Nmap Development mailing list archives
Re: Nmap bug - nmap -sT and --packet-trace error
From: David Fifield <david () bamsoftware com>
Date: Wed, 13 Jan 2010 12:28:56 -0700
On Tue, Jan 12, 2010 at 01:01:32PM +0200, Ninel Piroi wrote:
Hi, There is a bug in -sT (TCP connect scan) when is used with option --packet-trace. Nmap display that is trying to send packets from localhost. But the scan technique is working fine. Bug found in Nmap 5.00 - Win32 version. nmap -n -PN --packet-trace -sT -p3389 10.1.1.5 Starting Nmap 5.00 ( http://nmap.org ) at 2010-01-12 11:36 GTB Standard Time CONN (0.6090s) TCP localhost > 10.1.1.5:3389 => Unknown error Interesting ports on 10.1.1.5: PORT STATE SERVICE 3389/tcp open ms-term-serv Nmap done: 1 IP address (1 host up) scanned in 0.61 seconds
Hello, thanks for writing. The output is kind of confusing but there is no bug here. The packets are supposed to come from localhost--where else could they come from? As for the "Unknown error", that is not really an error. The problem is that Nmap uses the strerror function to get the error code from the connect function (which in this case is more like a status code). strerror doesn't understand Winsock error codes, like this one, 10035 or WSAEWOULDBLOCK, so it substitutes "Unknown error" instead. I think that's confusing and it has been reported before so I changed the code to use socket_strerror from nbase, which understands Winsock errors. The only thing that kept me from doing it earlier is the length of the error string Windows returns: WSAEWOULDBLOCK becomes "A non-blocking socket operation could not be completed immediately.". That's almost a full line by itself and makes the packet traces hard to read. So I added a special case to use "Operation now in progress", as it appears on Unix. In the next release the packet trace will look like this: nmap -n -PN --packet-trace -sT -p3389 10.1.1.5 Starting Nmap 5.00 ( http://nmap.org ) at 2010-01-12 11:36 GTB Standard Time CONN (0.6090s) TCP localhost > 10.1.1.5:3389 => Operation now in progress Interesting ports on 10.1.1.5: PORT STATE SERVICE 3389/tcp open ms-term-serv Nmap done: 1 IP address (1 host up) scanned in 0.61 seconds David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Nmap bug - nmap -sT and --packet-trace error Ninel Piroi (Jan 13)
- Re: Nmap bug - nmap -sT and --packet-trace error David Fifield (Jan 13)
- RE: Nmap bug - nmap -sT and --packet-trace error Rob Nicholls (Jan 14)
- Re: Nmap bug - nmap -sT and --packet-trace error David Fifield (Jan 13)