Home page logo

nmap-dev logo Nmap Development mailing list archives

First Nmap 4.0 Release Candidate (3.98BETA1)
From: Fyodor <fyodor () insecure org>
Date: Sun, 22 Jan 2006 14:29:06 -0800


I am happy to announce Nmap 3.98BETA1, which is the first Nmap 4.0
release candidate.  I'd like to release 4.0 in January (e.g. by
Tuesday of next week), so please test this sucker thoroughly and let
me know if you find any problems.

Maybe I should have focused solely on stability in preparation for the
big release, but I just couldn't help myself and added a bunch of cool
stuff :).  For example, the new "runtime interaction" feature (mostly
done by former SoC student Paul Tarjan) received applause
interruptions twice during a short demonstration I gave at ShmooCon
last weekend.  Note that there is no Windows support for this feature
yet -- see below if you would like to help add it in time for 4.0.
This patch also includes Doug's Asynchronous DNS patches, Priit's
NmapFE portability improvements, and more.  I made binaries for
Windows and Linux (386 rpm).  Here are the goods:


Crypto sigs are in the usual place:

Please let me (or better yet: mail to nmap-dev) if you encounter any
problems.  Here is the full list of changes since 3.96BETA1:

o Added run time interaction as documented at
  http://www.insecure.org/nmap/man/man-runtime-interaction.html .
  While Nmap is running, you can now press 'v' to increase verbosity,
  'd' to increase the debugging level, 'p' to enable packet tracing,
  or the capital versions (V,D,P) to do the opposite.  Any other key
  (such as enter) will print out a status message giving the estimated
  time until scan completion.  This only works on UNIX for now.  Do we
  have any volunteers to add Windows support?  You would need to
  change a handful of UNIX-specific termio calls with the Windows
  equivalents.  This feature was created by Paul Tarjan
  (ptarjan(a)stanford.edu) as part of the Google Summer of Code.

o Reverse DNS resolution is now done in parallel rather than one at a
  time.  All scans of large networks (particularly list, ping and
  just-a-few-ports scans) should benefit substantially from this
  change.  If you encounter any problems, please let us know.  The new
  --system_dns option was added so you can use the (slow) system
  resolver if you prefer that for some reason.  You can specify a
  comma separated list of DNS server IP addresses for Nmap to use with
  the new --dns_servers option.  Otherwise, Nmap looks in
  /etc/resolve.conf (UNIX) or the system registry (Windows) to obtain
  the nameservers already configured for your system.  This excellent
  patch was written by Doug Hoyte (doug(a)hcsw.org).

o Added the --badsum option, which causes Nmap to use invalid TCP or
  UDP checksums for packets sent to target hosts. Since virtually all
  host IP stacks properly drop these packets, any responses received
  are likely coming from a firewall or IDS that didn't bother to
  verify the checksum. For more details on this technique, see
  http://www.phrack.org/phrack/60/p60-0x0c.txt .  The author of that
  paper, Ed3f (ed3f(a)antifork.org), is also the author of this patch
  (which I changed it a bit).

o The 26 Nmap commands that previously included an underscore
  (--max_rtt_timeout, --send_eth, --host_timeout, etc.) have been
  renamed to use a hyphen in the preferred format
  (i.e. --max-rtt-timeout).  Underscores are still supported for
  backwared compatability.

o More excellent NmapFE patches from Priit Laes (amd(a)store20.com)
  were applied to remove all deprecated GTK API calls.  This also
  eliminates the annoying Gtk-Critical and Gtk-WARNING runtime messages.

o Changed the way the __attribute__ compiler extension is detected so
  that it works with the latest Fedora Core 4 updates (and perhaps other
  systems).  Thanks to Duilio Protti (dprotti(a)fceia.unr.edu.ar) for
  writing the patch.  The compilation error message this fixes was
  usually something like: "nmap.o(.rodata+0x17c): undefined reference
  to `__gthrw_pthread_cancel(unsigned long)"

o Added some exception handling code to mswin32/winfix.cc to prevent
  Nmap from crashing mysteriously when you have WinPcap 3.0 or earlier
  (instead of the required 3.1).  It now prints an error message instead
  asking you to upgrade, then reduces functionality to connect()-only
  mode.  I couldn't get it working with the C++ standard try/catch()
  blocks, but as soon as I used the nonstandard MS conventions
  (__try/__except(), everything worked fine. Shrug.

o Stripped the firewall API out of the libdnet included with Nmap
  because Nmap doesn't use it anyway.  This saves space and reduces the
  likelyhood of compilation errors and warnings.

o Modified the previously useless --noninteractive option so that it
  deactivates runtime interaction.


Sent through the nmap-dev mailing list

  By Date           By Thread  

Current thread:
  • First Nmap 4.0 Release Candidate (3.98BETA1) Fyodor (Jan 22)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]