Nmap Development mailing list archives
Re: Ncat: Update and Feature Request
From: eldraco <eldraco () gmail com>
Date: Tue, 22 Jul 2008 03:03:12 -0300
Nice work!, I love ncat beeing alive again. Thank you! Feedback: 0- Debian 4.0 unstable with libssl-dev preinstalled. Ncat svn revision 9002 1- ncat compiled like a charm, the only warning printed was : config.status: WARNING: Makefile.in seems to ignore the --datarootdir setting 2- ncat binary and man page installed correctly 3- Executing "ncat localhost" (no port specified) prints: "Unable to connect to remote host" But debian's nc prints out a more detailed error text: "nc localhost" "no port[s] to connect to" 4- Connecting to localhost with "ncat localhost 22" prints out the following as the first line: "Connected to 127.0.0.1:22", wich is a bit odd to me, because I'm used to see just what the other side of the channel sends unless I specify the -v or something. I would like ncat to be 'quiet' by default, what do you think? What if the other side of the channel sends "Connected to 127.0.0.1:23" as a kind-of deceptive measure? 5- Maybe this is a bug: Connecting to an ssh server, the ssh server closes the connection sending a FIN packet (because I didn't speak the ssh protocol right) but ncat doesn't respond with a FIN-ACK packet, it seems to believe the connection is still up, and keep sending packets. After the four "string" sent to the ssh server, ncat dies because is "Unable to connect to remote host". I'm attaching the nc -vvv output [ncat-internet-ssh-FIN-bug-1.txt] and a tcpdump capture [ncat.internet.ssh.FIN-bug-1.pcap] 6- 'ncat -l 9000 > /tmp/test' and 'ncat localhost 9000 < /bin/ls' works fine, but, 'ncat -l 9000 < /bin/ls' doesn't work at all. It prints: ncat -l 9000 < /bin/ls write: Broken pipe Ncat man page state this shoud work: Send a file over TCP port ‘9899’ to host ‘example.org’. (this also works in reverse and turns Ncat into a "one file" server!) HOST1$ ncat -l 9899 > outputfile HOST2$ ncat example.org 9899 < inputfile 7- Ncat is in the PATH but trying ncat --exec "ncat www.google.com.ar 80" -l 9000 and later "ncat localhost 9000" doesn't work for me, it ends with "execv: No such file or directory". I'm attaching the -vvv output [ncat-exec-bug-1.txt]. But if I give the full path it works fine!, like this: ncat --exec "/usr/local/bin/ncat www.google.com.ar 80" -l 9000 Note that ncat --exec "/bin/bash" -l 9000 and the like, does work fine too. 8- New feature request: --allow and --deny works fine but I'm still able to state that port as 'open' because ncat does respond to me. Is there a way to make ncat show it's open port as 'closed' when the Ip is denied? This would really be useful to hide our ncat from people scanning our servers (perhaps using nmap?!) 9- Trying "ncat --socks4-server -l 5001" didn't work for me neither. Firefox gets a page, but that page has four null bytes at the beginning. I'm attaching the tcpdump capture file [ncat-socks-1.pcap], and the file firefox makes me 'save' because it didn't know the protocol [firefox-save.bin]. All the ncat server says is: ncat --socks4-server -l 5001 -vvv Listening on 0.0.0.0:5001 DEBUG: SOCKS4 request from 209.68.27.16: DEBUG: VN: 4 DEBUG: CD: 1 DEBUG: Port: 80 DEBUG: Addr: 209.68.27.16 DEBUG: Null: 0 10- ncat: invalid option -- r 11- ncat: unrecognized option `--send-only' 12- Performance and cpu compare: Being /tmp/b a 10Mb file created from /dev/zero with dd With nc: nc -l -p 9000 > /tmp/a nc localhost 9000 < /tmp/b Time: pair of seconds. No notable cpu usage With ncat: ncat -l 9000 > /tmp/a ncat localhost 9000 < /tmp/b Time: Almost 35 seconds. 100% cpu usage all that time. Also ncat send 1024 packets, and nc send 139. I'm attaching both pcaps [tcpdump-nc-file-transfer.pcap and tcpdump-ncat-file-transfer.pcap] 13- I'm not sure to report this, but during 12- test, I was able to capture every packet with tcpdump from the 'nc' test as soon as the travel across the wire, but with 'ncat' the same tcpdump shows me packets 31 seconds after the connection started. You can see the time problem in the packets into the pcap file attached. Is anyone having the same troubel here? I used: 'tcpdump -n -s0 -i lo', with tcpdump version 3.9.8 and libpcap version 0.9.8 14- ncat --broker --talk -l 9000 works fine except that users start to count from <user4>. Is this ok? It can make you believe that 3 previous users were connected. And i'm sure i'm alone here. well, thats all for now... cheers and thanks! eldraco El Monday 21 July 2008 16:33:54 Kris Katterjohn escribió:
