approaching 4.04

CHANGELOG

@@ -73,6 +73,22 @@ o Changed all instances of inet_aton() into calls to inet_pton()
   instead.  This allowed us to remove inet_aton.c from nbase.  Thanks to
   KX (kxmail(a)gmail.com) for the patch.
 
+o When debugging (-d) is specified, Nmap now prints a report on the
+  timing variables in use.  Thanks to Doug Hoyte for the patch.  The
+  report loos like this:
+  ---------- Timing report ----------
+    hostgroups: min 1, max 100000
+    rtt-timeouts: init 250, min 50, max 300
+    scan-delay: TCP 5, UDP 1000
+    parallelism: min 0, max 0
+    max-retries: 2, host-timeout 900000
+  -----------------------------------
+
+o Modified the WinPcap installer file to explicitly uninstall an
+  existing WinPcap (if you select that you wish to replace it) rather
+  than just overwriting the old version.  Thanks to Doug Hoyte for
+  making this change.
+
 Nmap 4.03
 
 o Updated the LibPCRE build system to add the -fno-thread-jumps option

TargetGroup.cc

@@ -209,7 +209,7 @@ int TargetGroup::parse_expr(const char * const target_expr, int af) {
           if (count > 1)
              error("Warning: Hostname %s resolves to %d IPs. Using %s.", target_net, count, inet_ntoa(*((struct in_addr *)target->h_addr_list[0])));
 	} else {
-	  fprintf(stderr, "Failed to resolve given hostname/IP: %s.  Note that you can't use '/mask' AND '[1-4,7,100-]' style IP ranges\n", target_net);
+	  fprintf(stderr, "Failed to resolve given hostname/IP: %s.  Note that you can't use '/mask' AND '1-4,7,100-' style IP ranges\n", target_net);
 	  free(hostexp);
 	  return 1;
 	}

docs/nmap.1

@@ -2,7 +2,7 @@
 .\" It was generated using the DocBook XSL Stylesheets (version 1.69.1).
 .\" Instead of manually editing it, you probably should edit the DocBook XML
 .\" source for it and then use the DocBook XSL Stylesheets to regenerate it.
-.TH "NMAP" "1" "05/15/2006" "" "Nmap Reference Guide"
+.TH "NMAP" "1" "05/27/2006" "" "Nmap Reference Guide"
 .\" disable hyphenation
 .nh
 .\" disable justification (adjust text to left margin only)
@@ -875,9 +875,9 @@ These templates allow the user to specify how aggressive they wish to be, while
 \fB\-T4\fR
 prohibits the dynamic scan delay from exceeding 10ms for TCP ports and
 \fB\-T5\fR
-caps that value at 5 milliseconds. Templates can be used in combination with fine grained controls, as long as the template is specified first. Otherwise the standard values for the template may override the values you specify. I recommend using
+caps that value at 5 milliseconds. Templates can be used in combination with fine grained controls, and the fine\-grained controls will you specify will take precedence over the timing template default for that parameter. I recommend using
 \fB\-T4\fR
-when scanning reasonably modern and reliable networks. Keep that option (at the beginning of the command line) even when you add fine grained controls so that you benefit from those extra minor optimizations that it enables.
+when scanning reasonably modern and reliable networks. Keep that option even when you add fine grained controls so that you benefit from those extra minor optimizations that it enables.
 .sp
 If you are on a decent broadband or ethernet connection, I would recommend always using
 \fB\-T4\fR. Some people love

docs/nmap.dtd

@@ -78,7 +78,7 @@
 			start		%attr_numeric;	#IMPLIED
 			startstr	CDATA	        #IMPLIED
 			version		CDATA		#REQUIRED
-			xmloutputversion (1.01)		#REQUIRED
+			xmloutputversion (1.02)		#REQUIRED
 >
 
 <!-- this element is written in output.c:doscaninfo() -->

mswin32/winpcap/winpcap-nmap.nsi

@@ -44,6 +44,7 @@ Function .onInit
 
   do_silent:
     SetSilent silent
+    IfFileExists "$SYSDIR\wpcap.dll" finish
     return
 
   no_silent:
@@ -77,6 +78,13 @@ Function .onInit
     quit
 
   finish:
+    ReadRegStr $0 "HKLM" "Software\WinPcap" ""
+
+    IfFileExists "$0\Uninstall.exe" run_uninstaller
+    return
+
+  run_uninstaller:
+    ExecWait '"$0\Uninstall.exe"'
 
 FunctionEnd
 

nmap-service-probes

@@ -1491,6 +1491,7 @@ match sourceoffice m|^250\r\nProtocol-Version:(\d[.\d]+)\r\nMessage-ID:\d+\r\nDa
 match ssh m|^\0\0\0\$\0\0\0\0\x01\0\0\0\x1bNo host key is configured!\n\r!\"v| p/Foundry Networks switch sshd/ i/broken: No host key configured/
 match ssh m|^SSH-(\d[\d.]+)-SSF-(\d[-.\w]+)\n| p/SSF French SSH/ v/$2/ i/protocol $1/
 match ssh m|^SSH-(\d[\d.]+)-lshd_(\d[-.\w]+) lsh - a free ssh\r\n\0\0| p/lshd secure shell/ v/$2/ i/protocol $1/
+match ssh m/^SSH-([.\d]+)-OpenSSH[_-](\S+ Debian-7ubuntu3)/i o/Linux/ p/OpenSSH/ v/$2/ i/protocol $1/
 match ssh m/^SSH-([.\d]+)-OpenSSH[_-]([\S ]+)/i p/OpenSSH/ v/$2/ i/protocol $1/
 match ssh m/^SSH-([.\d]+)-Sun_SSH_(\S+)/ p/SunSSH/ v/$2/ i/protocol $1/
 match ssh m/^SSH-([.\d]+)-meow roototkt by rebel/ p/meow SSH ROOTKIT/ i/protocol $1/
@@ -4589,6 +4590,13 @@ match gadu m|^UDAG$| p/Kadu polish IM client/
 match skype m|^.{14}$|s p/Skype VoIP data channel/
 
 
+##############################NEXT PROBE##############################
+Probe TCP FourOhFourRequest q|GET /nice%20ports%2C/Tri%6Eity.txt%2ebak HTTP/1.0\r\n\r\n|
+rarity 6
+ports 80-85,88,8000-8010,8080-8085,8880-8888
+fallback GetRequest
+
+
 ##############################NEXT PROBE##############################
 # ftp://ftp.rfc-editor.org/in-notes/rfc1179.txt
 Probe TCP LPDString q|\x01default\n|