mailing list archives
First Nmap 4.0 Release Candidate (3.98BETA1)
From: Fyodor <fyodor () insecure org>
Date: Sun, 22 Jan 2006 14:29:06 -0800
I am happy to announce Nmap 3.98BETA1, which is the first Nmap 4.0
release candidate. I'd like to release 4.0 in January (e.g. by
Tuesday of next week), so please test this sucker thoroughly and let
me know if you find any problems.
Maybe I should have focused solely on stability in preparation for the
big release, but I just couldn't help myself and added a bunch of cool
stuff :). For example, the new "runtime interaction" feature (mostly
done by former SoC student Paul Tarjan) received applause
interruptions twice during a short demonstration I gave at ShmooCon
last weekend. Note that there is no Windows support for this feature
yet -- see below if you would like to help add it in time for 4.0.
This patch also includes Doug's Asynchronous DNS patches, Priit's
NmapFE portability improvements, and more. I made binaries for
Windows and Linux (386 rpm). Here are the goods:
Crypto sigs are in the usual place:
Please let me (or better yet: mail to nmap-dev) if you encounter any
problems. Here is the full list of changes since 3.96BETA1:
o Added run time interaction as documented at
While Nmap is running, you can now press 'v' to increase verbosity,
'd' to increase the debugging level, 'p' to enable packet tracing,
or the capital versions (V,D,P) to do the opposite. Any other key
(such as enter) will print out a status message giving the estimated
time until scan completion. This only works on UNIX for now. Do we
have any volunteers to add Windows support? You would need to
change a handful of UNIX-specific termio calls with the Windows
equivalents. This feature was created by Paul Tarjan
(ptarjan(a)stanford.edu) as part of the Google Summer of Code.
o Reverse DNS resolution is now done in parallel rather than one at a
time. All scans of large networks (particularly list, ping and
just-a-few-ports scans) should benefit substantially from this
change. If you encounter any problems, please let us know. The new
--system_dns option was added so you can use the (slow) system
resolver if you prefer that for some reason. You can specify a
comma separated list of DNS server IP addresses for Nmap to use with
the new --dns_servers option. Otherwise, Nmap looks in
/etc/resolve.conf (UNIX) or the system registry (Windows) to obtain
the nameservers already configured for your system. This excellent
patch was written by Doug Hoyte (doug(a)hcsw.org).
o Added the --badsum option, which causes Nmap to use invalid TCP or
UDP checksums for packets sent to target hosts. Since virtually all
host IP stacks properly drop these packets, any responses received
are likely coming from a firewall or IDS that didn't bother to
verify the checksum. For more details on this technique, see
http://www.phrack.org/phrack/60/p60-0x0c.txt . The author of that
paper, Ed3f (ed3f(a)antifork.org), is also the author of this patch
(which I changed it a bit).
o The 26 Nmap commands that previously included an underscore
(--max_rtt_timeout, --send_eth, --host_timeout, etc.) have been
renamed to use a hyphen in the preferred format
(i.e. --max-rtt-timeout). Underscores are still supported for
o More excellent NmapFE patches from Priit Laes (amd(a)store20.com)
were applied to remove all deprecated GTK API calls. This also
eliminates the annoying Gtk-Critical and Gtk-WARNING runtime messages.
o Changed the way the __attribute__ compiler extension is detected so
that it works with the latest Fedora Core 4 updates (and perhaps other
systems). Thanks to Duilio Protti (dprotti(a)fceia.unr.edu.ar) for
writing the patch. The compilation error message this fixes was
usually something like: "nmap.o(.rodata+0x17c): undefined reference
to `__gthrw_pthread_cancel(unsigned long)"
o Added some exception handling code to mswin32/winfix.cc to prevent
Nmap from crashing mysteriously when you have WinPcap 3.0 or earlier
(instead of the required 3.1). It now prints an error message instead
asking you to upgrade, then reduces functionality to connect()-only
mode. I couldn't get it working with the C++ standard try/catch()
blocks, but as soon as I used the nonstandard MS conventions
(__try/__except(), everything worked fine. Shrug.
o Stripped the firewall API out of the libdnet included with Nmap
because Nmap doesn't use it anyway. This saves space and reduces the
likelyhood of compilation errors and warnings.
o Modified the previously useless --noninteractive option so that it
deactivates runtime interaction.
Sent through the nmap-dev mailing list
- First Nmap 4.0 Release Candidate (3.98BETA1) Fyodor (Jan 22)