Re: Bug in output reporting of open ports

[Daniel Miller <bonsaiviking () gmail com>]

Roberto,

Did the scan time out on those hosts? Interactive mode with -v shows 
ports open as they are discovered with "Discovered open port XXX/tcp on 
IP," but the Normal and XML output are not generated until Nmap is done 
with the host (or hostgroup). If the scan timed out (which is very 
likely with a -p 1-65535 -sU scan), then the results from that host are 
discarded and not output to files. The default host timeout for -T5 is 
900000ms, which is 15 minutes. Try setting a longer --host-timeout, 
though note that at -T5, a completely unresponsive host could take 
(300ms/packet) * 3 retransmissions * 65536 ports * 2 protocols = 1.37 
days (worst case, since parallelism reduces this somewhat).

Dan

On 07/18/2011 09:46 AM, Roberto Bonalumi wrote:
> Hello,
> after some testing and documentation reading, I am quite confident that I
> found a bug in output creation. Here follows the bug description:
>
> Nmap version 5.51 with Zenmap installed
> OS Windows XP Professional SP3
>
> I started nmap with the following command:
>
> *nmap -sS -sU -p 1-65535 -T5 -v -v -v -v -n -oN output.nmap -oX output.xml
> -Pn 192.168.xxx.0/24*
>
> where 192.168.xxx.0/24 is a different subnet from the local one.
>
> Interactive output correctly shows there are some open ports on some hosts.
> Normal output and XML output does *NOT *report any open port - and this is
> the bug.
>
> This bug implies that If you need to use nmap to check whether two different
> subnets are correctly isolated or not, you cannot rely on normal or XML
> output, but you need to capture the interactive output.
>
> Please note that i found the same bug on the same system without using
> Zenmap, and also using nmap version 4.62 on a Linux box.
>
> Regards

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/