Home page logo

nmap-dev logo Nmap Development mailing list archives

[PATCH] "ncat -l --send-only" not sending only
From: Kris Katterjohn <katterjohn () gmail com>
Date: Sat, 27 Jun 2009 20:08:37 -0500

Hash: SHA1

Hey everyone,

I found (what I consider to be) an oddity in server-mode --send-only in Ncat.

I was messing with TCP RX/TX queues on my Linux box earlier, for no real
reason other than just to play around.  At one point I wanted to 1) have a
server accept connections but not read any data, 2) have a client send a lot
of data to that server, and 3) view netstat output to see the amount of data
in the server's RX queue and in the client's TX queue.

Looks like #1 and #2 are areas for Ncat to shine!

I figured that -l --send-only will make the server do pretty much nothing but
accept connections, since I won't be sending anything from it.


term1$ ncat -l --send-only 31337

term2$ cat abigmanual.pdf | ncat --send-only localhost 31337

term3$ netstat -an | grep :31337

Hmm.. not quite what I wanted:

Proto Recv-Q  Send-Q   Local Address     Foreign Address   State
tcp        0       0   TIME_WAIT

Well, I know that netcat6[1] has a --send-only option, because I renamed the
old Ncat --sendonly to it last year for a bit of conformity (and I liked it
better).  So I decided to fire up a couple of nc6s and see what it happens:

term1$ nc6 -l --send-only -p 31337

term2$ cat abigmanual.pdf | nc6 --send-only localhost 31337

term3$ netstat -an | grep :31337

Just what I was looking for:

Proto Recv-Q  Send-Q   Local Address     Foreign Address   State
tcp        0  136896   ESTABLISHED
tcp    76096       0   ESTABLISHED

So what's the deal with Ncat?  Using -l and --send-only obviously doesn't just
send only.  The man page only says that Ncat "will ignore anything received"
when using this option, but you can take that to mean different things.

It turns out that Ncat will actually read in the data, it just won't write it
to stdout or log it.  That makes Ncat's option a bit of a misnomer since it
does everything it normally would, except pass the data to the user--which is
very different from sending only.

I created one patch to simply make Ncat behave like Netcat6 (which I think it
should do).  But I figured having a choice in the matter is a lot better
(since I seem to often have opinions on how things should behave which are
different than that of many list members), which lead me to my current patch
(attached) against the dev branch.  With this patch, --send-only's behavior
does not change; however, you can now use the new --send-only=force to make it
actually only send (or more specifically, not receive).

Thoughts?  Objections?

Kris Katterjohn

[1] http://www.deepspace6.net/projects/netcat6.html

Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

Index: ncat_core.h
--- ncat_core.h (revision 13939)
+++ ncat_core.h (working copy)
@@ -111,6 +111,7 @@
     int listen;
     int keepopen;
     int sendonly;
+    int forcesendonly;
     int recvonly;
     int telnet;
     int udp;
Index: ncat_listen.c
--- ncat_listen.c       (revision 13939)
+++ ncat_listen.c       (working copy)
@@ -208,10 +208,12 @@
                         goto quit;
             } else {
-                /* Read from a client and write to stdout. */
-                if (read_socket(i) <= 0) {
-                    if (!o.keepopen)
-                        goto quit;
+                if (!o.forcesendonly) {
+                    /* Read from a client and write to stdout. */
+                    if (read_socket(i) <= 0) {
+                        if (!o.keepopen)
+                            goto quit;
+                    }
Index: ncat_main.c
--- ncat_main.c (revision 13939)
+++ ncat_main.c (working copy)
@@ -248,7 +248,7 @@
         {"recv-only",       no_argument,        &o.recvonly,  1},
         {"source-port",     required_argument,  NULL,         'p'},
         {"source",          required_argument,  NULL,         's'},
-        {"send-only",       no_argument,        &o.sendonly,  1},
+        {"send-only",       optional_argument,  NULL,         0},
         {"broker",          no_argument,        &o.broker,    1},
         {"chat",            no_argument,        NULL,         0},
         {"talk",            no_argument,        NULL,         0},
@@ -386,6 +386,12 @@
+            else if (strcmp(long_options[option_index].name, "send-only") == 0)
+            {
+                o.sendonly = 1;
+                if (optarg && strcmp(optarg, "force") == 0)
+                    o.forcesendonly = 1;
+            }
             else if (strcmp(long_options[option_index].name, "proxy") == 0)
                 if (proxyaddr)
@@ -484,7 +490,7 @@
 "  -u, --udp                  Use UDP instead of default TCP\n"
 "  -v, --verbose              Set verbosity level (can be used up to 3 times)\n"
 "  -w, --wait <time>          Connect timeout\n"
-"      --send-only            Only send data, ignoring received; quit on EOF\n"
+"      --send-only[=force]    Only send data, ignoring received; quit on EOF\n"
 "      --recv-only            Only receive data, never send anything\n"
 "      --allow                Allow specific hosts to connect to Ncat\n"
 "      --allowfile            A file of hosts allowed to connect to Ncat\n"
Index: ncat_core.c
--- ncat_core.c (revision 13939)
+++ ncat_core.c (working copy)
@@ -128,6 +128,7 @@
     o.listen = 0;
     o.keepopen = 0;
     o.sendonly = 0;
+    o.forcesendonly = 0;
     o.recvonly = 0;
     o.telnet = 0;
     o.udp = 0;

Sent through the nmap-dev mailing list
Archived at http://SecLists.Org

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]