Hey everyone, I've taken over Ncat for this latter half of the summer. Ncat is a new and improved Netcat which will start off life being shipped along with Nmap, but may be packaged separately in the future. All the changes below are based off of Chris Gibson's great original Ncat work from GSoC 2005 and thereafter. His Ncat site is here[1], but the current location in SVN is here[2]. I've attached the output of 'ncat -h' so you can see all of the current options available. Mixter has done the following: * Committed Ncat in our SVN from original SF.net CVS * Build improvements (don't require automake, add -lpcap, etc) * Fixed SSL (--ssl) and IPv6 (-6) connect problems * Worked on VC++2008 port * Implemented -n/--no-dns * Some cleaning up I have done the following so far: * Implemented IPv6 listening (-6 -l) * Implemented SSL listening (--ssl -l) * Redesigned -l to behave like OpenBSD netcat rather than traditional netcat or previous Ncat. Now instead of specifying the port number with -l and the source address with -s, you just specify them like you do the host/port to connect to. Specifying the local address is still optional * Added -g/-G for IPv4 loose source routing (based on Nsock changes) * Made -s actually work for binding to a local address when doing a connect (based on Nsock changes) * Added -p for specifying the local port to bind to (based on Nsock changes) * Added -w for specifying a connect timeout, while keeping -t for "idle timeout". This differs from traditional netcat, but I like the distinction * Added IPv6 support to --broker * Added host access control to UDP listener and --broker * Options taking a time argument now allow time specifications like Nmap does (e.g. append "s" for seconds). * Completed VC++2008 port * Added -c, which is like -e but executes via /bin/sh * Created preliminary ncat.xml docbook man page from original ncat.1 * Lots of cleaning up and other minor improvements As you can see, we already have many features other Netcats are lacking! Unlike Nmap changes, which usually has discussions or a patch, this is the first time these changes are being mentioned here on nmap-dev. So for a full list of changes, and more information on some of the bigger ones, you can check out the SVN logs. I try to make good explanations in my commit logs, but sometimes I can't help being lazy :) There exist options for connecting through SOCKS4 and HTTP proxies, though I haven't been able to test these yet. Mixter tested the SOCKS proxy and confirmed it's working. There is also an option for creating and listening as a SOCKS4 server, but comments in the code say it's broken. For my SSL listening changes, I've added the options --ssl-cert and --ssl-key for specifying the certificate and private key to use. These are certainly subject to change with any ideas on improvements. So, while keeping in mind wanting to have an easy-to-maintain and non-bloated Ncat, what other features would you like to see? Do you see any improvements that could/should be made on existing features? Thanks!, Kris Katterjohn [1] http://nmap-ncat.sourceforge.net/ [2] svn://svn.insecure.org/ncat
-- Ing. Sebastián García http://minsky.surfnet.nl:11371/pks/lookup?op=get&search=0x3E42ED27F864EDE6
Attachment:
ncat-internet-ssh-FIN-bug-1.txt
Description:
Attachment:
ncat.internet.ssh.FIN-bug-1.pcap
Description:
Attachment:
ncat-exec-bug-1.txt
Description:
Attachment:
tcpdump-nc-file-transfer.pcap
Description:
Attachment:
tcpdump-ncat-file-transfer.pcap
Description:
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Re: Ncat: Update and Feature Request, (continued)
- Re: Ncat: Update and Feature Request eldraco (Jul 29)
- RE: Ncat: Update and Feature Request Aaron Leininger (Jul 29)
- Re: Ncat: Update and Feature Request Dirk Loss (Jul 29)
- Message not available
- RE: Ncat: Update and Feature Request Aaron Leininger (Jul 29)
- Re: Ncat: Update and Feature Request Kris Katterjohn (Jul 21)
- Re: Ncat: Update and Feature Request Dirk Loss (Jul 22)
- Re: Ncat: Update and Feature Request Kris Katterjohn (Jul 26)
- Re: Ncat: Update and Feature Request Dirk Loss (Jul 27)
- Re: Ncat: Update and Feature Request eldraco (Jul 27)
- Re: Ncat: Update and Feature Request Kris Katterjohn (Jul 22)