|
Nmap Development
mailing list archives
RE: Possible error message bug in nmap-4.11 on Gentoo
From: "Thomas Buchanan" <TBuchanan () thecompassgrp net>
Date: Thu, 12 Oct 2006 14:53:54 -0500
-----Original Message-----
From: nmap-dev-bounces () insecure org
[mailto:nmap-dev-bounces () insecure org] On Behalf Of Andreas Ericsson
Sent: Thursday, October 12, 2006 8:29 AM
To: Diman Todorov
Cc: nmap-dev () insecure org
Subject: Re: Possible error message bug in nmap-4.11 on Gentoo
Diman Todorov wrote:
Well, you *are* telling nmap to do a ping-scan (-sP) which
doesn't use
ports, but then you specify ports as well.
This is not correct.
from the nmap man page:
<snip>
The -sP option sends an ICMP echo request and a TCP
packet to
port 80 by default. When executed by an
unprivileged
user, a SYN
packet is sent (using a connect() call) to
port 80 on the
</snip>
IMHO -sP should respect -p
Touché. I should rtfm more carefully or, as in this case, at all :-)
I'm still not sure it makes sense though, unless you use the
scan option
to control output (i.e. make hosts responding to any of the tcp-ports
given in the range show as "up", but nothing else). Oh well. I'm sure
it'll all turn out for the best.
--
Andreas Ericsson andreas.ericsson () op5 se
OP5 AB www.op5.se
Tel: +46 8-230225 Fax: +46 8-230231
I think if you want to scan specific ports using ping style probes, you should use -PS [portlist]. From the man page:
<snip>
-PS [portlist] (TCP SYN Ping)
This option sends an empty TCP packet with the SYN flag set. The default destination port is
80 (configurable at compile time by changing DEFAULT_TCP_PROBE_PORT in nmap.h), but an
alternate port can be specified as a parameter. A comma separated list of ports can even be
specified (e.g. -PS22,23,25,80,113,1050,35000), in which case probes will be attempted
against each port in parallel.
</snip>
In the source code for nmap.cc, it states that -F and -p[portlist] are NOT allowed with -sP (or -sL for that matter)
nmap.cc:
<snip>
1166 if ((o.pingscan || o.listscan) && ports) {
1167 fatal("You cannot use -F (fast scan) or -p (explicit port selection) with PING scan or LIST scan");
1168 }
</snip
However, this check was being performed after a list of ports was generated by the following call:
1151 ports = getpts(portlist);
The function getpts(portlist) is what actually prints the error message that was originally posted.
The attached proposed patch just moves the check for -F and -p up above the call to getpts(). This actually saves us
the trouble of generating the portslist (which we end up not using). The patched nmap produces the following output:
sudo ./nmap -sP -p1-1024 -v -v -v 192.168....
Starting Nmap 4.20ALPHA8 ( http://Insecure.Org ) at 2006-10-12 14:31 CDT
You cannot use -F (fast scan) or -p (explicit port selection) with PING scan or LIST scan
QUITTING!
Patch (against nmap-4.20ALPHA8) works for me on Linux (have not tested under Windows). Patch also cleanly applies to
nmap-4.11
Thomas
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
 By Date 
By Thread
Current thread:
- Re: Possible error message bug in nmap-4.11 on Gentoo, (continued)
Re: Possible error message bug in nmap-4.11 on Gentoo Peter Oven (Oct 12)
Re: Possible error message bug in nmap-4.11 on Gentoo Marcin Wielgoszewski (Oct 12)
RE: Possible error message bug in nmap-4.11 on Gentoo Thomas Buchanan (Oct 12)
RE: Possible error message bug in nmap-4.11 on Gentoo Thomas Buchanan (Oct 12)
|
Intro
