Home page logo
/

nmap-dev logo Nmap Development mailing list archives

Re: Who is testing the new Nmap IPv6 support
From: David Fifield <david () bamsoftware com>
Date: Wed, 15 Jun 2011 14:16:54 -0700

On Wed, Jun 15, 2011 at 01:23:07PM +0200, Vlatko Kosturjak wrote:
On Mon, Jun 13, 2011 at 09:53:33AM -0700, David Fifield wrote:
On Mon, Jun 13, 2011 at 12:09:31PM +0200, Luis MartinGarcia. wrote:
This is my fault. I recently removed some piece of code from osscan2.cc
that appeared to be dead. Although I tested it three times, obviously I
was wrong and the code is actually run in certain situations. Revision
23917 should fix the problem. Vlatko, could you please test if it does?
Vlatko, can you get a stack trace from the assertion failure? I asked
Luis to remove the relevant code and I too am surprised that it is being
called.

Sure. 

Initiating Service scan at 12:55
Scanning 296 services on 16 hosts
Service scan Timing: About 23.99% done; ETC: 12:57 (0:01:45 remaining)
Service scan Timing: About 58.78% done; ETC: 12:59 (0:01:26 remaining)
Service scan Timing: About 81.08% done; ETC: 12:58 (0:00:35 remaining)
Completed Service scan at 12:59, 260.09s elapsed (296 services on 16 hosts)
Initiating OS detection (try #1) against 16 hosts

Breakpoint 1, HostOsScan::sendT1_7Probe (this=0x88c3020, hss=0xd442010, 
    probeNo=0) at osscan2.cc:1396
1396      fatal("Wrong probe number (%d) passed to %s()", probeNo, __func__);
(gdb) bt
#0  HostOsScan::sendT1_7Probe (this=0x88c3020, hss=0xd442010, probeNo=0)
    at osscan2.cc:1396
#1  0x0807df7b in HostOsScan::sendNextProbe (this=0x88c3020, 
    hss=0xd442010) at osscan2.cc:1266
#2  0x0808250a in doTUITests (Targets=<value optimized out>)
    at osscan2.cc:3471
#3  os_scan_2 (Targets=<value optimized out>) at osscan2.cc:3770
#4  0x080831b9 in os_scan2 (Targets=...) at osscan2.cc:3811
#5  0x08068a83 in nmap_main (argc=15, argv=0x882d560) at nmap.cc:1896
#6  0x08062d34 in main (argc=15, argv=0xbffffb94) at main.cc:204

Interesting variables (some of them you have already in trace):
(gdb) p probeNo
$1 = 0
(gdb) p port_base
$2 = 61769
(gdb) p tcpPortBase
$3 = 61756
(gdb) p hss
$4 = (HostOsScanStats *) 0xd442010

Hope it helps,

Thank you, I think I see what is going on here. What is happening is
that the TCP probe phase (T2-T7) is trying to send one of the T1
sequence probes. Luis and I thought that was impossible, so we disabled
it and added the assert. What the TCP probe phase does is first check if
there are any fingerprint results from the six T1 probes. If there are
none, it re-sends the first of the T1 probes. That's what was causing
the assertion failure.

http://nmap.org/book/osdetect-methods.html

David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault