Nmap Development mailing list archives
Re: feature suggestion: --udp_reliable
From: R Anderson <listbox () pole-position org>
Date: Fri, 29 Nov 2002 13:11:50 +0100
Bo Cato wrote:
Another solution would be to have nmap simply state if it has seen any icmp unreacheables from the ip it's scanning as part of verbose.
[snip]
Or if no ICMP unreachables were seen.. "I did not see any ICMP unreachables from the host!" Or perhaps have nmap indicate by default (not needing to ask it to be -verbose) when ever you scan for udp if it has seen any ICMP unreachables or not. Like so:
[snip]
> Fyodor wrote: >>On Fri, Nov 22, 2002 at 11:52:35PM -0800, Florin Andrei wrote: >> >> >>>That's why i think it would be useful to have an option to mark >>>unresponsive UDP ports as "filtered", just the same as the ports that>>>send back port-unreachable, and mark "open" only the ports that actually>>>send back a UDP reply. >> >> >>The problem with this is that most open UDP ports do NOT send back any >>reply to the 0-byte UDP packet. So "filtered" ports that do not send >>back an ICMP administratively-prohibited erro look just like open >>ports. In that case, I would usually rather err on the side of >>reporting filtered ports as open. That is usually less dangerous than
Now that was an EXCELLENT idea. I beg you Fyodor to include this in the official nmap. It's of great help for evaluating the results from non-positive-acknowledge scan types.
IMHO this should always be shown since the info adds information of the result integrity, even when using SYN scan. Some firewalls reply with ICMP on filtered TCP ports, for example.
I include a patch for doing this. The info is not written to .gnmap or .xml in this version, but that should definitely be implemented too.
I also show the number of responses. Also, if there were answers from intermediate routers that info is added too.
Screen Shot: (sort of :) Starting nmap V. 3.10ALPHA4 ( www.insecure.org/nmap/ ) Interesting ports on ns.example.net (192.168.0.1): Port State Service 53/tcp open domain 53/udp open domain 123/tcp filtered ntp 123/udp open ntp Note: no ICMP unreachables seen from the host. Number of unreachables from intermediates: 2 Nmap run completed -- 1 IP address (1 host up) scanned in 2.691 seconds /R
diff -ruB nmap-3.10ALPHA4/Target.cc nmap-3.10ALPHA4-icmp/Target.cc
--- nmap-3.10ALPHA4/Target.cc Tue Aug 27 23:43:23 2002
+++ nmap-3.10ALPHA4-icmp/Target.cc Fri Nov 29 12:04:21 2002
@@ -72,6 +72,7 @@
bzero(&sourcesock, sizeof(sourcesock));
targetsocklen = sourcesocklen = 0;
targetipstring[0] = '\0';
+ icmpresponse = intermediateresp = 0;
}
void Target::Recycle() {
diff -ruB nmap-3.10ALPHA4/Target.h nmap-3.10ALPHA4-icmp/Target.h
--- nmap-3.10ALPHA4/Target.h Tue Aug 27 23:43:23 2002
+++ nmap-3.10ALPHA4-icmp/Target.h Fri Nov 29 12:04:21 2002
@@ -116,6 +116,8 @@
int timedout; /* Nonzero if continued scanning should be aborted due to
timeout */
char device[64]; /* The device we transmit on */
+ unsigned int icmpresponse; // Number of ICMP responses from this host
+ unsigned int intermediateresp; // Number of ICMP responses from intermediate routers
private:
