.  The installer source files are in mswin32/nsis/ .
  Thanks to Google SoC student Bo Jiang (jiangbo(a)brandeis.edu) for
  creating the initial version.

o Integrated all remaining 2005 service submissions.  The DB now has
  surpassed 3,000 signatures for the first time.  There now are 3,153
  signatures for 381 service protocols.  Those protocols span the
  gamut from abc, acap, afp, and afs to zebedee, zebra, and
  zenimaging.  It even covers obscure protocols such as http, ftp,
  smtp, and ssh :).  Thanks to Version Detection Czar Doug Hoyte for
  his excellent work on this.

o Added --max-retries option for capping the maximum number of
  retransmissions the port scan engine will do. The value may be as low
  as 0 (no retransmits).  A low value can increase speed, though at the
  risk of losing accuracy.  The -T4 option now allows up to 6 retries,
  and -T5 allows 2.  Thanks to Martin Macok
  (martin.macok(a)underground.cz) for writing the initial patch, which I
  changed quite a bit.  I also updated the docs to reflect this neat
  new option.

o Added the --badsum option, which causes Nmap to use invalid TCP or
  UDP checksums for packets sent to target hosts. Since virtually all
  host IP stacks properly drop these packets, any responses received
  are likely coming from a firewall or IDS that didn't bother to
  verify the checksum. For more details on this technique, see
  http://www.phrack.org/phrack/60/p60-0x0c.txt .  The author of that
  paper, Ed3f (ed3f(a)antifork.org), is also the author of this patch
  (which I changed it a bit).

o Many of the Nmap low-level timing options take a value in
  milliseconds.  You can now append an 's', 'm', or 'h' to the value
  to give it in seconds, minutes, or hours instead.  So you can specify a
  45 minute host timeout with --host_timeout 45m rather than specifying
  --host_timeout 2700000 and hoping you did the math right and have the 
  correct number of zeros.  This also now works for the
  --min_rtt_timeout, --max_rtt_timeout, --initial_rtt_timeout,
  --scan_delay, and --max_scan_delay options.

o Fixed a problem which led to the error message "Failed to determine
  dst MAC address for target" when you try to run Nmap using a
  dialup/PPP adapter on Windows rather than a real ethernet card.  Due
  to Microsoft breaking raw sockets, No longer supports dialup adapters, but
  it should now give you a clearer error message than the "dst MAC
  address" nonsense.

o The 26 Nmap commands that previously included an underscore
  (--max_rtt_timeout, --send_eth, --host_timeout, etc.) have been
  renamed to use a hyphen in the preferred format
  (i.e. --max-rtt-timeout).  Underscores are still supported for
  backward compatibility.

o Improved the NmapFE port to GTK2 so it better-conforms to the new
  API and you don't get annoying GTK-WARNING and GTK-CRITICAL messages
  in your terminal window.  GTK2 is prettier and more functional too.
  Thanks to Priit Laes (amd(a)store20.com) for writing these excellent
  patches.

o Changed the way the __attribute__ compiler extension is detected so
  that it works with the latest Fedora Core 4 updates (and perhaps other
  systems).  Thanks to Duilio Protti (dprotti(a)fceia.unr.edu.ar) for
  writing the patch.  The compilation error message this fixes was
  usually something like: "nmap.o(.rodata+0x17c): undefined reference
  to `__gthrw_pthread_cancel(unsigned long)"

o Added some exception handling code to mswin32/winfix.cc to prevent
  Nmap from crashing mysteriously when you have WinPcap 3.0 or earlier
  (instead of the required 3.1).  It now prints an error message instead
  asking you to upgrade, then reduces functionality to connect()-only
  mode.  I couldn't get it working with the C++ standard try/catch()
  blocks, but as soon as I used the nonstandard MS conventions
  (__try/__except(), everything worked fine. Shrug.

o Stripped the firewall API out of the libdnet included with Nmap
  because Nmap doesn't use it anyway.  This saves space and reduces the
  likelihood of compilation errors and warnings.

o Modified the previously useless --noninteractive option so that it
  deactivates runtime interaction.

o Debian GNU/kFreeBSD is now supported thanks to a patch to libdnet's
  configure.in by Petr Salinger (Petr.Salinger(a)t-systems.cz).

o Tried to update to the latest autoconf only to find that there
  hasn't been a new version in more than two years :(.  I was able to
  find new config.sub and config.guess files at
  http://cvs.savannah.gnu.org/viewcvs/config/config/ , so I updated to
  those.

o Updated nmap-mac-prefixes to reflect the latest OUI DB from the IEEE
  (http://standards.ieee.org/regauth/oui/oui.txt)

o Updated nmap-protocols with the latest IEEE internet protocols
  assignments (http://www.iana.org/assignments/protocol-numbers).

o Updated the Nmap version number and related fields that MS Visual
  Studio places in the binary.  This was done by editing
  mswin32/nmap.rc.

o Fixed a problem with the -e option when run on Windows (or UNIX with
  --send_eth) when run on an ethernet network against an external
  (routed) host.  You would get the message "NmapArpCache() can only
  take IPv4 addresses.  Sorry".  Thanks to KX (kxmail(a)gmail.com) for
  helping to track down the problem.

o Made some changes to allow source port zero scans (-g0).  Nmap used
  to refused to do this, but now it just gives a warning that it may not
  work on all systems.  It seems to work fine on my Linux box.  Thanks
  to Bill Dale (bill_dale(a)bellsouth.net) for suggesting this feature.

o Made a change to libdnet so that Windows interfaces are listed as
  down if they are disconnected, unplugged, or otherwise unavailable.

o Ceased including foreign translations in the Nmap tarball as they
  take up too much space.  HTML versions can be found at
  http://www.insecure.org/nmap/docs.html , while XML and NROFF versions
  are available from http://www.insecure.org/nmap/data/man-xlate/ .

o Changed INSTALL and README-WIN32 files to mostly just reference the
  new Nmap Install Guide at http://www.insecure.org/nmap/install/ .

o Upgraded the included LibPCRE from version 6.3 to 6.4.  There was a
  report of version detection crashes on the new Intel-based MACs with
  6.3.

o Included docs/nmap-man.xml in the tarball distribution, which is the
  DocBook XML source for the Nmap man page.  Patches to Nmap that are
  user-visible should include patches to the man page XML source rather
  than to the generated Nroff.

o Fixed Nmap so it doesn't crash when you ask it to resume a previous
  scan, but pass in a bogus file rather than actual Nmap output.  Thanks
  to Piotr Sobolewski (piotr_sobolewski(a)o2.pl) for the fix.

o Fixed compilation to again work with gcc-derivatives such as
  MingW. Thanks to Gisle Vanem (giva(a)bgnett.no) for sending the
  patches


Cheers,
Fyodor


_______________________________________________
Sent through the nmap-hackers mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-hackers