Nmap Development mailing list archives
RE: NMAP Appears to abort mid-scan
From: "Doug Coburn" <doug_coburn () bigfix com>
Date: Thu, 10 Apr 2008 14:06:37 -0700
Hey David, Thanks for the quick response. I'll test out your recommendations for the variations when running the NMAP tool. It doesn't look like there is an attachment to the post/e-mail if you could resend/repost the attachment I'll try running nmap with the smaller NMAP DB. Thanks again! Doug -----Original Message----- From: David Fifield [mailto:david () bamsoftware com] Sent: Thursday, April 10, 2008 3:28 PM To: nmap-dev () insecure org Cc: Doug Coburn Subject: Re: NMAP Appears to abort mid-scan On Wed, Apr 09, 2008 at 11:57:20PM -0700, Doug Coburn wrote:
I've been running into a problem on some of the NMAP Scan points. So
far
the issue symptoms seem to be as follows: 1. NMAP does not complete the scan against the targeted
system(s).
I.E. the generated XML does not have a line stating that it completed successfully.
Hi Doug. I'm working on solving this issue. Thanks for the detailed report. I am not able to reproduce this problem on Windows XP. Could you run the following commands and send the log files to me? They are the same as the command you ran, except that the first disables OS detection, the second disables XML logging, and the third disables both. nmap.exe -v -d9 -sV -sS -sU -p T:22,T:23,T:80,T:135,T:139,T:235,T:445,T:2967,T:6000,T:61616,U:52311 --exclude 172.20.3.32, -PE -PA80 -T 4 -oX nmapdebug-noos.xml 172.20.207.79 > nmapdebug-noos.txt nmap.exe -v -d9 -sV -sS -sU -p T:22,T:23,T:80,T:135,T:139,T:235,T:445,T:2967,T:6000,T:61616,U:52311 --exclude 172.20.3.32, -O --osscan-guess -PE -PA80 -T 4 172.20.207.79 > nmapdebug-nox.txt nmap.exe -v -d9 -sV -sS -sU -p T:22,T:23,T:80,T:135,T:139,T:235,T:445,T:2967,T:6000,T:61616,U:52311 --exclude 172.20.3.32, -PE -PA80 -T 4 172.20.207.79 > nmapdebug-noos-nox.txt And finally, please run your original scan using the smaller nmap-os-db file I have attached. To use it, save it to a directory, then name that directory with the --datadir option. For example, if you save nmap-os-db in the current directory, use nmap.exe -v -d9 -sV -sS -sU -p T:22,T:23,T:80,T:135,T:139,T:235,T:445,T:2967,T:6000,T:61616,U:52311 --exclude 172.20.3.32, -O --osscan-guess -PE -PA80 -T 4 -oX nmapdebug-altdb.xml --datadir . 172.20.207.79 > nmapdebug-altdb.txt
3. So far the target scan systems appear to have all been Macs. Strangely the systems that are getting scanned that seem to cause the issue do not cause the issue after they are rebooted. This could be coincidence but so far appears to be the case.
Does the problem return after the problem hosts have been running for a while or does rebooting fix it once and for all? If the problem is intermittent, run the commands a few times to see if they consistently succeed or fail. David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- NMAP Appears to abort mid-scan Doug Coburn (Apr 09)
- Re: NMAP Appears to abort mid-scan David Fifield (Apr 10)
- RE: NMAP Appears to abort mid-scan Doug Coburn (Apr 10)
- Re: NMAP Appears to abort mid-scan David Fifield (Apr 10)