Home page logo
/

nmap-dev logo Nmap Development mailing list archives

Re: ncat's nsock vs. nmap nsock
From: " mixter () gmail com" <mixter () gmail com>
Date: Fri, 9 May 2008 15:00:59 +0200

Ok, I will research more this weekend into why this is failing. but
at the moment it is still a mystery to me. It ends up in trying
to recv() from FD -1... But it calls nsock_connect_tcp() and
nsock_read() just like nmap (though I haven't checked the
whole event handlers, there has got to be some differences):

connect(3, {sa_family=AF_INET, sin_port=htons(80),
sin_addr=inet_addr("209.85.129.147")}, 16) = -1 EINPROGRESS
select(4, [3], [3], [3], {10, 0})       = 1 (out [3], left {9, 984000})
getsockopt(3, SOL_SOCKET, SO_ERROR, [0], [4]) = 0
send(3, "", 0, 0)                       = 0
write(2, "Connected to 209.85.129.147:80\n", 31Connected to
209.85.129.147:80) = 31
dup(0)                                  = 4
fcntl64(4, F_GETFL)                     = 0x2 (flags O_RDWR)
fcntl64(4, F_SETFL, O_RDWR|O_NONBLOCK)  = 0
gettimeofday({1210337816, 1524}, NULL)  = 0
select(5, [3 4], [], [], NULL)          = 1 (in [4])
gettimeofday({1210337820, 293207}, NULL) = 0
recv(4, 0xbfa3a0b8, 8192, 0)            = -1 ENOTSOCK (Socket
operation on non-socket)


On Thu, May 8, 2008 at 9:23 PM, Fyodor <fyodor () insecure org> wrote:
On Thu, May 08, 2008 at 06:59:12PM +0200,  mixter () gmail com wrote:
By diff'ing the 2006 nsock version against it (attached), I found
there's just one major difference, which is in do_actual_read():

- buflen = read(iod->sd, buf, sizeof(buf));
+ buflen = recv(iod->sd, buf, sizeof(buf), 0);

That is good news that the difference is so little!  According to the
comment above that line in Nsock:

   /* Traditional read() - no SSL - using recv() because that works
      better on Windows */

So we did use read() there some years ago, but it didn't work properly
on Windows.  Have you tested Ncat on Win?

Is Ncat not working at all with recv()?  That seems strange, since
Nmap uses Nsock in similar ways with the same code path.  For example,
version detection makes TCP connections on which it sends/receives
data, and also does UDP.  NSE does the same.  So I think Ncat *should*
be able to work with Nsock as is.  But of course that doesn't explain
why it isn't :).

Can you research more what is causing Ncat to fail with our nsock?
I'd like to have Nmap and Ncat shre the same library code.  Plus, even
if you import Nsock code into Ncat in order to use read(), you may
just encouter the Windows problems which caused us to abandon read()
years ago.

Cheers,
-F


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault