Home page logo

nmap-dev logo Nmap Development mailing list archives

Re: Patch/Feature req.: Multiple ports when doing raw tcp ping
From: Fyodor <fyodor () insecure org>
Date: Tue, 24 Dec 2002 13:13:19 -0800

On Thu, Dec 19, 2002 at 09:58:43AM -0700, Gabriel L. Somlo wrote:
I'm wondering if it may not be worth allowing for *several* tcp ports
to use when doing tcp pings.

I agree, and have been hoping to improve host enumeration like this
for a while.  I have applied your patch, and the next step will be to
allow the pingtype options to be used in combination rather than being
mutually exclusive.  I would like to be able to do a command like:

nmap -PS22,53,80 -PT113 -PN -PE microsoft.com/16

Your patch doesn't address the timing issues related to sending all of
these new packiets.  I don't blame you, since that code is voodoo
magic that even I barely understand :).  But it caused packet loss on
restricted bandwidth connections (eg cable modem, DSL):

./nmap -sP -n 208.37.136.\* -PT80 --packet_trace
[ ... ]
Nmap run completed -- 256 IP addresses (22 hosts up) scanned in 5.183

./nmap -sP -n 208.37.136.\* -PT50,60,70,80,90 --packet_trace
[ ... ]
Nmap run completed -- 256 IP addresses (12 hosts up) scanned in 6.715

I reworked the "ping scan" algorithm quite a bit so that it should be
more accurate in the default and multi-port cases.  It is now working
pretty well for me, but I have more testing to do before an "official"
release.  For now, developers can test the changes in 3.10ALPHA8,
which I just put up at:


If anyone (like me) has nothing better to do on Xmas eve, please test
this out and let me know if you notice any problems (especially
ping-scan related).

Thanks for the patch, and happy holidays everyone!


For help using this (nmap-dev) mailing list, send a blank email to 
nmap-dev-help () insecure org . List run by ezmlm-idx (www.ezmlm.org).

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]