Nmap Development mailing list archives

Re: NMAP crash -- more

From: David Fifield <david () bamsoftware com>
Date: Thu, 13 Sep 2012 13:29:07 -0700

On Thu, Sep 13, 2012 at 05:23:39AM -0400, starlight.2012q3 () binnacle cx wrote:

Actually the -e eth4 -S 172.29.86.4
options may be related to the problem.

At the point where the message

   WARNING: RST from 58.218.199.250 port 1 -- is this port really open?

appears, 'nmap' switches from using the
supplied -S 172.29.86.4 to using the
interface and address associated with the
normal default route 172.29.79.1
(per 'tcpdump').


I think this is unrelated to the problem of exceeding the socket limit.
OS detection seems to ignore -S the same way it ignores -g and other
options. See http://nmap.org/book/man-bypass-firewalls-ids.html.
Ignoring -S is probably a bug. But I think you will see the same during
OS detection against any host, not just this one that is exceeding the
socket limit.

David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

Current thread:

NMAP crash -- more starlight . 2012q3 (Sep 13)
- <Possible follow-ups>
- Re: NMAP crash -- more starlight . 2012q3 (Sep 13)
- NMAP crash -- more starlight . 2012q3 (Sep 13)
  - Re: NMAP crash -- more David Fifield (Sep 13)
    - Re: NMAP crash -- more starlight . 2012q3 (Sep 13)
    - Re: NMAP crash -- more David Fifield (Sep 13)
    - Re: NMAP crash -- more starlight . 2012q3 (Sep 13)
    - Re: NMAP crash -- more Fyodor (Sep 17)
    - Re: NMAP crash -- more David Fifield (Sep 18)
    - Re: NMAP crash -- more David Fifield (Sep 26)
    - Re: NMAP crash -- more starlight . 2012q3 (Sep 26)
    - Re: NMAP crash -- more David Fifield (Sep 26)