char *hostname; // Null if unable to resolve or unset
diff -ruB nmap-3.10ALPHA4/output.cc nmap-3.10ALPHA4-icmp/output.cc
--- nmap-3.10ALPHA4/output.cc Mon Sep 9 09:59:51 2002
+++ nmap-3.10ALPHA4-icmp/output.cc Fri Nov 29 12:04:21 2002
@@ -217,6 +217,12 @@
}
}
}
+ if (currenths->icmpresponse) {
+ log_write(LOG_NORMAL|LOG_SKID|LOG_STDOUT,"Number of ICMP unreachables from this host: %d\n",
currenths->icmpresponse);
+ } else {
+ log_write(LOG_NORMAL|LOG_SKID|LOG_STDOUT,"Note: no ICMP unreachables seen from the host.\n");
+ }
+ if (currenths->intermediateresp) log_write(LOG_NORMAL|LOG_SKID|LOG_STDOUT,"Number of unreachables from
intermediates: %d\n", currenths->intermediateresp);
/* log_write(LOG_NORMAL|LOG_SKID|LOG_STDOUT,"\n"); */
log_write(LOG_MACHINE, "\tIgnored State: %s (%d)", statenum2str(plist->ignored_port_state),
plist->state_counts[plist->ignored_port_state]);
log_write(LOG_XML, "</ports>\n");
diff -ruB nmap-3.10ALPHA4/scan_engine.cc nmap-3.10ALPHA4-icmp/scan_engine.cc
--- nmap-3.10ALPHA4/scan_engine.cc Mon Sep 16 06:39:58 2002
+++ nmap-3.10ALPHA4-icmp/scan_engine.cc Fri Nov 29 12:04:21 2002
@@ -488,6 +488,18 @@
continue;
}
+ /* Wasn't it sent from the host itself? */
+ if (ip->ip_src.s_addr != ip2->ip_dst.s_addr) {
+ target->intermediateresp++;
+ if (o.debugging || o.verbose) {
+ log_write(LOG_STDOUT, "ICMP 3/%d regarding %s received from intermediate ", icmp->icmp_code,
+ inet_ntoa(inet_makeaddr(htonl(ip2->ip_dst.s_addr),0)));
+ log_write(LOG_STDOUT, "router %s\n", inet_ntoa(inet_makeaddr(htonl(ip->ip_src.s_addr),0)));
+ }
+ continue;
+ }
+
+ target->icmpresponse++;
data = (u16 *) ((char *)ip2 + 4 * ip2->ip_hl);
/* log_write(LOG_STDOUT, "Caught ICMP packet:\n");
hdump(icmp, ntohs(ip->ip_len) - sizeof(struct ip)); */
@@ -1505,6 +1517,18 @@
/* log_write(LOG_STDOUT, "Caught ICMP packet:\n");
hdump(icmp, ntohs(ip->ip_len) - sizeof(struct ip)); */
+ /* Wasn't it sent from the host itself? */
+ if (ip->ip_src.s_addr != ip2->ip_dst.s_addr) {
+ target->intermediateresp++;
+ if (o.debugging || o.verbose) {
+ log_write(LOG_STDOUT, "ICMP 3/%d regarding %s received from intermediate ", icmp->icmp_code,
+ inet_ntoa(inet_makeaddr(htonl(ip2->ip_dst.s_addr),0)));
+ log_write(LOG_STDOUT, "router %s\n", inet_ntoa(inet_makeaddr(htonl(ip->ip_src.s_addr),0)));
+ }
+ continue;
+ }
+
+ target->icmpresponse++;
if (icmp->icmp_type == 3) {
if (scantype != IPPROT_SCAN)
newport = ntohs(data[1]);
--------------------------------------------------------------------- For help using this (nmap-dev) mailing list, send a blank email to nmap-dev-help () insecure org . List run by ezmlm-idx (www.ezmlm.org).
Current thread:
- feature suggestion: --udp_reliable Florin Andrei (Nov 22)
- Re: feature suggestion: --udp_reliable Fyodor (Nov 23)
- Re: feature suggestion: --udp_reliable R Anderson (Nov 24)
- Re[2]: feature suggestion: --udp_reliable Bo Cato (Nov 28)
- Re: feature suggestion: --udp_reliable R Anderson (Nov 29)
- Re: feature suggestion: --udp_reliable Rasmus Andersson (Nov 29)
- Re: feature suggestion: --udp_reliable R Anderson (Nov 24)
- Re: feature suggestion: --udp_reliable Fyodor (Nov 23)