Home page logo
/

nmap-dev logo Nmap Development mailing list archives

Getting SCTP support ready for merging
From: Daniel Roethlisberger <daniel () roe ch>
Date: Fri, 22 May 2009 14:05:27 +0200

It's time to expose the SCTP features to some more testing.  If
all goes well, we might even get it into trunk in time for the
upcoming stable release.

If you can, please test the SCTP branch of Nmap.  Things to try:

o Does it build and run on Windows?  If you have a development
  environment ready, please give it a try.

o Does it build and run on other platforms, especially more
  exotic ones?  BSD, Linux and MacOS X should be fine already.

o Can you find any regular, non-SCTP Nmap feature or combination
  of command line parameters which was broken by the SCTP
  changes?

o Is some important feature still lacking proper SCTP support?
  Zenmap, NSE, OS detection don't actively support or make use
  of SCTP at the moment, but I think that can wait as long as
  there are no regressions.

o If you have access to equipment which speaks SCTP, such as
  call managers/gateways, give it a try and report back whether
  the scan results presented by Nmap are accurate.  This would
  be especially interesting for gear which runs a proprietary
  SCTP stack.

To build, check out and build

  svn://svn.insecure.org/nmap-exp/daniel/nmap-sctp

as you would /nmap.  Note that you need to set NMAPDIR if you run
the modified nmap binary from within the build directory, this is
needed to pick up the SCTP services added to the nmap-services
file.  For example, to run an SCTP INIT scan against the 42
well-known SCTP ports, run:

  NMAPDIR=. ./nmap -sY 192.0.2.0/24

There are some public SCTP services out there, for example the
www.sctp.org web server.  But please do not run extensive scans
against them.  There are two simple daemons and a client for
testing available at:

  svn://svn.insecure.org/nmap-exp/daniel/sctp-utils

Note that tests across NAT are bound to fail, since all
implementations I came across so far do not support SCTP in any
meaningful way.

New options introduced by SCTP support:

  -PY          SCTP INIT based ping scan
  -sY          SCTP INIT scan
  -sZ          SCTP COOKIE-ECHO scan
  --adler32    Use Adler32 instead of CRC32C for SCTP checksums

Options which have gained special SCTP support:

  -sO          Send SCTP INIT packet for proto 132
  --traceroute SCTP based traceroute

Please see the documentation for details on the options.

I also uploaded an up-to-date diff against trunk which you may
want to use for code review:

  http://daniel.roe.ch/code/nmap/nmap+sctp-20090522-r13362.diff

Please report back as many bugs and suggestions for improvement
as possible.

-- 
Daniel Roethlisberger
http://daniel.roe.ch/

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault