Nmap Development mailing list archives

Re: Nmap bug - nmap -sT and --packet-trace error

From: David Fifield <david () bamsoftware com>
Date: Wed, 13 Jan 2010 12:28:56 -0700

On Tue, Jan 12, 2010 at 01:01:32PM +0200, Ninel Piroi wrote:

Hi,
There is a bug in -sT (TCP connect scan) when is used with option  
--packet-trace.
Nmap display that is trying to send packets from localhost. But the scan  
technique is working fine.
Bug found in Nmap 5.00 - Win32 version.

nmap -n -PN --packet-trace -sT -p3389 10.1.1.5
Starting Nmap 5.00 ( http://nmap.org ) at 2010-01-12 11:36 GTB Standard Time
CONN (0.6090s) TCP localhost > 10.1.1.5:3389 => Unknown error
Interesting ports on 10.1.1.5:
PORT     STATE SERVICE
3389/tcp open  ms-term-serv
Nmap done: 1 IP address (1 host up) scanned in 0.61 seconds


Hello, thanks for writing.

The output is kind of confusing but there is no bug here. The packets
are supposed to come from localhost--where else could they come from?

As for the "Unknown error", that is not really an error. The problem is
that Nmap uses the strerror function to get the error code from the
connect function (which in this case is more like a status code).
strerror doesn't understand Winsock error codes, like this one, 10035 or
WSAEWOULDBLOCK, so it substitutes "Unknown error" instead.

I think that's confusing and it has been reported before so I changed
the code to use socket_strerror from nbase, which understands Winsock
errors. The only thing that kept me from doing it earlier is the length
of the error string Windows returns: WSAEWOULDBLOCK becomes
"A non-blocking socket operation could not be completed immediately.".
That's almost a full line by itself and makes the packet traces hard to
read. So I added a special case to use "Operation now in progress", as
it appears on Unix. In the next release the packet trace will look like
this:

nmap -n -PN --packet-trace -sT -p3389 10.1.1.5
Starting Nmap 5.00 ( http://nmap.org ) at 2010-01-12 11:36 GTB Standard Time
CONN (0.6090s) TCP localhost > 10.1.1.5:3389 => Operation now in progress
Interesting ports on 10.1.1.5:
PORT     STATE SERVICE
3389/tcp open  ms-term-serv
Nmap done: 1 IP address (1 host up) scanned in 0.61 seconds

David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

Current thread:

Nmap bug - nmap -sT and --packet-trace error Ninel Piroi (Jan 13)
- Re: Nmap bug - nmap -sT and --packet-trace error David Fifield (Jan 13)
  - RE: Nmap bug - nmap -sT and --packet-trace error Rob Nicholls (Jan 14)