diff --git a/NmapOps.cc b/NmapOps.cc index 21074ad75..b3f4e9d31 100644 --- a/NmapOps.cc +++ b/NmapOps.cc @@ -362,15 +362,15 @@ dialog where you can start NPF if you have administrator privileges."; if (isr00t && af() == AF_INET) synscan++; else connectscan++; - // if (verbose) error("No TCP, UDP, SCTP or ICMP scantype specified, assuming %s scan. Use -sP if you really don't want to portscan (and just want to see what hosts are up).", synscan? "SYN Stealth" : "vanilla tcp connect()"); + // if (verbose) error("No TCP, UDP, SCTP or ICMP scantype specified, assuming %s scan. Use -sn if you really don't want to portscan (and just want to see what hosts are up).", synscan? "SYN Stealth" : "vanilla tcp connect()"); } if (pingtype != PINGTYPE_NONE && spoofsource) { - error("WARNING: If -S is being used to fake your source address, you may also have to use -e and -PN . If you are using it to specify your real source address, you can ignore this warning."); + error("WARNING: If -S is being used to fake your source address, you may also have to use -e and -Pn . If you are using it to specify your real source address, you can ignore this warning."); } if (pingtype != PINGTYPE_NONE && idlescan) { - error("WARNING: Many people use -PN w/Idlescan to prevent pings from their true IP. On the other hand, timing info Nmap gains from pings can allow for faster, more reliable scans."); + error("WARNING: Many people use -Pn w/Idlescan to prevent pings from their true IP. On the other hand, timing info Nmap gains from pings can allow for faster, more reliable scans."); sleep(2); /* Give ppl a chance for ^C :) */ } @@ -399,7 +399,7 @@ dialog where you can start NPF if you have administrator privileges."; } if (noportscan && (TCPScan() || UDPScan() || SCTPScan() || ipprotscan)) { - fatal("-sL and -sP (skip port scan) are not valid with any other scan types"); + fatal("-sL and -sn (skip port scan) are not valid with any other scan types"); } if (af() == AF_INET6 && (pingtype & (PINGTYPE_ICMP_PING|PINGTYPE_ICMP_MASK|PINGTYPE_ICMP_TS))) { @@ -439,7 +439,7 @@ dialog where you can start NPF if you have administrator privileges."; } if (bouncescan && pingtype != PINGTYPE_NONE) - log_write(LOG_STDOUT, "Hint: if your bounce scan target hosts aren't reachable from here, remember to use -PN so we don't try and ping them prior to the scan\n"); + log_write(LOG_STDOUT, "Hint: if your bounce scan target hosts aren't reachable from here, remember to use -Pn so we don't try and ping them prior to the scan\n"); if (ackscan+bouncescan+connectscan+finscan+idlescan+maimonscan+nullscan+synscan+windowscan+xmasscan > 1) fatal("You specified more than one type of TCP scan. Please choose only one of -sA, -b, -sT, -sF, -sI, -sM, -sN, -sS, -sW, and -sX"); @@ -464,7 +464,7 @@ dialog where you can start NPF if you have administrator privileges."; #endif if (osscan && noportscan) { - fatal("WARNING: OS Scan is unreliable without a port scan. You need to use a scan type along with it, such as -sS, -sT, -sF, etc instead of -sP"); + fatal("WARNING: OS Scan is unreliable without a port scan. You need to use a scan type along with it, such as -sS, -sT, -sF, etc instead of -sn"); } if (osscan && ipprotscan) { @@ -500,7 +500,7 @@ dialog where you can start NPF if you have administrator privileges."; } if (af() == AF_INET6 && (generate_random_ips|numdecoys|osscan|bouncescan|fragscan|ackscan|finscan|idlescan|ipprotscan|maimonscan|nullscan|synscan|udpscan|windowscan|xmasscan|sctpinitscan|sctpcookieechoscan)) { - fatal("Sorry -- IPv6 support is currently only available for connect() scan (-sT), ping scan (-sP), and list scan (-sL). OS detection, random targets and decoys are also not supported with IPv6. Further support is under consideration."); + fatal("Sorry -- IPv6 support is currently only available for connect() scan (-sT), ping scan (-sn), and list scan (-sL). OS detection, random targets and decoys are also not supported with IPv6. Further support