Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

[SoC Patch] host and port state reasons - new and improved

From: "Eddie Bell" <ejlbell () gmail com>
Date: Wed, 21 Jun 2006 15:29:11 +0200
Ok here is the new and improved reason patch, If any of the lines
wrap/warp in this email it is because of gmail, they look normal on
nmaps output.

The feature is activated with the --reason switch and works for every
scan to some degree. It is most effective with syn/protocol scans
because they produce a large variety of packets. Whilst it is least
effective with unprivileged connect() scans because nmap has to rely
on the OSes implementation.

Here are a couple of examples to demonstrate what it does:

* SYN scan on a host that has been purposely firewalled to produce
relevant packets

root@escher# ./nmap -sS --reason 192.168.0.7

Starting Nmap 4.04BETA1 ( http://www.insecure.org/nmap/ ) at
2006-06-21 10:36 CEST
Interesting ports on 192.168.0.7:
Not shown: 1672 closed ports
Reasons: 1672 resets
PORT         STATE  SERVICE           REASON
1/tcp          filtered  tcpmux              net-unreach
7/tcp          filtered  echo                  host-unreach
53/tcp        filtered  domain               proto-unreach
80/tcp        filtered  http                    admin-prohibited
110/tcp      filtered  pop3                  host-prohibited
6667/tcp    filtered  irc                      port-unreach
6881/tcp    open    bittorent-tracker syn-ack
12345/tcp  filtered NetBus               net-prohibited

* Protocol scan on a host with external filtering (the question marks
are there to hide the hosts identity)

root@escher# ./nmap -sO --reason 129.?.?.3

Starting Nmap 4.04BETA1 ( http://www.insecure.org/nmap/ ) at
2006-06-21 10:45 CEST
Interesting protocols on .....uit.no (129.?.?.3):
Not shown: 249 closed protocols
Reasons: 249 proto-unreach
PROTOCOL STATE           SERVICE          REASON
1                  open              icmp                 echo-reply
2                  open|filtered  igmp                 no-response
4                  open|filtered  ip                      no-response
6                  open              tcp                   reset
8                  open|filtered  egp                  no-response
17                filtered           udp                  port-unreach
from 129.?.?.22
41                open|filtered  ipv6                  no-respons

* Ping scan using timestamp and netmask requests

root@escher# ./nmap -sP -PP -PM --reason -v 192.168.0.1
www.bit-tech.net www.google.com

Starting Nmap 4.04BETA1 ( http://www.insecure.org/nmap/ ) at
2006-06-21 11:08 CEST
Host cerb (192.168.0.1) appears to be up, received arp-response
Host 83.ba.5446.static.theplanet.com (70.84.186.131) appears to be up,
received timestamp-reply
Host 64.233.161.147 appears to be down, received no-response

Updates to this version:
        * Fix localhost ping bug that stopped reasons from being shown
        * Made the xsl a little more friendly
        * added --reason to nmap-man.xml and the nmap usage

Like I said before, I have tested the code as much as I can but If
anyone finds any bugs or has some new ideas about the code then don't
hesitate to email in.

- eddie

Attachment: reason.patch.gz
Description:

Attachment: reason-man-xml.patch.gz
Description: 



_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Previous By Date Next
Previous By Thread Next

Current thread: