Nmap Development mailing list archives
RE: -sT on windows
From: jah <jah () zadkiel plus com>
Date: Sun, 09 Dec 2007 03:16:35 +0000
Update. I was barking up the wrong tree with this one. I think nmap is sending raw ethernet for connect scans on windows, but may well be incorrectly reporting the number of raw packets sent and rcvd. It seems to only report the arp packets (42 bytes). I've tried this on 3 XP machines with various nmap releases (incl 4.20) so I have to ask: am I being daft and missing something here? As to the Unknown Error: This seems to refer to errbuf in PacketTrace::traceConnect in tcpip.cc:771 Does anyone have any idea what could be wrong? The error occurs in 4.20 too, so it's not a recently introduced bug. Whatever it is prevents further packet tracing. C:\nmap-4.49RC5>nmap -d3 -sT -p135 192.168.1.1 --log-errors -n --datadir . Starting Nmap 4.49RC5 ( http://insecure.org ) at 2007-12-09 03:00 GMT Standard Time Fetchfile found ./nmap-services The max # of sockets we are using is: 0 --------------- Timing report --------------- hostgroups: min 1, max 100000 rtt-timeouts: init 1000, min 100, max 10000 max-scan-delay: TCP 1000, UDP 1000 parallelism: min 0, max 0 max-retries: 10, host-timeout: 0 --------------------------------------------- doing 0.0.0.0 = 192.168.1.1 Initiating ARP Ping Scan at 03:00 Scanning 192.168.1.1 [1 port] Pcap filter: arp and ether dst host XX:XX:XX:3D:3F:CE Packet capture filter (device eth0): arp and ether dst host XX:XX:XX:3D:3F:CE SENT (0.1250s) ARP who-has 192.168.1.1 tell 192.168.1.2 **TIMING STATS** (0.1250s): IP, probes active/freshportsleft/retry_stack/outstanding/retranwait/onbench, cwnd/ccthresh/delay, timeout/srtt/rttvar/ Groupstats (1/1 incomplete): 1/*/*/*/*/* 10.00/75/* 100000/-1/-1 RCVD (0.1410s) ARP reply 192.168.1.1 is-at XX:XX:XX:47:78:79 Found 192.168.1.1 in incomplete hosts list. ultrascan_host_probe_update called for machine 192.168.1.1 state UNKNOWN -> HOST_UP (trynum 0 time: 16000) Changing ping technique for 192.168.1.1 to ARP Changing global ping host to 192.168.1.1. Moving 192.168.1.1 to completed hosts list with 0 outstanding probes. Completed ARP Ping Scan at 03:00, 0.08s elapsed (1 total hosts) pcap stats: 2 packets received by filter, 0 dropped by kernel. Initiating Connect Scan at 03:00 Scanning 192.168.1.1 [1 port] CONN (0.1720s) TCP localhost > 192.168.1.1:135 => Unknown error **TIMING STATS** (0.1720s): IP, probes active/freshportsleft/retry_stack/outstanding/retranwait/onbench, cwnd/ccthresh/delay, timeout/srtt/rttvar/ Groupstats (1/1 incomplete): 1/*/*/*/*/* 10.00/75/* 1000000/-1/-1 Discovered open port 135/tcp on 192.168.1.1 Changing ping technique for 192.168.1.1 to connect Moving 192.168.1.1 to completed hosts list with 0 outstanding probes. Completed Connect Scan at 03:00, 0.03s elapsed (1 total ports) Fetchfile found ./nmap-mac-prefixes Host 192.168.1.1 appears to be up ... good. Interesting ports on 192.168.1.1: PORT STATE SERVICE REASON 135/tcp open msrpc syn-ack MAC Address: XX:XX:XX:47:78:79 (Netgear) Final times for host: srtt: 14000 rttvar: 16000 to: 100000 Read from .: nmap-mac-prefixes nmap-services. Nmap done: 1 IP address (1 host up) scanned in 0.266 seconds Raw packets sent: 1 (42B) | Rcvd: 1 (42B) jah _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- -sT on windows jah (Dec 08)
- <Possible follow-ups>
- RE: -sT on windows jah (Dec 08)
- RE: -sT on windows jah (Dec 08)
- Re: -sT on windows David Fifield (Dec 08)
- Re: -sT on windows jah (Dec 08)
- RE: -sT on windows Rob Nicholls (Dec 09)
- Re: -sT on windows David Fifield (Dec 08)