Nmap Development mailing list archives

Re: XML output incomplete

From: Owen Mooney <omooney () tcd ie>
Date: Fri, 4 Sep 2020 10:23:35 +0100

Normal output below:

# Nmap 7.80 scan initiated Fri Sep  4 09:49:26 2020 as: nmap -T5 -sU -sS
-PS22,80,443,445,3389,135,139 -PU53,161 -PE --traceroute -sV -oN normal.txt
-oX xml.xml 172.17.0.2
Warning: 172.17.0.2 giving up on port because retransmission cap hit (2).
Nmap scan report for 172.17.0.2
Host is up (0.00017s latency).
Skipping host 172.17.0.2 due to host timeout
Service detection performed. Please report any incorrect results at
https://nmap.org/submit/ .
# Nmap done at Fri Sep  4 10:04:32 2020 -- 1 IP address (1 host up) scanned
in 905.65 seconds

No mention of port 80 open, however the "Skipping host..." line might be a
clue. Is it possible that a host can be skipped after some ports have
already been found open?
I have attached the pcap file to this email for reference. It shows that
Nmap generated a SYN to port 80 and got an ACK in response, and then sent a
http request further on in the scan.

On Thu, 3 Sep 2020 at 16:18, David Fifield <david () bamsoftware com> wrote:

On Thu, Sep 03, 2020 at 03:59:46PM +0100, Owen Mooney wrote:

Hi, I think I have discovered a bug where the XML output is incomplete

with

certain combinations of options. The command I am running is:

nmap -T5 -sU -sS -PS22,80,443,445,3389,135,139 -PU53,161 -PE --traceroute
--disable-arp-ping -sV -oX - 172.17.0.2

The target host is a docker container running apache and listening on

port 80.

The XML output doesn't contain any <port> elements in this case. For some
reason, using T4 or lower fixes this issue. I thought that perhaps the

port was

not being detected as open using T5, but I confirmed with wireshark that

there

is a SYN-ACK-RST on port 80, as well as some further traffic generated

as part

of the service detection phase (I assume).


Is the port reported as open in normal output? I want to see if the
problem is specifically to do with XML output, or if it's more general.

You can save normal and XML output at the same time with
        -oN filename.txt -oX filename.xml

Attachment: nmap-bug-2.pcap
Description:

_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/

Current thread:

XML output incomplete Owen Mooney (Sep 03)
- Re: XML output incomplete David Fifield (Sep 03)
  - Re: XML output incomplete Owen Mooney (Sep 10)
    - Re: XML output incomplete David Fifield (Sep 10)
    - Re: XML output incomplete Owen Mooney (Sep 10)