Home page logo

Nmap Announce mailing list archives

Nmap 3.20 Released!
From: Fyodor <fyodor () insecure org>
Date: Tue, 18 Mar 2003 20:00:25 -0800


Hello everyone,

I am pleased to announce the Nmap version 3.20 is now available!  This
is the first "stable" release since 3.00 came out last July.  And if
it doesn't turn out to be stable, you should have replied to my bug
report requests during the 3.15BETA* releases ;).  This version has
hundreds of improvements over 3.00, including:

o IPv6 is now supported for TCP scan (-sT), connect()-style ping
  scan (-sP), and list scan (-sL)!  Just specify the -6 option and the
  IPv6 numbers or DNS names.

o Substantial changes to the SYN/connect()/Window scanning algorithms
  for improved speeds, especially against heavily filtered hosts.

o Integrated the largest OS fingerprint DB updates ever! Thanks to
  everyone who contributed signatures!  New or substantially modified
  fingerprints included the latest Windows 2K/XP changes, Cisco IOS
  12.2-based routers and PIX 6.3 firewalls, FreeBSD 5.0, AIX 5.1,
  OpenBSD 3.2, Tru64 5.1A, IBM OS/400 V5R1M0, dozens of wireless APs,
  VOIP devices, firewalls, printers, print servers, cable modems,
  webcams, etc.  We've even got some mod-chipped Xbox fingerprints

o Ping scan can now handle multiple TCP probe ports (see example below)

o "Ping types" are no longer exclusive -- you can now do combinations
  such as "-PS22,53,80 -PT113 -PN -PE" in order to increase your odds
  of passing through strict filters.

o Made numerous improvements to the timing behavior of "-T Aggressive"
  (same as -T4) scans.  It is now recommended for regular use by
  impatient people with a fast connection.  "-T Insane" mode has also
  been updated, but we only recommend that for, well, insane people.

o Major code restructuring, which included conversion to C++

o Nmap now supports "port 0 scans"

o Added --ttl option, which sets the outgoing IPv4 TTL field in
  packets sent via all raw scan types (including ping scans and OS

o New --datadir command line option which allows you to
  specify the highest priority directory for Nmap data files
  nmap-services, nmap-os-fingerprints, and nmap-rpc.

o Added timestamps to "Starting nmap" line and each host port scan in
  verbose (-v) mode.  These are in ISO 8601 standard format because
  unlike President Bush, we actually care about International 
  consensus :).

o Changed Nmap such that ALL syn scan packets are sent from the port
  you specify with -g.  Retransmissions used to utilize successively
  higher ports.

o Reworked the "ping scan" algorithm (used for any scan except -P0 or
  -sL) to be more robust in the face of low-bandwidth and congested
  connections.  This also improves reliability in the multi-port and
  multi-type ping cases described below.

o Upgraded libpcap from version 0.6.2 to 0.7.1

o New man page translations: German, French, Latvian

o Added --min_parallelism option, which makes scans more aggressive
  and MUCH faster in certain situations -- especially against
  firewalled hosts.  It is basically the opposite of --max_parallelism
  (-M).  But before tweaking these new low level directives, try the
  greatly improved -T4 option.

o Added --packet_trace option, which tells Nmap to display all of the
  packets it sends and receives in a format similar to tcpdump.  I
  mostly added this for debugging purposes, but ppl wishing to learn
  how Nmap works or for experts wanting to ensure Nmap is doing
  exactly what they expect.  If you want this feature supported under
  Windows, please send me a patch :).

o To emphasize the highly professional nature of Nmap, I changed all
  instances of "f**ked up" in error message text into "b0rked".

o Made Idlescan timing more conservative when -P0 is specified to
  improve accuracy and fixed various Idlescan bugs.

o Nmap now comes by default in .tar.bz2 format, which compresses about
  20% further.  You can still find .tgz in the dist directory at

[ And here are just the changes from Nmap 3.15BETA3 to 3.20 ]

o The random IP input option (-iR) now takes an argument specifying
  how many IPs you want to scan (e.g. -iR 1000).  Specify 0 for the
  old never ending scan behavior.

o Fixed a tricky memory leak discovered by Mugz (mugz () x-mafia com).

o Fixed output truncation problem noted by Lionel CONS
  (lionel.cons () cern ch)

o Fixed a bug that would cause certain incoming ICMP error messages to
  be improperly ignored.

For a much more comprehensive list of changes, see the CHANGELOG at
http://www.insecure.org/nmap/data/CHANGELOG .

For those of you running Linux/x86 w/a recent version of rpm
(www.rpm.org), you can install/upgrade to the newest version of
nmap/nmapfe by executing these commands as root:

rpm -vhU (nmap url)
where (nmap url) is one (or both) of these:


For the rest of you, source tarballs and source RPMs are always
available at: http://www.insecure.org/nmap/nmap_download.html

For the more paranoid (smart) members of the list, here are the md5

d59f11964eda7968a13fb60b86ea40e5  nmap-3.20-1.i386.rpm
0f1614d311a4baf6a526ac1b97f40e3f  nmap-3.20-1.src.rpm
00f42f5477cc2499f5f68479702dd224  nmap-3.20.tar.bz2
3495fc4cefbd8bcbdb9bb869bb06dc64  nmap-3.20.tgz
de5623337dc1a8cbbb529c2675c3d115  nmap-3.20-win32.zip
7ba072dd485d3c281ec6b7c761f401d4  nmap-frontend-3.20-1.i386.rpm

These release notes should be signed with my PGP key, which is
available at http://www.insecure.org/fyodor_gpgkey.txt .
The key fingerprint is: 97 2F 93 AB 9C B0 09 80 D9 51 40 6B B9 BC E1 7E


Version: GnuPG v1.0.4 (GNU/Linux)
Comment: For info see http://www.gnupg.org


For help using this (nmap-hackers) mailing list, send a blank email to 
nmap-hackers-help () insecure org . List run by ezmlm-idx (www.ezmlm.org).

  By Date           By Thread  

Current thread:
  • Nmap 3.20 Released! Fyodor (Mar 19)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]