Nmap Development mailing list archives

beta29 on Darwin

From: Paul Tod Rieger <prie () abl com>
Date: Tue, 21 Aug 2001 11:38:15 -0400
Some data points while building and trying nmap 2.54beta29 on
AppleBSD 10.0.4:

1) ./configure
[...]
checking whether we are using GNU C... (cached) yes
checking whether cc accepts -g... (cached) yes
checking gcc version...
./configure: parse error: condition expected: -gt [980]
checking for inline... (cached) inline


2) make
idle_scan.c: In function `idlescan_countopen2':
idle_scan.c:542: warning: `newipid' might be used uninitialized in this function

protocols.c: In function `getfastprots':
protocols.c:172: warning: `protsneeded' might be used uninitialized in this func
tion

nmap_rpc.c: In function `get_rpc_results':
nmap_rpc.c:512: warning: int format, long int arg (arg 4)
nmap_rpc.c:523: warning: int format, long int arg (arg 5)


3) test network configuration #1:
        iBook connected to GNU/Linux NAT router eth1
        eth0: GNU/Linux desktop, w98, NextStep, HP JetDirect


4) nmap -P0 -sS -O -F gnuRouter
        correct ports
        2.2.19 kernel guessed to be "Linux 2.1.19 - 2.2.17"
        correct uptime


5) nmap -P0 -sS -O -F gnuDesktop
        correct ports
        2.2.19 kernel guessed to be "Linux 2.1.19 - 2.2.17, Linux kernel 2.2.13"
        correct uptime


6) nmap -P0 -sS -O -F w98
        correct ports
        correct OS


7) NextStep
        nmap -P0 -sS -O -F
           hangs
           nmap 2.54beta29 on gnuDesktop correctly reports ports and OS
        nmap -vv -sS -O -F (adds 1 open port then hangs)
        nmap -P0 -sS -F (hangs)
        nmap -P0 -sS -O -p'80,23'
           correct ports but "No exact OS matches for host"
           "bogus" TCP/IP fingerprint:
           SInfo(V=2.54BETA29%P=powerpc-apple-darwin1.3.7%D=8/18%Time=3B7EF899%O=23%C=80)
           TSeq(Class=64K%IPID=I%TS=U)
           T1(Resp=Y%DF=N%W=F87%ACK=S++%Flags=AS%Ops=M)
           T2(Resp=N)
           T3(Resp=Y%DF=N%W=F87%ACK=O%Flags=A%Ops=)
           T4(Resp=Y%DF=N%W=1000%ACK=O%Flags=R%Ops=)
           T5(Resp=Y%DF=N%W=0%ACK=S++%Flags=AR%Ops=)
           T6(Resp=Y%DF=N%W=0%ACK=O%Flags=R%Ops=)
           T7(Resp=Y%DF=N%W=0%ACK=S%Flags=AR%Ops=)
           PU(Resp=Y%DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=0%ULEN=134%DAT=E)
        nmap -P0 -sT -F (correct ports)


8) JetDirect print server
        nmap -P0 -sS -O -p'80,9100' (hangs)
        nmap -P0 -sS -p'80,9100' (reports both closed; but only 80 is)
        nmap -P0 -sT -F (correct ports)
        nmap -P0 -sS -p'80,9100' (now reports 9100 open)
        nmap -vv -sS -O -p'80,9100' jetdirect
           The SYN Stealth Scan took 1 second to scan 2 ports.
           For OSScan assuming that port 9100 is open and port 80 is closed and neither are firewalled
           (then hangs)

        nmap 2.54beta29 on gnuDesktop:
           nmap -P0 -sS -O -F "HP JetDirect EX"
              correct ports
              TCP/IP fingerprint:
              SInfo(V=2.54BETA29%P=i686-pc-linux-gnu%D=8/18%Time=3B7F09A9%O=23%C=1)
              TSeq(Class=TD%gcd=1%SI=0%IPID=I%TS=U)
              T1(Resp=Y%DF=N%W=111C%ACK=S++%Flags=AS%Ops=M)
              T2(Resp=N)
              T3(Resp=Y%DF=N%W=111C%ACK=S++%Flags=AS%Ops=M)
              T3(Resp=Y%DF=N%W=0%ACK=S++%Flags=AR%Ops=)
              T4(Resp=Y%DF=N%W=0%ACK=S%Flags=AR%Ops=)
              T5(Resp=Y%DF=N%W=0%ACK=S++%Flags=AR%Ops=)
              T6(Resp=Y%DF=N%W=0%ACK=S%Flags=AR%Ops=)
              T7(Resp=N)
              PU(Resp=Y%DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=0%UCK=E%ULEN=134%DAT=E)



9) test network configuration #2:
        iBook, NextStep, HP JetDirect on a hub


10) NextStep
        nmap -P0 -sS -O -F (still hangs)
        nmap -P0 -sS -O -p'80,23' (now works)
           correct ports
           correct OS
        nmap -P0 -sS -O -p'1-123' (hangs)
        nmap -P0 -sS -O -p'7,9,13,19,21-25,37,79,111,178,512-515'
           correct ports (all open except 24)
           correct OS
        nmap -sS -p'21-25' (OK)
        nmap -sS -p'21-45' (OK)
        nmap -sS -p'21-545' (hangs)
        nmap -sS -p'21-145' (hangs)
        nmap -sS -p'21-65' (OK)
        nmap -sS -p'21-85' (OK)
        nmap -sS -p'21-105' (hangs)
        nmap -sS -p'21-95' (hangs)
        nmap -sS -p'21-90' (hangs)
        nmap -sS -p'21-85' (hangs now)
        nmap -sS -p'21-45' (OK still)
        nmap -sS -p'21-95' (OK now)
        nmap -vv -sS -p'7-145' (adds 7, 25, 111, 13, 79, then hangs)


11) JetDirect print server
        nmap -sS -p'21-25' (correct: only 23 open)
        nmap -sS -O -p'21-25' (hangs)
        nmap -sS -O -p'23,25' (hangs)
        nmap -sS -p'23,515,9100' (wrong: all open but only 515 reported open)
        nmap -sT -p'23,515,9100' (wrong: only 23 reported open)


AppleBSD seems to have trouble with old TCP/IP stacks, so I
won't use them in near-future tests of other nmap features.

Tod
abl.com

---------------------------------------------------------------------
For help using this (nmap-dev) mailing list, send a blank email to 
nmap-dev-help () insecure org . List run by ezmlm-idx (www.ezmlm.org).
Current thread:

beta29 on Darwin Paul Tod Rieger (Aug 21)
- <Possible follow-ups>
- Re: beta29 on Darwin Paul Tod Rieger (Sep 10)
  - Re: beta29 on Darwin Fyodor (Sep 10)
    - Re: beta29 on Darwin Paul Tod Rieger (Sep 11)