Re: NCat tunnel tuncating data?

[David Fifield <david () bamsoftware com>]

On Thu, Sep 30, 2010 at 09:25:25AM +0100, Peter Holroyde wrote:
> On Thu, Sep 30, 2010 at 5:18 AM, David Fifield <david () bamsoftware com>wrote:
>
> > On Mon, Sep 27, 2010 at 05:16:48PM +0100, Peter Holroyde wrote:
> > > On Mon, Sep 27, 2010 at 4:34 PM, David Fifield <david () bamsoftware com
> > > wrote:
> > > > On Mon, Sep 27, 2010 at 09:55:02AM +0100, Peter Holroyde wrote:
> > > > > Hi guys, i'm hoping someone can shed some light on this for me...
> > > > >
> > > > > I'm using ncat to tunnel a port through to a webservice on a machine
> > > > using
> > > > > the command:
> > > > >
> > > > > ncat -l 1444 -c "ncat xxx.xxx.xxx.xxx 1444 -o log.txt"
> > > > >
> > > > > this works great until i try to post a large request down the tunnel,
> > at
> > > > > which point the log file suddenly stops after 512 characters (and the
> > > > > request never completes)
> > > > >
> > > > > is this a limit in ncat does anybody know? or just a limit to the
> > amount
> > > > of
> > > > > data logged?
> > > > >
> > > > > the responses are certainly bigger than 512 and come through with no
> > > > > problems
> > > >
> > > > Does it happen only when logging with -o, or always?
> > >
> > > It happens with or without -o
> >
> > Would you try again with version 5.35DC1? I have a feeling this is fixed
> > already. In the newer version you will have to add the -k option to make
> > Ncat keep listening.
>
> same results on 5.35DC1 :-s

Okay. I can't reproduce this. I set up the attached CGI program with
thttpd and ran the commands

sudo ./thttpd -D -c '*.py'
ncat -k -l 1444 -v --sh-exec "ncat localhost 80"
perl -e 'print "POST /cgitest.py HTTP/1.0\r\nContent-Length: 1002\r\n\r\nx=" . ('X' x 1000)' | ncat localhost 1444 -v

The output is

Ncat: Version 5.35DC18 ( http://nmap.org/ncat )
Ncat: Connected to 127.0.0.1:1444.
HTTP/1.0 200 OK
Content-type: text/plain

x: 
'XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
 XXXXXXXXXXXXXX'
Ncat: 1053 bytes sent, 1051 bytes received in 0.03 seconds.

Does my test procedure match yours? Do you get the same results when you
try cgitest.py?

This might be an issue with the HTTP server closing its connection, but
Ncat not closing its own. I wouldn't trust the log file to report
everything sent or received because of possible buffering. See if you
can get a Wireshark capture of what is going on.

David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/