Nmap Development mailing list archives
RE: -sT on windows
From: jah <jah () zadkiel plus com>
Date: Sun, 09 Dec 2007 03:16:35 +0000
Update.
I was barking up the wrong tree with this one. I think nmap is sending
raw ethernet for connect scans on windows, but may well be incorrectly
reporting the number of raw packets sent and rcvd. It seems to only
report the arp packets (42 bytes).
I've tried this on 3 XP machines with various nmap releases (incl 4.20)
so I have to ask: am I being daft and missing something here?
As to the Unknown Error:
This seems to refer to errbuf in PacketTrace::traceConnect in tcpip.cc:771
Does anyone have any idea what could be wrong?
The error occurs in 4.20 too, so it's not a recently introduced bug.
Whatever it is prevents further packet tracing.
C:\nmap-4.49RC5>nmap -d3 -sT -p135 192.168.1.1 --log-errors -n
--datadir .
Starting Nmap 4.49RC5 ( http://insecure.org ) at 2007-12-09 03:00
GMT Standard Time
Fetchfile found ./nmap-services
The max # of sockets we are using is: 0
--------------- Timing report ---------------
hostgroups: min 1, max 100000
rtt-timeouts: init 1000, min 100, max 10000
max-scan-delay: TCP 1000, UDP 1000
parallelism: min 0, max 0
max-retries: 10, host-timeout: 0
---------------------------------------------
doing 0.0.0.0 = 192.168.1.1
Initiating ARP Ping Scan at 03:00
Scanning 192.168.1.1 [1 port]
Pcap filter: arp and ether dst host XX:XX:XX:3D:3F:CE
Packet capture filter (device eth0): arp and ether dst host
XX:XX:XX:3D:3F:CE
SENT (0.1250s) ARP who-has 192.168.1.1 tell 192.168.1.2
**TIMING STATS** (0.1250s): IP, probes
active/freshportsleft/retry_stack/outstanding/retranwait/onbench,
cwnd/ccthresh/delay, timeout/srtt/rttvar/
Groupstats (1/1 incomplete): 1/*/*/*/*/* 10.00/75/* 100000/-1/-1
RCVD (0.1410s) ARP reply 192.168.1.1 is-at XX:XX:XX:47:78:79
Found 192.168.1.1 in incomplete hosts list.
ultrascan_host_probe_update called for machine 192.168.1.1 state
UNKNOWN -> HOST_UP (trynum 0 time: 16000)
Changing ping technique for 192.168.1.1 to ARP
Changing global ping host to 192.168.1.1.
Moving 192.168.1.1 to completed hosts list with 0 outstanding probes.
Completed ARP Ping Scan at 03:00, 0.08s elapsed (1 total hosts)
pcap stats: 2 packets received by filter, 0 dropped by kernel.
Initiating Connect Scan at 03:00
Scanning 192.168.1.1 [1 port]
CONN (0.1720s) TCP localhost > 192.168.1.1:135 => Unknown error
**TIMING STATS** (0.1720s): IP, probes
active/freshportsleft/retry_stack/outstanding/retranwait/onbench,
cwnd/ccthresh/delay, timeout/srtt/rttvar/
Groupstats (1/1 incomplete): 1/*/*/*/*/* 10.00/75/* 1000000/-1/-1
Discovered open port 135/tcp on 192.168.1.1
Changing ping technique for 192.168.1.1 to connect
Moving 192.168.1.1 to completed hosts list with 0 outstanding probes.
Completed Connect Scan at 03:00, 0.03s elapsed (1 total ports)
Fetchfile found ./nmap-mac-prefixes
Host 192.168.1.1 appears to be up ... good.
Interesting ports on 192.168.1.1:
PORT STATE SERVICE REASON
135/tcp open msrpc syn-ack
MAC Address: XX:XX:XX:47:78:79 (Netgear)
Final times for host: srtt: 14000 rttvar: 16000 to: 100000
Read from .: nmap-mac-prefixes nmap-services.
Nmap done: 1 IP address (1 host up) scanned in 0.266 seconds
Raw packets sent: 1 (42B) | Rcvd: 1 (42B)
jah
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
Current thread:
- -sT on windows jah (Dec 08)
- <Possible follow-ups>
- RE: -sT on windows jah (Dec 08)
- RE: -sT on windows jah (Dec 08)
- Re: -sT on windows David Fifield (Dec 08)
- Re: -sT on windows jah (Dec 08)
- RE: -sT on windows Rob Nicholls (Dec 09)
- Re: -sT on windows David Fifield (Dec 08)