Nmap Development mailing list archives

XML output incomplete

From: Owen Mooney <omooney () tcd ie>
Date: Thu, 3 Sep 2020 15:59:46 +0100

Hi, I think I have discovered a bug where the XML output is incomplete with
certain combinations of options. The command I am running is:

nmap -T5 -sU -sS -PS22,80,443,445,3389,135,139 -PU53,161 -PE --traceroute
--disable-arp-ping -sV -oX - 172.17.0.2

The target host is a docker container running apache and listening on port
80. The XML output doesn't contain any <port> elements in this case. For
some reason, using T4 or lower fixes this issue. I thought that perhaps the
port was not being detected as open using T5, but I confirmed with
wireshark that there is a SYN-ACK-RST on port 80, as well as some
further traffic generated as part of the service detection phase (I
assume).

I have attached the XML output, and a screenshot of Wireshark. Any help
would be much appreciated.

Cheers,
Owen M.

Attachment: nmap-bugged-output.xml
Description:

_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/

Current thread:

XML output incomplete Owen Mooney (Sep 03)
- Re: XML output incomplete David Fifield (Sep 03)
  - Re: XML output incomplete Owen Mooney (Sep 10)
    - Re: XML output incomplete David Fifield (Sep 10)
    - Re: XML output incomplete Owen Mooney (Sep 10)