Nmap Development mailing list archives
RE: Possible error message bug in nmap-4.11 on Gentoo
From: "Thomas Buchanan" <TBuchanan () thecompassgrp net>
Date: Thu, 12 Oct 2006 14:56:46 -0500
Sorry folks, looks like the patch didn't make it through to mailing list. Attached as txt file this time.
-----Original Message----- From: nmap-dev-bounces () insecure org [mailto:nmap-dev-bounces () insecure org] On Behalf Of Thomas Buchanan Sent: Thursday, October 12, 2006 2:54 PM To: Andreas Ericsson; Diman Todorov Cc: nmap-dev () insecure org Subject: RE: Possible error message bug in nmap-4.11 on Gentoo-----Original Message----- From: nmap-dev-bounces () insecure org [mailto:nmap-dev-bounces () insecure org] On Behalf Of Andreas Ericsson Sent: Thursday, October 12, 2006 8:29 AM To: Diman Todorov Cc: nmap-dev () insecure org Subject: Re: Possible error message bug in nmap-4.11 on Gentoo Diman Todorov wrote:Well, you *are* telling nmap to do a ping-scan (-sP) whichdoesn't useports, but then you specify ports as well.This is not correct. from the nmap man page: <snip> The -sP option sends an ICMP echo requestand a TCPpacket to port 80 by default. When executed by anunprivilegeduser, a SYN packet is sent (using a connect() call) toport 80 on the</snip> IMHO -sP should respect -pTouché. I should rtfm more carefully or, as in this case, at all :-) I'm still not sure it makes sense though, unless you use the scan option to control output (i.e. make hosts responding to any of thetcp-portsgiven in the range show as "up", but nothing else). Ohwell. I'm sureit'll all turn out for the best. -- Andreas Ericsson andreas.ericsson () op5 se OP5 AB www.op5.se Tel: +46 8-230225 Fax: +46 8-230231I think if you want to scan specific ports using ping style probes, you should use -PS [portlist]. From the man page: <snip> -PS [portlist] (TCP SYN Ping) This option sends an empty TCP packet with the SYN flag set. The default destination port is 80 (configurable at compile time by changing DEFAULT_TCP_PROBE_PORT in nmap.h), but an alternate port can be specified as a parameter. A comma separated list of ports can even be specified (e.g. -PS22,23,25,80,113,1050,35000), in which case probes will be attempted against each port in parallel. </snip> In the source code for nmap.cc, it states that -F and -p[portlist] are NOT allowed with -sP (or -sL for that matter) nmap.cc: <snip> 1166 if ((o.pingscan || o.listscan) && ports) { 1167 fatal("You cannot use -F (fast scan) or -p (explicit port selection) with PING scan or LIST scan"); 1168 } </snip However, this check was being performed after a list of ports was generated by the following call: 1151 ports = getpts(portlist); The function getpts(portlist) is what actually prints the error message that was originally posted. The attached proposed patch just moves the check for -F and -p up above the call to getpts(). This actually saves us the trouble of generating the portslist (which we end up not using). The patched nmap produces the following output: sudo ./nmap -sP -p1-1024 -v -v -v 192.168.... Starting Nmap 4.20ALPHA8 ( http://Insecure.Org ) at 2006-10-12 14:31 CDT You cannot use -F (fast scan) or -p (explicit port selection) with PING scan or LIST scan QUITTING! Patch (against nmap-4.20ALPHA8) works for me on Linux (have not tested under Windows). Patch also cleanly applies to nmap-4.11 Thomas
Attachment:
ping-portlist.patch.txt
Description: ping-portlist.patch.txt
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Re: Possible error message bug in nmap-4.11 on Gentoo, (continued)
- Re: Possible error message bug in nmap-4.11 on Gentoo AgentSmith15 (Oct 12)
- Re: Possible error message bug in nmap-4.11 on Gentoo Daniel Rozsnyó (Oct 12)
- Re: Possible error message bug in nmap-4.11 on Gentoo Andreas Ericsson (Oct 12)
- Re: Possible error message bug in nmap-4.11 on Gentoo Diman Todorov (Oct 12)
- Re: Possible error message bug in nmap-4.11 on Gentoo Andreas Ericsson (Oct 12)
- Re: Possible error message bug in nmap-4.11 on Gentoo Professor Messer (Oct 12)
- Re: Possible error message bug in nmap-4.11 on Gentoo AgentSmith15 (Oct 12)
- RE: Possible error message bug in nmap-4.11 on Gentoo Ulises Cuñé (Oct 12)
- Re: Possible error message bug in nmap-4.11 on Gentoo Fyodor (Oct 12)