Nmap Development mailing list archives
Re: Who is testing the new Nmap IPv6 support
From: David Fifield <david () bamsoftware com>
Date: Wed, 15 Jun 2011 14:16:54 -0700
On Wed, Jun 15, 2011 at 01:23:07PM +0200, Vlatko Kosturjak wrote:
On Mon, Jun 13, 2011 at 09:53:33AM -0700, David Fifield wrote:On Mon, Jun 13, 2011 at 12:09:31PM +0200, Luis MartinGarcia. wrote:This is my fault. I recently removed some piece of code from osscan2.cc that appeared to be dead. Although I tested it three times, obviously I was wrong and the code is actually run in certain situations. Revision 23917 should fix the problem. Vlatko, could you please test if it does?Vlatko, can you get a stack trace from the assertion failure? I asked Luis to remove the relevant code and I too am surprised that it is being called.Sure. Initiating Service scan at 12:55 Scanning 296 services on 16 hosts Service scan Timing: About 23.99% done; ETC: 12:57 (0:01:45 remaining) Service scan Timing: About 58.78% done; ETC: 12:59 (0:01:26 remaining) Service scan Timing: About 81.08% done; ETC: 12:58 (0:00:35 remaining) Completed Service scan at 12:59, 260.09s elapsed (296 services on 16 hosts) Initiating OS detection (try #1) against 16 hosts Breakpoint 1, HostOsScan::sendT1_7Probe (this=0x88c3020, hss=0xd442010, probeNo=0) at osscan2.cc:1396 1396 fatal("Wrong probe number (%d) passed to %s()", probeNo, __func__); (gdb) bt #0 HostOsScan::sendT1_7Probe (this=0x88c3020, hss=0xd442010, probeNo=0) at osscan2.cc:1396 #1 0x0807df7b in HostOsScan::sendNextProbe (this=0x88c3020, hss=0xd442010) at osscan2.cc:1266 #2 0x0808250a in doTUITests (Targets=<value optimized out>) at osscan2.cc:3471 #3 os_scan_2 (Targets=<value optimized out>) at osscan2.cc:3770 #4 0x080831b9 in os_scan2 (Targets=...) at osscan2.cc:3811 #5 0x08068a83 in nmap_main (argc=15, argv=0x882d560) at nmap.cc:1896 #6 0x08062d34 in main (argc=15, argv=0xbffffb94) at main.cc:204 Interesting variables (some of them you have already in trace): (gdb) p probeNo $1 = 0 (gdb) p port_base $2 = 61769 (gdb) p tcpPortBase $3 = 61756 (gdb) p hss $4 = (HostOsScanStats *) 0xd442010 Hope it helps,
Thank you, I think I see what is going on here. What is happening is that the TCP probe phase (T2-T7) is trying to send one of the T1 sequence probes. Luis and I thought that was impossible, so we disabled it and added the assert. What the TCP probe phase does is first check if there are any fingerprint results from the six T1 probes. If there are none, it re-sends the first of the T1 probes. That's what was causing the assertion failure. http://nmap.org/book/osdetect-methods.html David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Re: Who is testing the new Nmap IPv6 support, (continued)
- Re: Who is testing the new Nmap IPv6 support Patrik Karlsson (Jun 12)
- Re: Who is testing the new Nmap IPv6 support David Fifield (Jun 13)
- Re: Who is testing the new Nmap IPv6 support Brandon Enright (Jun 13)
- Re: Who is testing the new Nmap IPv6 support David Fifield (Jun 15)
- Re: Who is testing the new Nmap IPv6 support Patrik Karlsson (Jun 13)
- Re: Who is testing the new Nmap IPv6 support David Fifield (Jun 24)
- Re: Who is testing the new Nmap IPv6 support David Fifield (Jun 13)
- Re: Who is testing the new Nmap IPv6 support Patrik Karlsson (Jun 12)
- Re: Who is testing the new Nmap IPv6 support Luis MartinGarcia. (Jun 13)
- Re: Who is testing the new Nmap IPv6 support David Fifield (Jun 13)
- Re: Who is testing the new Nmap IPv6 support Vlatko Kosturjak (Jun 15)
- Re: Who is testing the new Nmap IPv6 support David Fifield (Jun 15)
