On Thu, Dec 19, 2002 at 09:58:43AM -0700, Gabriel L. Somlo wrote:
> I'm wondering if it may not be worth allowing for *several* tcp ports
> to use when doing tcp pings.
I agree, and have been hoping to improve host enumeration like this
for a while. I have applied your patch, and the next step will be to
allow the pingtype options to be used in combination rather than being
mutually exclusive. I would like to be able to do a command like:
nmap -PS22,53,80 -PT113 -PN -PE microsoft.com/16
Your patch doesn't address the timing issues related to sending all of
these new packiets. I don't blame you, since that code is voodoo
magic that even I barely understand :). But it caused packet loss on
restricted bandwidth connections (eg cable modem, DSL):
./nmap -sP -n 208.37.136.\* -PT80 --packet_trace
[ ... ]
Nmap run completed -- 256 IP addresses (22 hosts up) scanned in 5.183
seconds
./nmap -sP -n 208.37.136.\* -PT50,60,70,80,90 --packet_trace
[ ... ]
Nmap run completed -- 256 IP addresses (12 hosts up) scanned in 6.715
seconds
I reworked the "ping scan" algorithm quite a bit so that it should be
more accurate in the default and multi-port cases. It is now working
pretty well for me, but I have more testing to do before an "official"
release. For now, developers can test the changes in 3.10ALPHA8,
which I just put up at:
http://download.insecure.org/nmap/dist/nmap-3.10ALPHA8.tgz
If anyone (like me) has nothing better to do on Xmas eve, please test
this out and let me know if you notice any problems (especially
ping-scan related).
Thanks for the patch, and happy holidays everyone!
Cheers,
Fyodor
---------------------------------------------------------------------
For help using this (nmap-dev) mailing list, send a blank email to
nmap-dev-help_at_insecure.org . List run by ezmlm-idx (www.ezmlm.org).
Received on Dec 24 2002
Intro
