Changelog:
o Refactored the scanning code to offer an upwards of an 8x speedup.
Ports are now scanned in parallel rather than one at a time. Just
how many ports are scanned in parallel is based on this algorithm:
unsigned ports(pow(2.5, o.timing_level));
ports = max(ports, o.min_parallelism);
ports = min(ports, o.max_parallelism ? o.max_parallelism : 100);
Where o.timing_level is controled by the -T command line option,
o.min_parallelism by --max_parallelism, and o.min_paralellism by
--min_parallelism. The equation's goal was to make the default
value of -T make the default parallelism be around 16.
o -sV now supports UDP ports. So far it only detects one service: DNS.
I'll add more whenever I have time. If anyone has any that they'd
like to offer detection strings for, I'm very open. If you want to
actually test them with nmap+V, I have a walkthrough in the docs
folder called service-fingerprint.txt. Each IP protocol is handled by
a different file: nmap-<protocol>-fingerprints. This differs from my
previous naming convention of nmap-versions.
o While I was doing that I fixed the fingerprint for DNS over TCP. It
wasn't very happy... I had noticed it, but I kept putting off actually
doing something about it.
o I added a portability layer that will let me change to libpcre in the
future if a reason comes up. I debated just doing it, but so far I'm
not using any of the features, so my good ol' version of regex; the one
that I hacked together from an "ok" licensed file that came up after
doing an `slocate regex.c` in order to support doing regular expressions
on strings that contain binary garbage, is still the regex of choice for
nmap+V.
o Added back a better version of my "debugging stuff". I've added STL
to so many parts of my code now that it no longer matters. I still
need to try to tackle nmap's Win32 portability problem sometime soon.
Unfortunately, this usage of STL means that this release won't compile
on Win32. It isn't fundamentally broken, there are just some bad
#define's in mswin32/winclude.h that keep non-nmap sanctioned system
header files from working.
o Removed the -FV option. It mainly stayed around because scans were
so painfully slow. Originally, I think I added it because I couldn't
scan protocols on ports that I didn't think they were on (this was
mainly version scanning at the time, not protocol auto-detection,
which was added later). Regardless, the feature seems pointless now.
o Removed the feature where I reuse the already open connections from
TCP connect() scans. I might add this back someday, but for now it's
gone as it was too much of a pain to maintain all the _other_ code
changes that this one required (as I had to tap into the addport()
system in order to get the information added correctly). Besides, I
figure A) if you are doing a connect() scan you aren't trying to be
stealthy anyway and B) the -sV scan is most useful when it can use
multiple connections anyway with -sVV. I'm not worried that I'm going
to get many complaints :).
o In general minimized my patch whereever possible.
FTP Information (for "released" versions):
Source: ftp://ftp.saurik.com/pub/nmap/nmap-3.30+V-2.90.tgz
Patch: ftp://ftp.saurik.com/pub/nmap/nmap+V-2.90
New Win32 Binaries: not available for this release... sorry
Old Win32: ftp://ftp.saurik.com/pub/nmap/nmap-3.30+V-2.35.win32.zip
CVS Information (for current versions):
Repository: :pserver:anoncvs_at_cvs.saurik.com:/cvs/nmap
Module: nmap
Password: anoncvs
Example Output (for the curious; and yes, it should line up with a fixed
width font, although it is occasionally wider than 77 characters and wraps):
[root(2)@ironclad nmap-3.30+V]# ./nmap -sS -sVV -F localhost
Starting nmap 3.30+V ( http://www.insecure.org/nmap/ ) at 2003-07-24 02:54
CDT
Interesting ports on localhost.localdomain (127.0.0.1):
(The 1174 ports scanned but not shown below are in state: closed)
Port State Service Protocol Version
17/tcp open qotd Go Text GNU Go 3.2
21/tcp open ftp FTP wu-2.6.2-8
22/tcp open ssh SSH 1.99-OpenSSH_3.4p1
23/tcp open telnet Telnet
25/tcp open smtp SMTP Sendmail
8.12.6/8.12.6
53/tcp open domain DNS
80/tcp open http HTTP Apache/2.0.44 (Unix)
110/tcp open pop-3 POP3 Cyrus
v2.1.11-Invoca-RPM-2.1.11-3
111/tcp open sunrpc RPC
113/tcp open auth AUTH
119/tcp open nntp NNTP INN 2.2.2
13-Dec-1999
143/tcp open imap2 IMAP Cyrus
v2.1.11-Invoca-RPM-2.1.11-3
465/tcp open smtps SSL
587/tcp open submission SMTP Sendmail
8.12.6/8.12.6
783/tcp open hp-alarm-mgr SpamAssassin
953/tcp open rndc BIND rndc BIND9
993/tcp open imaps SSL
995/tcp open pop3s SSL
2000/tcp open callbook Sieve Cyrus timsieved
v2.1.11-Invoca-RPM-2.1.11-3
2401/tcp open cvspserver CVS
5432/tcp open postgres PostgreSQL 7.3
8009/tcp open ajp13 Ajp13 Apache Tomcat
8080/tcp open http-proxy HTTP Apache
Tomcat/4.1.18-LE-jdk14 (HTTP/1.1 Connector)
Nmap run completed -- 1 IP address (1 host up) scanned in 15.962 seconds
Sincerely,
Jay Freeman (saurik)
saurik_at_saurik.com
--------------------------------------------------
For help using this (nmap-hackers) mailing list, send a blank email to
nmap-hackers-help_at_insecure.org . List run by ezmlm-idx (www.ezmlm.org).
Received on Jul 24 2003
Intro
