Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Nmap Development: Patch to make --host_timeout more useful

Patch to make --host_timeout more useful

From: Colin Phipps <cph_at_netcraft.com>
Date: Mon, 18 Dec 2000 15:44:15 +0000

For people who don't want to wait forever :-), the attached patch makes
nmap print partial results from timed out scans. It seemed a bit silly to
me that nmap would time out a scan then silently forget any results that
it found.

Contrived example follows.

Before:
nmap-dev/nmap-2.54BETA7% sudo ./nmap -r --host_timeout 7200 10.0.0.1

Starting nmap V. 2.54BETA7 ( www.insecure.org/nmap/ )
Skipping host some.example.com (10.0.0.1) due to host timeout
Nmap run completed -- 1 IP address (1 host up) scanned in 8 seconds

After:
nmap-2.54BETA7-cph% sudo ./nmap -r --host_timeout 7200 10.0.0.1

Starting nmap V. 2.54BETA7 ( www.insecure.org/nmap/ )
Results for host some.example.com (10.0.0.1) incomplete due to host timeout
Interesting ports on some.example.com (10.0.0.1):
(The 16 ports scanned but not shown below are in state: closed)
Port State Service
10/tcp open unknown
13/tcp open daytime

Nmap run completed -- 1 IP address (1 host up) scanned in 8 seconds 

-- 
Colin Phipps                            http://www.netcraft.com/

diff -pburN nmap-2.54BETA7/nmap.c nmap-2.54BETA7-cph/nmap.c
--- nmap-2.54BETA7/nmap.c Mon Oct 9 00:36:13 2000
+++ nmap-2.54BETA7-cph/nmap.c Thu Dec 14 14:58:22 2000
@@ -1061,11 +1061,12 @@ int nmap_main(int argc, char *argv[]) {
         }
         
         if (currenths->timedout) {
- log_write(LOG_NORMAL|LOG_SKID|LOG_STDOUT,"Skipping host %s (%s) due to host timeout\n", currenths->name,
+ log_write(LOG_NORMAL|LOG_SKID|LOG_STDOUT,"Results for host %s (%s) incomplete due to host timeout\n", currenths->name,
                     inet_ntoa(currenths->host));
           log_write(LOG_MACHINE,"Host: %s (%s)\tStatus: Timeout",
                     inet_ntoa(currenths->host), currenths->name);
- } else {
+ }
+ {
           assignignoredportstate(&currenths->ports);
           printportoutput(currenths, &currenths->ports);
           resetportlist(&currenths->ports);
diff -pburN nmap-2.54BETA7/scan_engine.c nmap-2.54BETA7-cph/scan_engine.c
--- nmap-2.54BETA7/scan_engine.c Mon Oct 9 00:35:49 2000
+++ nmap-2.54BETA7-cph/scan_engine.c Thu Dec 14 15:00:37 2000
@@ -1064,11 +1064,11 @@ void pos_scan(struct hoststruct *target,
     error("WARNING: GAVE UP ON SCAN AFTER 20 RETRIES");
   }
   
+ posscan_timedout:
+
   if (o.verbose)
     log_write(LOG_STDOUT, "The %s took %ld %s to scan %d ports.\n", scantype2str(scantype), (long) time(NULL) - starttime, (((long) time(NULL) - starttime) == 1)? "second" : "seconds", o.numports);
   
- posscan_timedout:
-
   free(scan);
   if (rawsd >= 0)
     close(rawsd);
@@ -1663,6 +1663,8 @@ void super_scan(struct hoststruct *targe
     }
   } while(changed && ++tries < 100);
 
+superscan_timedout: /* cph - give a hint about open ports anyway */
+
   openlist = testinglist;
 
   if (o.debugging || o.verbose)
@@ -1676,8 +1678,6 @@ void super_scan(struct hoststruct *targe
     else
       addport(&target->ports, current->portno, IPPROTO_UDP, NULL, PORT_OPEN);
   }
-
- superscan_timedout:
 
   free(scan);
   close(rawsd);

---------------------------------------------------------------------
For help using this (nmap-dev) mailing list, send a blank email to
nmap-dev-help_at_insecure.org . List run by ezmlm-idx (www.ezmlm.org).
Received on Dec 19 2000

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos