Re: retransmission level hit

[Royce Williams <royce () techsolvency com>]

On Mon, Nov 24, 2014 at 6:03 AM, Daniel Miller <bonsaiviking () gmail com> wrote:
> On Sun, Nov 23, 2014 at 10:16 AM, Mike . <dmciscobgp () hotmail com> wrote:
> > i looked at the source and docs on nmap and didn't see this answered. when
> > we hit a retransmission level when scanning, i notice it says "giving up on
> > port". in doing a large full socket scan, is there any way we could see what
> > port is actually creating that? i understand exactly what the retransmission
> > level is for and how it is generated. i was simply curious when it says PORT
> > is that a general term as in "ports are dropping, increase", or did it hit
> > an individual port. i think it would be useful for users to know what port
> > signalled the mesg
>
> The "giving up on port" message is gated with logic to prevent it from being
> printed more than once per host. There's technically nothing preventing it
> from mentioning which target port it is referring to, but doing so could
> possibly be confusing, since Nmap may give up on more than one port for the
> same reason, but only one message would be printed.

This could be mitigated by disclaiming the target port, as in:

Warning: xx.xx.xx.xx giving up on port because retransmission cap hit
(2) (last port: 443)

... or, if possible at the time:

Warning: xx.xx.xx.xx giving up on port because retransmission cap hit
(2) (8 ports, last port 443)

... etc.

Royce
_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/