is under consideration."); } /* Prevent performance values from getting out of whack */ diff --git a/docs/nmap-install.xml b/docs/nmap-install.xml index 00cc89013..9e1be9ba0 100644 --- a/docs/nmap-install.xml +++ b/docs/nmap-install.xml @@ -710,13 +710,13 @@ quite as efficient as on Unix. Here are the known limitations: interface IP such as 127.0.0.1 or any of its registered IP addresses). This is a Windows limitation that we haven't yet worked around. If you really want to do this, use a TCP -connect scan without pinging () as that uses +connect scan without pinging () as that uses the high level socket API rather than sending raw packets. Nmap only supports ethernet interfaces (including most 802.11 wireless cards and many VPN clients) for raw packet scans. -Unless you use the options, RAS connections +Unless you use the options, RAS connections (such as PPP dialups) and certain VPN clients are not supported. This support was dropped when Microsoft removed raw TCP/IP socket support in Windows XP SP2. Now Nmap must send lower-level ethernet frames diff --git a/docs/refguide.xml b/docs/refguide.xml index 6767ac65a..549829170 100644 --- a/docs/refguide.xml +++ b/docs/refguide.xml @@ -325,7 +325,7 @@ you would expect. the simple ICMP echo request packets associated with the ubiquitous ping tool. Users can skip the ping step entirely with a list scan () or - by disabling ping (), or engage the network + by disabling ping (), or engage the network with arbitrary combinations of multi-port TCP SYN/ACK, UDP, SCTP INIT and ICMP probes. The goal of these probes is to solicit responses which demonstrate that an IP address is actually active @@ -365,8 +365,8 @@ you would expect. port scan against each host it determines is online. This is true even if you specify non-default host discovery types such as UDP probes (). Read about the - option to learn how to perform - only host discovery, or use to skip host + option to learn how to perform + only host discovery, or use to skip host discovery and port scan all target hosts. The following options control host discovery: @@ -399,16 +399,16 @@ you would expect. scanning, OS detection, or ping scanning cannot be combined with this. If you wish to disable ping scanning while still performing such higher level functionality, read up on the - (skip ping) option. + (skip ping) option. - (Skip port scan) - + (No port scan) + ping scan - port scandisabling with + port scandisabling with This option tells Nmap not to do a port scan after host @@ -430,7 +430,7 @@ you would expect. pinging the broadcast address because many hosts do not reply to broadcast queries. - The option sends an ICMP echo + The default host discovery done with consists of an ICMP echo request, TCP SYN to port 443, TCP ACK to port 80, and an ICMP timestamp request by default. When executed by an unprivileged user, only SYN packets are sent @@ -439,9 +439,9 @@ you would expect. on a local ethernet network, ARP requests are used unless was specified. - The option can be combined with any of the + The option can be combined with any of the discovery probe types (the options, - excluding ) for greater flexibility. + excluding ) for greater flexibility. If any of those probe type and port number options are used, the default probes are overridden. When strict firewalls are in place between the @@ -456,8 +456,8 @@ you would expect. - (No ping) - + (No ping) + host discoverydisabling @@ -466,7 +466,7 @@ you would expect. for heavier scanning. By default, Nmap only performs heavy probing such as port scans, version detection, or OS detection against hosts that are found to be up. Disabling - host discovery with causes Nmap to + host discovery with causes Nmap to attempt the requested scanning functions against every target IP address specified. So if a class B sized target address space (/16) is specified @@ -476,7 +476,7 @@ you would expect. continues to perform requested functions as if each