RE: NMAP Appears to abort mid-scan

["Doug Coburn" <doug_coburn () bigfix com>]

Hey David,

Thanks for the quick response. I'll test out your recommendations for
the variations when running the NMAP tool. It doesn't look like there is
an attachment to the post/e-mail if you could resend/repost the
attachment I'll try running nmap with the smaller NMAP DB.

Thanks again!

Doug

-----Original Message-----
From: David Fifield [mailto:david () bamsoftware com] 
Sent: Thursday, April 10, 2008 3:28 PM
To: nmap-dev () insecure org
Cc: Doug Coburn
Subject: Re: NMAP Appears to abort mid-scan

On Wed, Apr 09, 2008 at 11:57:20PM -0700, Doug Coburn wrote:
> I've been running into a problem on some of the NMAP Scan points. So
far
> the issue symptoms seem to be as follows:
>
> 1.       NMAP does not complete the scan against the targeted
system(s).
> I.E. the generated XML does not have a line stating that it completed
> successfully.

Hi Doug. I'm working on solving this issue. Thanks for the detailed
report.

I am not able to reproduce this problem on Windows XP. Could you run the
following commands and send the log files to me? They are the same as
the command you ran, except that the first disables OS detection, the
second disables XML logging, and the third disables both.

nmap.exe -v -d9 -sV -sS -sU -p
T:22,T:23,T:80,T:135,T:139,T:235,T:445,T:2967,T:6000,T:61616,U:52311
--exclude 172.20.3.32, -PE -PA80 -T 4 -oX nmapdebug-noos.xml
172.20.207.79 > nmapdebug-noos.txt

nmap.exe -v -d9 -sV -sS -sU -p
T:22,T:23,T:80,T:135,T:139,T:235,T:445,T:2967,T:6000,T:61616,U:52311
--exclude 172.20.3.32, -O --osscan-guess -PE -PA80 -T 4 172.20.207.79 >
nmapdebug-nox.txt

nmap.exe -v -d9 -sV -sS -sU -p
T:22,T:23,T:80,T:135,T:139,T:235,T:445,T:2967,T:6000,T:61616,U:52311
--exclude 172.20.3.32, -PE -PA80 -T 4 172.20.207.79 >
nmapdebug-noos-nox.txt

And finally, please run your original scan using the smaller nmap-os-db
file I have attached. To use it, save it to a directory, then name that
directory with the --datadir option. For example, if you save nmap-os-db
in the current directory, use

nmap.exe -v -d9 -sV -sS -sU -p
T:22,T:23,T:80,T:135,T:139,T:235,T:445,T:2967,T:6000,T:61616,U:52311
--exclude 172.20.3.32, -O --osscan-guess -PE -PA80 -T 4 -oX
nmapdebug-altdb.xml --datadir . 172.20.207.79 > nmapdebug-altdb.txt

> 3.       So far the target scan systems appear to have all been Macs.
> Strangely the systems that are getting scanned that seem to cause the
> issue do not cause the issue after they are rebooted. This could be
> coincidence but so far appears to be the case.

Does the problem return after the problem hosts have been running for a
while or does rebooting fix it once and for all? If the problem is
intermittent, run the commands a few times to see if they consistently
succeed or fail.

David Fifield

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org