Nmap Development mailing list archives

Re: NMAP Appears to abort mid-scan

From: David Fifield <david () bamsoftware com>
Date: Thu, 10 Apr 2008 13:27:58 -0600

On Wed, Apr 09, 2008 at 11:57:20PM -0700, Doug Coburn wrote:

I've been running into a problem on some of the NMAP Scan points. So far
the issue symptoms seem to be as follows:

1.       NMAP does not complete the scan against the targeted system(s).
I.E. the generated XML does not have a line stating that it completed
successfully.


Hi Doug. I'm working on solving this issue. Thanks for the detailed
report.

I am not able to reproduce this problem on Windows XP. Could you run the
following commands and send the log files to me? They are the same as
the command you ran, except that the first disables OS detection, the
second disables XML logging, and the third disables both.

nmap.exe -v -d9 -sV -sS -sU -p T:22,T:23,T:80,T:135,T:139,T:235,T:445,T:2967,T:6000,T:61616,U:52311 --exclude 
172.20.3.32, -PE -PA80 -T 4 -oX nmapdebug-noos.xml 172.20.207.79 > nmapdebug-noos.txt

nmap.exe -v -d9 -sV -sS -sU -p T:22,T:23,T:80,T:135,T:139,T:235,T:445,T:2967,T:6000,T:61616,U:52311 --exclude 
172.20.3.32, -O --osscan-guess -PE -PA80 -T 4 172.20.207.79 > nmapdebug-nox.txt

nmap.exe -v -d9 -sV -sS -sU -p T:22,T:23,T:80,T:135,T:139,T:235,T:445,T:2967,T:6000,T:61616,U:52311 --exclude 
172.20.3.32, -PE -PA80 -T 4 172.20.207.79 > nmapdebug-noos-nox.txt

And finally, please run your original scan using the smaller nmap-os-db
file I have attached. To use it, save it to a directory, then name that
directory with the --datadir option. For example, if you save nmap-os-db
in the current directory, use

nmap.exe -v -d9 -sV -sS -sU -p T:22,T:23,T:80,T:135,T:139,T:235,T:445,T:2967,T:6000,T:61616,U:52311 --exclude 
172.20.3.32, -O --osscan-guess -PE -PA80 -T 4 -oX nmapdebug-altdb.xml --datadir . 172.20.207.79 > nmapdebug-altdb.txt

3.       So far the target scan systems appear to have all been Macs.
Strangely the systems that are getting scanned that seem to cause the
issue do not cause the issue after they are rebooted. This could be
coincidence but so far appears to be the case.


Does the problem return after the problem hosts have been running for a
while or does rebooting fix it once and for all? If the problem is
intermittent, run the commands a few times to see if they consistently
succeed or fail.

David Fifield

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org

Current thread:

NMAP Appears to abort mid-scan Doug Coburn (Apr 09)
- Re: NMAP Appears to abort mid-scan David Fifield (Apr 10)
  - RE: NMAP Appears to abort mid-scan Doug Coburn (Apr 10)