target IP is active. To skip ping scan and port scan, while still allowing NSE to run, use the two options - together. + together. For machines on a local ethernet network, ARP scanning will still be performed (unless @@ -2097,7 +2097,7 @@ way. open and one closed TCP port are found. Set this option and Nmap will not even try OS detection against hosts that do not meet this criteria. This can save substantial - time, particularly on scans against many hosts. It + time, particularly on scans against many hosts. It only matters when OS detection is requested with or . @@ -2465,7 +2465,7 @@ be set to keep the group size within a specific range, though this is rarely desired. These options do not have an effect during the host discovery -phase of a scan. This includes plain ping scans (). +phase of a scan. This includes plain ping scans (). Host discovery always works in large groups of hosts to improve speed and accuracy. @@ -2541,7 +2541,7 @@ scans unresponsive hosts. Specifying a lower and than the defaults can cut scan times significantly. This is particularly true for pingless -() scans, and those against heavily filtered +() scans, and those against heavily filtered networks. Don't get too aggressive though. The scan can end up taking longer if you specify such a low value that many probes are timing out and retransmitting while the response is in transit. @@ -3075,7 +3075,7 @@ services. to make the targets think that someone else is scanning them. Imagine a company being repeatedly port scanned by a competitor! The - option and are + option and are generally required for this sort of usage. Note that you usually won't receive reply packets back (they will be addressed to the IP you are spoofing), so Nmap won't produce @@ -4327,20 +4327,20 @@ overwhelming requests. Specify to only see example of - example of - nmap -v -iR 100000 -PN -p 80 + example of + nmap -v -iR 100000 -Pn -p 80 Asks Nmap to choose 100,000 hosts at random and scan them for web servers (port 80). Host enumeration is disabled with - since first sending a couple probes to + since first sending a couple probes to determine whether a host is up is wasteful when you are only probing one port on each target host anyway. example of example of - nmap -PN -p80 -oX logs/pb-port80scan.xml -oG + nmap -Pn -p80 -oX logs/pb-port80scan.xml -oG logs/pb-port80scan.gnmap 216.163.128.20/20 This scans 4096 IPs for any web servers (without pinging diff --git a/docs/scripting.xml b/docs/scripting.xml index fc0ece2e0..28f17454f 100644 --- a/docs/scripting.xml +++ b/docs/scripting.xml @@ -197,11 +197,11 @@ Nmap done: 1 IP address (1 host up) scanned in 0.33 seconds Script scanning is normally done in combination with a port scan, because scripts may be run or not run depending on the port states - found by the scan. With the option it is + found by the scan. With the option it is possible to run a script scan without a port scan, only host discovery. In this case only host scripts will be eligible to run. To run a script scan with neither a host discovery nor a port scan, - use the options together with + use the options together with or . Every host will be assumed up and still only host scripts will be run. This technique is useful for scripts like @@ -776,14 +776,14 @@ local username = nmap.registry.args.user - nmap -sP -sC example.com + nmap -sn -sC example.com A script scan without a port scan; only host scripts are eligible to run. - nmap -PN -sP -sC example.com + nmap -Pn -sn -sC example.com A script scan without host discovery or a port scan. All hosts are assumed up and only host scripts are eligible to diff --git a/nmap.cc b/nmap.cc index 156585047..6ad87aade 100644 --- a/nmap.cc +++ b/nmap.cc @@ -214,8 +214,8 @@ printf("%s %s ( %s )\n" " --excludefile : Exclude list from file\n" "HOST DISCOVERY:\n" " -sL: List Scan - simply list targets to scan\n" - " -sP: Ping Scan - go no further than determining if host is online\n" - " -PN: Treat all hosts as online -- skip host discovery\n" + " -sn: Ping Scan - disable port scan\n" + " -Pn: Treat all hosts as online -- skip host discovery\n" " -PS/PA/PU/PY[portlist]: TCP SYN/ACK, UDP or SCTP discovery to given ports\n" " -PE/PP/PM: ICMP echo, timestamp, and netmask request discovery probes\n" " -PO[protocol list]: IP Protocol Ping\n" @@ -310,8 +310,8 @@ printf("%s %s ( %s )\n" " -h: Print this help summary page.