Home page logo
/

nmap-dev logo Nmap Development mailing list archives

nmap looping (3.96BETA1)
From: Michael Hornung <hornung () cac washington edu>
Date: Thu, 26 Jan 2006 12:14:15 -0800 (PST)

I am experiencing a reproducible but not consistent problem running 
3.96BETA1 that I never experienced with prior releases, and I believe it 
is related to the new max_retries option.  This is on i386 Linux 2.4. 
When I initiate single scan instances, it has worked fine so far.  On one 
project, though, I'm running about 50 instances of nmap in parallel, each 
with the same arguments.  Only occasionally will one of the processes 
continue running and never quit when it should.

Nmap was compiled with Martin's rate limit patch, and configured with:

        ./configure --without-nmapfe

I run the scans, one per host, like:

nmap -PE -sS -O -T4 --min_parallelism 70 --max_parallelism 200   \
--initial_rtt_timeout 100 --max_rtt_timeout 100 --osscan_limit   \
--max_retries 3 --datadir /home/hornung/nmap/src/nmap-3.96BETA1  \
-vv -d9 xx.yy.zz.73

What I will find on occasion (and can reproduce with some success if I 
fire up several parallel scan instances) is that nmap eventually prints:

        Warning: Finishing early because retransmission cap hit.

But then it continues doing something, and the process does not quit, and 
thus the results are never printed.  Looking at the debugging output, 
eventually nmap is just printing this over and over again:

**TIMING STATS**: IP, probes active/freshportsleft/retry_stack/outstanding/retra
nwait/onbench, cwnd/ccthresh/delay, timeout/srtt/rttvar/
    Groupstats (1/1 incomplete): 0/*/*/*/*/* 70.00/2/* 100000/462/114
    xx.yy.zz.73: 0/0/1124/0/0/0 70.00/2/5 100000/462/114

The number of probes on the retry stack never decrease or time out.  I 
have a core dump and a ~39MB log of that scan (until I sent it a SIGQUIT) 
if it would be helpful to see those.

Or should I try getting 3.999 to compile (though I had trouble with 
libpcre this morning) and see if it can be reproduced with that?  Either 
way, would other information be helpful in untangling this?  Thanks.

-Mike Hornung


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault