Nmap Development mailing list archives

Re: [nmap-svn] r11551 - ncat (SO_DEBUG)

From: David Fifield <david () bamsoftware com>
Date: Fri, 2 Jan 2009 12:40:12 -0700

On Mon, Dec 29, 2008 at 10:00:08PM -0600, Kris Katterjohn wrote:

On 12/29/2008 09:20 PM, Fyodor wrote:

On Mon, Dec 29, 2008 at 05:24:30PM -0800, commit-mailer () insecure org wrote:

Author: kris
Date: Mon Dec 29 17:24:30 2008
Log:
Adding -D to enable socket debugging (SO_DEBUG)


Hi Kris.  Can you describe how this works and what you're using it
for?


When socket debugging is enabled using this socket option, detailed data is
available through trpt (or sometimes dmesg) about packets sent and received
(however Linux doesn't seem to make any real use of this).

Honestly I'm not using it for anything at the moment, but it's offered in
various other programs such as ping, socat and other nc incarnations.  So on
top of it having some importance to people since it's being offered in many
similar programs, there's my deep, personal, often problematic desire to
analyze things as much as possible :)


I was having bizarre problems that I tracked down to this change.
Reverse DNS resolution and NSE gave me a bunch of Nsock errors. Here's
from a -sL scan of scanme.nmap.org:

Starting Nmap 4.76 ( http://nmap.org ) at 2009-01-02 12:36 MST
NSOCK (0.3140s) msevent_new (IOD #0) (EID #8)
NSOCK (0.3140s) UDP connection requested to 192.168.0.1:53 (IOD #1) EID 8
NSOCK (0.3140s) msevent_new (IOD #0) (EID #18)
NSOCK (0.3140s) Read request from IOD #0 [192.168.0.1:53] (timeout: -1ms) EID 18
NSOCK (0.3140s) msevent_new (IOD #0) (EID #27)
NSOCK (0.3140s) Write request for 43 bytes to IOD #0 EID 27 [192.168.0.1:53]: 
.............52.134.13.64.in-addr.arpa.....
NSOCK (0.3150s) nsock_loop() started (timeout=500ms). 3 events pending
NSOCK (0.3150s) wait_for_events
NSOCK (0.3150s) Callback: CONNECT SUCCESS for EID 8 [192.168.0.1:53]
NSOCK (0.3150s) msevent_delete (IOD #0) (EID #8)
NSOCK (0.3150s) Callback: WRITE ERROR [Input/output error (5)] for EID 27 [192.168.0.1:53]
NSOCK (0.3150s) msevent_delete (IOD #0) (EID #27)

The problem went away after I ran "make clean". Try that if the same
thing is happening to you. I don't know what caused in in the first
place, maybe the change in the size of the msiod struct wasn't noticed
by files that depended on it.

David Fifield

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org

Current thread:

Re: [nmap-svn] r11551 - ncat (SO_DEBUG) David Fifield (Jan 02)
- Re: [nmap-svn] r11551 - ncat (SO_DEBUG) Kris Katterjohn (Jan 02)
- <Possible follow-ups>
- Re: [nmap-svn] r11551 - ncat (SO_DEBUG) Fyodor (Jan 04)
  - Re: [nmap-svn] r11551 - ncat (SO_DEBUG) Kris Katterjohn (Jan 06)
    - Re: [nmap-svn] r11551 - ncat (SO_DEBUG) Fyodor (Jan 06)