Sorry folks, looks like the patch didn't make it through to mailing list. Attached as txt file this time.
> -----Original Message-----
> From: nmap-dev-bounces_at_insecure.org
> [mailto:nmap-dev-bounces_at_insecure.org] On Behalf Of Thomas Buchanan
> Sent: Thursday, October 12, 2006 2:54 PM
> To: Andreas Ericsson; Diman Todorov
> Cc: nmap-dev_at_insecure.org
> Subject: RE: Possible error message bug in nmap-4.11 on Gentoo
>
>
> > -----Original Message-----
> > From: nmap-dev-bounces_at_insecure.org
> > [mailto:nmap-dev-bounces_at_insecure.org] On Behalf Of Andreas Ericsson
> > Sent: Thursday, October 12, 2006 8:29 AM
> > To: Diman Todorov
> > Cc: nmap-dev_at_insecure.org
> > Subject: Re: Possible error message bug in nmap-4.11 on Gentoo
> >
> > Diman Todorov wrote:
> > >> Well, you *are* telling nmap to do a ping-scan (-sP) which
> > doesn't use
> > >> ports, but then you specify ports as well.
> > > This is not correct.
> > > from the nmap man page:
> > > <snip>
> > > The -sP option sends an ICMP echo request
> and a TCP
> > > packet to
> > > port 80 by default. When executed by an
> > unprivileged
> > > user, a SYN
> > > packet is sent (using a connect() call) to
> > port 80 on the
> > > </snip>
> > >
> > > IMHO -sP should respect -p
> > >
> >
> > Touché. I should rtfm more carefully or, as in this case, at all :-)
> >
> > I'm still not sure it makes sense though, unless you use the
> > scan option
> > to control output (i.e. make hosts responding to any of the
> tcp-ports
> > given in the range show as "up", but nothing else). Oh
> well. I'm sure
> > it'll all turn out for the best.
> >
> > --
> > Andreas Ericsson andreas.ericsson_at_op5.se
> > OP5 AB www.op5.se
> > Tel: +46 8-230225 Fax: +46 8-230231
> >
>
>
> I think if you want to scan specific ports using ping style
> probes, you should use -PS [portlist]. From the man page:
>
> <snip>
> -PS [portlist] (TCP SYN Ping)
> This option sends an empty TCP packet with the SYN flag
> set. The default destination port is
> 80 (configurable at compile time by changing
> DEFAULT_TCP_PROBE_PORT in nmap.h), but an
> alternate port can be specified as a parameter. A comma
> separated list of ports can even be
> specified (e.g. -PS22,23,25,80,113,1050,35000), in
> which case probes will be attempted
> against each port in parallel.
> </snip>
>
> In the source code for nmap.cc, it states that -F and
> -p[portlist] are NOT allowed with -sP (or -sL for that matter)
>
> nmap.cc:
> <snip>
> 1166 if ((o.pingscan || o.listscan) && ports) {
> 1167 fatal("You cannot use -F (fast scan) or -p
> (explicit port selection) with PING scan or LIST scan");
> 1168 }
> </snip
>
> However, this check was being performed after a list of ports
> was generated by the following call:
>
> 1151 ports = getpts(portlist);
>
> The function getpts(portlist) is what actually prints the
> error message that was originally posted.
>
> The attached proposed patch just moves the check for -F and
> -p up above the call to getpts(). This actually saves us the
> trouble of generating the portslist (which we end up not
> using). The patched nmap produces the following output:
>
> sudo ./nmap -sP -p1-1024 -v -v -v 192.168....
>
> Starting Nmap 4.20ALPHA8 ( http://Insecure.Org ) at
> 2006-10-12 14:31 CDT
> You cannot use -F (fast scan) or -p (explicit port selection)
> with PING scan or LIST scan
> QUITTING!
>
>
> Patch (against nmap-4.20ALPHA8) works for me on Linux (have
> not tested under Windows). Patch also cleanly applies to nmap-4.11
>
> Thomas
>
>
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
Received on Oct 12 2006
Intro