\n" "EXAMPLES:\n" " nmap -v -A scanme.nmap.org\n" - " nmap -v -sP 192.168.0.0/16 10.0.0.0/8\n" - " nmap -v -iR 10000 -PN -p 80\n" + " nmap -v -sn 192.168.0.0/16 10.0.0.0/8\n" + " nmap -v -iR 10000 -Pn -p 80\n" "SEE THE MAN PAGE (http://nmap.org/book/man.html) FOR MORE OPTIONS AND EXAMPLES\n", NMAP_NAME, NMAP_VERSION, NMAP_URL); exit(rc); } @@ -1212,7 +1212,7 @@ int nmap_main(int argc, char *argv[]) { assert(ports.proto_ping_count > 0); } } else { - fatal("Illegal Argument to -P, use -PN, -PO, -PI, -PB, -PE, -PM, -PP, -PA, -PU, -PT, -PY, or -PT80 (or whatever number you want for the TCP probe destination port)"); + fatal("Illegal Argument to -P, use -Pn, -PO, -PI, -PB, -PE, -PM, -PP, -PA, -PU, -PT, -PY, or -PT80 (or whatever number you want for the TCP probe destination port)"); } break; case 'p': @@ -1236,7 +1236,7 @@ int nmap_main(int argc, char *argv[]) { break; case 's': if (!*optarg) { - error("An option is required for -s, most common are -sT (tcp scan), -sS (SYN scan), -sF (FIN scan), -sU (UDP scan) and -sP (Ping scan)"); + error("An option is required for -s, most common are -sT (tcp scan), -sS (SYN scan), -sF (FIN scan), -sU (UDP scan) and -sn (Ping scan)"); printusage(argv[0], -1); } p = optarg; diff --git a/output.cc b/output.cc index ee863cb05..080b9de0f 100644 --- a/output.cc +++ b/output.cc @@ -2213,7 +2213,7 @@ void printfinaloutput() { error("WARNING: No targets were specified, so 0 hosts scanned."); if (o.numhosts_scanned == 1 && o.numhosts_up == 0 && !o.listscan && o.pingtype != PINGTYPE_NONE) - log_write(LOG_STDOUT, "Note: Host seems down. If it is really up, but blocking our ping probes, try -PN\n"); + log_write(LOG_STDOUT, "Note: Host seems down. If it is really up, but blocking our ping probes, try -Pn\n"); else if (o.numhosts_up > 0) { if (o.osscan && o.servicescan) log_write(LOG_PLAIN, "OS and Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .\n"); diff --git a/tcpip.cc b/tcpip.cc index 5b1df3a00..d04c403b0 100644 --- a/tcpip.cc +++ b/tcpip.cc @@ -1037,7 +1037,7 @@ pcap_t *my_pcap_open_live(const char *device, int snaplen, int promisc, int to_m "LINUX: If you are getting Socket type not supported, try modprobe af_packet or recompile your kernel with SOCK_PACKET enabled.\n" "*BSD: If you are getting device not configured, you need to recompile your kernel with Berkeley Packet Filter support. If you are getting No such file or directory, try creating the device (eg cd /dev; MAKEDEV ; or use mknod).\n" "*WINDOWS: Nmap only supports ethernet interfaces on Windows for most operations because Microsoft disabled raw sockets as of Windows XP SP2. Depending on the reason for this error, it is possible that the --unprivileged command-line argument will help.\n" - "SOLARIS: If you are trying to scan localhost or the address of an interface and are getting '/dev/lo0: No such file or directory' or 'lo0: No DLPI device found', complain to Sun. I don't think Solaris can support advanced localhost scans. You can probably use \"-PN -sT localhost\" though.\n\n", + "SOLARIS: If you are trying to scan localhost or the address of an interface and are getting '/dev/lo0: No such file or directory' or 'lo0: No DLPI device found', complain to Sun. I don't think Solaris can support advanced localhost scans. You can probably use \"-Pn -sT localhost\" though.\n\n", pcapdev, snaplen, promisc, to_ms, err0r); } else { error("pcap_open_live(%s, %d, %d, %d) FAILED. Reported error: %s. Will wait %d seconds then retry.", pcapdev, snaplen, promisc, to_ms, err0r, (int) pow(5.0, failed));