Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

回复: nmap hang due to bind failed

From: "泰森" <24123782 () qq com>
Date: Mon, 19 Jan 2015 15:55:29 +0800
Dan:
     I applied the patch as you 
suggested(https://github.com/nmap/nmap/commit/964006b223eec621df15378b4a1be87c7e0d3baa‍), the problem stay as before. 
There are almost 4 hours until scan beginning, I guess nmap will never quit. 


NSE: Finished 'rpc-grind' worker (thread: 0x939db78) against 10.18.209.151:32781.
NSOCK INFO [93.9330s] nsi_delete(): nsi_delete (IOD #18)
NSE: Finished 'rpc-grind' (thread: 0x8d61b38) against 10.18.209.151:32781.
NSOCK INFO [101.2750s] nsock_trace_handler_callback(): Callback: READ TIMEOUT for EID 370 [10.18.209.151:9]
NSE: rpc-grind: isRPC didn't receive response.
NSE: Target port 9 is not a RPC port.
NSE: Finished 'rpc-grind' (thread: 0x93c2e60) against 10.18.209.151:9.
NSOCK INFO [101.2870s] nsi_delete(): nsi_delete (IOD #1)
NSE Timing: About 96.08% done; ETC: 18:00 (0:00:01 remaining)


NSE Timing: About 96.08% done; ETC: 18:54 (0:02:10 remaining)
NSE Timing: About 96.08% done; ETC: 18:55 (0:02:11 remaining)
Stats: 0:55:11 elapsed; 0 hosts completed (1 up), 1 undergoing Script Scan
NSE: Active NSE Script Threads: 2 (2 waiting)


NSE Timing: About 96.08% done; ETC: 18:55 (0:02:12 remaining)
NSE: Waiting: 'rpc-grind' worker (thread: 0x939b4a0)
        stack traceback:
                [C]: in function 'connect'
                /usr/local/share/nmap/nselib/rpc.lua:183: in function 'Connect'
                /usr/local/share/nmap/scripts/rpc-grind.nse:168: in function 
</usr/local/share/nmap/scripts/rpc-grind.nse:158>
NSE: Waiting: 'rpc-grind' (thread: 0x9470600)
        stack traceback:
                [C]: in function 'condvar'
                /usr/local/share/nmap/scripts/rpc-grind.nse:250: in function 
</usr/local/share/nmap/scripts/rpc-grind.nse:223>
                (...tail calls...)
NSE Timing: About 96.08% done; ETC: 18:56 (0:02:13 remaining)
Stats: 0:55:42 elapsed; 0 hosts completed (1 up), 1 undergoing Script Scan
NSE: Active NSE Script Threads: 2 (2 waiting)


NSE Timing: About 96.08% done; ETC: 18:56 (0:02:14 remaining)
NSE: Waiting: 'rpc-grind' worker (thread: 0x939b4a0)
        stack traceback:
                [C]: in function 'connect'
                /usr/local/share/nmap/nselib/rpc.lua:183: in function 'Connect'
                /usr/local/share/nmap/scripts/rpc-grind.nse:168: in function 
</usr/local/share/nmap/scripts/rpc-grind.nse:158>
NSE: Waiting: 'rpc-grind' (thread: 0x9470600)
        stack traceback:
                [C]: in function 'condvar'
                /usr/local/share/nmap/scripts/rpc-grind.nse:250: in function 
</usr/local/share/nmap/scripts/rpc-grind.nse:223>
                (...tail calls...)
NSE Timing: About 96.08% done; ETC: 18:56 (0:02:15 remaining)


use lsof nmap pid, there are 2 "can't identify protocol" related to nmap.
nmap    18023 root    6u  sock     0,5         200891272 can't identify protocol
nmap    18023 root   14u  sock     0,5         200906744 can't identify protocol  ‍

‍






On Thu, Jan 15, 2015 at 8:54 PM, 泰森 <24123782 () qq com> wrote:

Hi, Dan:
     I removed tty_init in nmap.cc a few days ago (because when nmap hang, strace output something about tty, someone 
in mailing list said tty_init can be removed if possible), today I add tty_init() back in nmap.cc, console can output 
the backtraces.
    
NSE Timing: About 96.08% done; ETC: 16:34 (0:00:13 remaining)
NSE: Waiting: 'rpc-grind' (thread: 0x8d42928)
        stack traceback:
                [C]: in function 'condvar'
                /usr/local/share/nmap/scripts/rpc-grind.nse:250: in function 
</usr/local/share/nmap/scripts/rpc-grind.nse:223>
                (...tail calls...)
NSE: Waiting: 'rpc-grind' worker (thread: 0x9411858)
        stack traceback:
                [C]: in function 'connect'
                /usr/local/share/nmap/nselib/rpc.lua:173: in function 'Connect'
                /usr/local/share/nmap/scripts/rpc-grind.nse:168: in function 
</usr/local/share/nmap/scripts/rpc-grind.nse:158>
Stats: 0:06:22 elapsed; 0 hosts completed (1 up), 1 undergoing Script Scan
NSE: Active NSE Script Threads: 2 (2 waiting)


NSE Timing: About 96.08% done; ETC: 16:34 (0:00:13 remaining)
NSE: Waiting: 'rpc-grind' (thread: 0x8d42928)
        stack traceback:
                [C]: in function 'condvar'
                /usr/local/share/nmap/scripts/rpc-grind.nse:250: in function 
</usr/local/share/nmap/scripts/rpc-grind.nse:223>
                (...tail calls...)
NSE: Waiting: 'rpc-grind' worker (thread: 0x9411858)
        stack traceback:
                [C]: in function 'connect'
                /usr/local/share/nmap/nselib/rpc.lua:173: in function 'Connect'
                /usr/local/share/nmap/scripts/rpc-grind.nse:168: in function 
</usr/local/share/nmap/scripts/rpc-grind.nse:158>
Stats: 0:06:22 elapsed; 0 hosts completed (1 up), 1 undergoing Script Scan
NSE: Active NSE Script Threads: 2 (2 waiting)


NSE Timing: About 96.08% done; ETC: 16:34 (0:00:13 remaining)

‍

Ricky





As I suspected, rpc-grind is going slowly against a service that is not responsive. We changed the default timeout for 
RPC connections (which affects this script) in r33622 from 30 seconds to a timeout based on the host's round-trip time. 
If you apply the same changes (which you can see on Github here: 
https://github.com/nmap/nmap/commit/964006b223eec621df15378b4a1be87c7e0d3baa) you should see a substantial speedup.


There is one unnecessary debug line in that diff that will probably cause you problems; simply delete the line that 
contains stdnse.debug1, as it is unnecessary (and was removed in a later commit).


Dan
_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: