mailing list archives
Nmap 3.20 Released!
From: Fyodor <fyodor () insecure org>
Date: Tue, 18 Mar 2003 20:00:25 -0800
-----BEGIN PGP SIGNED MESSAGE-----
I am pleased to announce the Nmap version 3.20 is now available! This
is the first "stable" release since 3.00 came out last July. And if
it doesn't turn out to be stable, you should have replied to my bug
report requests during the 3.15BETA* releases ;). This version has
hundreds of improvements over 3.00, including:
o IPv6 is now supported for TCP scan (-sT), connect()-style ping
scan (-sP), and list scan (-sL)! Just specify the -6 option and the
IPv6 numbers or DNS names.
o Substantial changes to the SYN/connect()/Window scanning algorithms
for improved speeds, especially against heavily filtered hosts.
o Integrated the largest OS fingerprint DB updates ever! Thanks to
everyone who contributed signatures! New or substantially modified
fingerprints included the latest Windows 2K/XP changes, Cisco IOS
12.2-based routers and PIX 6.3 firewalls, FreeBSD 5.0, AIX 5.1,
OpenBSD 3.2, Tru64 5.1A, IBM OS/400 V5R1M0, dozens of wireless APs,
VOIP devices, firewalls, printers, print servers, cable modems,
webcams, etc. We've even got some mod-chipped Xbox fingerprints
o Ping scan can now handle multiple TCP probe ports (see example below)
o "Ping types" are no longer exclusive -- you can now do combinations
such as "-PS22,53,80 -PT113 -PN -PE" in order to increase your odds
of passing through strict filters.
o Made numerous improvements to the timing behavior of "-T Aggressive"
(same as -T4) scans. It is now recommended for regular use by
impatient people with a fast connection. "-T Insane" mode has also
been updated, but we only recommend that for, well, insane people.
o Major code restructuring, which included conversion to C++
o Nmap now supports "port 0 scans"
o Added --ttl option, which sets the outgoing IPv4 TTL field in
packets sent via all raw scan types (including ping scans and OS
o New --datadir command line option which allows you to
specify the highest priority directory for Nmap data files
nmap-services, nmap-os-fingerprints, and nmap-rpc.
o Added timestamps to "Starting nmap" line and each host port scan in
verbose (-v) mode. These are in ISO 8601 standard format because
unlike President Bush, we actually care about International
o Changed Nmap such that ALL syn scan packets are sent from the port
you specify with -g. Retransmissions used to utilize successively
o Reworked the "ping scan" algorithm (used for any scan except -P0 or
-sL) to be more robust in the face of low-bandwidth and congested
connections. This also improves reliability in the multi-port and
multi-type ping cases described below.
o Upgraded libpcap from version 0.6.2 to 0.7.1
o New man page translations: German, French, Latvian
o Added --min_parallelism option, which makes scans more aggressive
and MUCH faster in certain situations -- especially against
firewalled hosts. It is basically the opposite of --max_parallelism
(-M). But before tweaking these new low level directives, try the
greatly improved -T4 option.
o Added --packet_trace option, which tells Nmap to display all of the
packets it sends and receives in a format similar to tcpdump. I
mostly added this for debugging purposes, but ppl wishing to learn
how Nmap works or for experts wanting to ensure Nmap is doing
exactly what they expect. If you want this feature supported under
Windows, please send me a patch :).
o To emphasize the highly professional nature of Nmap, I changed all
instances of "f**ked up" in error message text into "b0rked".
o Made Idlescan timing more conservative when -P0 is specified to
improve accuracy and fixed various Idlescan bugs.
o Nmap now comes by default in .tar.bz2 format, which compresses about
20% further. You can still find .tgz in the dist directory at
[ And here are just the changes from Nmap 3.15BETA3 to 3.20 ]
o The random IP input option (-iR) now takes an argument specifying
how many IPs you want to scan (e.g. -iR 1000). Specify 0 for the
old never ending scan behavior.
o Fixed a tricky memory leak discovered by Mugz (mugz () x-mafia com).
o Fixed output truncation problem noted by Lionel CONS
(lionel.cons () cern ch)
o Fixed a bug that would cause certain incoming ICMP error messages to
be improperly ignored.
For a much more comprehensive list of changes, see the CHANGELOG at
For those of you running Linux/x86 w/a recent version of rpm
(www.rpm.org), you can install/upgrade to the newest version of
nmap/nmapfe by executing these commands as root:
rpm -vhU (nmap url)
where (nmap url) is one (or both) of these:
For the rest of you, source tarballs and source RPMs are always
available at: http://www.insecure.org/nmap/nmap_download.html
For the more paranoid (smart) members of the list, here are the md5
These release notes should be signed with my PGP key, which is
available at http://www.insecure.org/fyodor_gpgkey.txt .
The key fingerprint is: 97 2F 93 AB 9C B0 09 80 D9 51 40 6B B9 BC E1 7E
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (GNU/Linux)
Comment: For info see http://www.gnupg.org
-----END PGP SIGNATURE-----
For help using this (nmap-hackers) mailing list, send a blank email to
nmap-hackers-help () insecure org . List run by ezmlm-idx (www.ezmlm.org).
- Nmap 3.20 Released! Fyodor (Mar 19)