Bump version and regen docs for 7.60 release

2025-12-13 19:29:04 +00:00 · 2017-08-01 21:50:08 +00:00
parent 385ef668fd
commit 4a6fb1abe6
15 changed files with 369 additions and 845 deletions
--- a/90
+++ b/90
@@ -1,5 +1,65 @@
 # Nmap Changelog ($Id$); -*-text-*-
 Nmap 7.60 [2017-07-31]
 o [Windows] Updated the bundled Npcap from 0.91 to 0.93, fixing several issues
  with installation and compatibility with the Windows 10 Creators Update.
 o [NSE][GH#910] NSE scripts now have complete SSH support via libssh2,
  including password brute-forcing and running remote commands, thanks to the
  combined efforts of three Summer of Code students: [Devin Bjelland, Sergey
  Khegay, Evangelos Deirmentzoglou]
 o [NSE] Added 14 NSE scripts from 6 authors, bringing the total up to 579!
  They are all listed at https://nmap.org/nsedoc/, and the summaries are below:
  + ftp-syst sends SYST and STAT commands to FTP servers to get system version
    and connection information. [Daniel Miller]
  + [GH#916] http-vuln-cve2017-8917 checks for an SQL injection vulnerability affecting
    Joomla! 3.7.x before 3.7.1. [Wong Wai Tuck]
  + iec-identify probes for the IEC 60870-5-104 SCADA protocol. [Aleksandr
    Timorin, Daniel Miller]
  + [GH#915] openwebnet-discovery retrieves device identifying information and
    number of connected devices running on openwebnet protocol. [Rewanth Cool]
  + puppet-naivesigning checks for a misconfiguration in the Puppet CA where
    naive signing is enabled, allowing for any CSR to be automatically signed.
    [Wong Wai Tuck]
  + [GH#943] smb-protocols discovers if a server supports dialects NT LM 0.12
    (SMBv1), 2.02, 2.10, 3.00, 3.02 and 3.11. This replaces the old
    smbv2-enabled script. [Paulino Calderon]
  + [GH#943] smb2-capabilities lists the supported capabilities of SMB2/SMB3
    servers. [Paulino Calderon]
  + [GH#943] smb2-time determines the current date and boot date of SMB2
    servers. [Paulino Calderon]
  + [GH#943] smb2-security-mode determines the message signing configuration of
    SMB2/SMB3 servers. [Paulino Calderon]
  + [GH#943] smb2-vuln-uptime attempts to discover missing critical patches in
    Microsoft Windows systems based on the SMB2 server uptime. [Paulino Calderon]
  + ssh-auth-methods lists the authentication methods offered by an SSH server.
    [Devin Bjelland]
  + ssh-brute performs brute-forcing of SSH password credentials. [Devin Bjelland]
  + ssh-publickey-acceptance checks public or private keys to see if they could
    be used to log in to a target. A list of known-compromised key pairs is
    included and checked by default. [Devin Bjelland]
  + ssh-run uses user-provided credentials to run commands on targets via SSH.
    [Devin Bjelland]
 o [NSE] Removed smbv2-enabled, which was incompatible with the new SMBv2/3
  improvements. It was fully replaced by the smb-protocols script.
 o [Ncat][GH#446] Added Datagram TLS (DTLS) support to Ncat in connect (client)
  mode with --udp --ssl. Also added Application Layer Protocol Negotiation
  (ALPN) support with the --ssl-alpn option. [Denis Andzakovic, Daniel Miller]
@@ -11,23 +71,11 @@ o Updated the default ciphers list for Ncat and the secure ciphers list for
 o [NSE][GH#930] Fix ndmp-version and ndmp-fs-info when scanning Veritas Backup
  Exec Agent 15 or 16. [Andrew Orr]
-o [NSE][GH#943] Added new SMB2/3 library and scripts:
+o [NSE][GH#943] Added new SMB2/3 library and related scripts. [Paulino Calderon]
  + smb-protocols discovers if a server supports dialects
    NT LM 0.12 (SMBv1), 2.02, 2.10, 3.00, 3.02 and 3.11.
  + smb2-time determines the current date and boot date of SMB2 servers.
  + smb2-capabilities lists the supported capabilities of SMB2/SMB3 servers.
  + smb2-security-mode determines the message signing configuration of
    SMB2/SMB3 servers.
  + smb2-vuln-uptime attempts to discover missing critical
    patches in Microsoft Windows systems based on the SMB2
    server uptime. [Paulino Calderon]
 o [NSE][GH#950] Added wildcard detection to dns-brute. Only hostnames that
  resolve to unique addresses will be listed. [Aaron Heesakkers]
 o [NSE] ftp-syst sends SYST and STAT commands to FTP servers to get system
  version and connection information. [Daniel Miller]
 o [NSE] FTP scripts like ftp-anon and ftp-brute now correctly handle
  TLS-protected FTP services and use STARTTLS when necessary. [Daniel Miller]
@@ -43,29 +91,13 @@ o [NSE][GH#934] The HTTP response object has a new member, version, which
  contains the HTTP protocol version string returned by the server, e.g. "1.0".
  [nnposter]
 o [NSE] openwebnet-discovery retrieves device identifying information and
 number of connected devices running on openwebnet protocol. [Rewanth Cool]
 o [NSE][GH#938] Fix handling of the objectSID Active Directory attribute
  by ldap.lua. [Tom Sellers]
 o [NSE] puppet-naivesigning checks for a misconfiguration in the Puppet CA
  where naive signing is enabled, allowing for any CSR to be automatically
  signed. [Wong Wai Tuck]
 o [NSE] Fix line endings in the list of Oracle SIDs used by oracle-sid-brute.
  Carriage Return characters were being sent in the connection packets, likely
  resulting in failure of the script. [Anant Shrivastava]
 o [NSE] iec-identify probes for the IEC 60870-5-104 SCADA protocol.
  [Aleksandr Timorin, Daniel Miller]
 o [GH#910] added libssh2 support, ssh-brute, ssh-run, ssh-auth-methods,
  ssh-publickey-acceptance [Evangelos Deirmentzoglou]
 o [NSE] http-vuln-cve2017-8917 checks for an SQL injection vulnerability
  affecting Joomla! 3.7.x before 3.7.1. [Wong Wai Tuck]
 o [NSE][GH#141] http-useragent-checker now checks for changes in HTTP status
  (usually 403 Forbidden) in addition to redirects to indicate forbidden User
  Agents. [Gyanendra Mishra]
--- a/docs/nmap-update.1
+++ b/docs/nmap-update.1
@@ -1,13 +1,13 @@
 '\" t
 .\"     Title: nmap-update
 .\"    Author: [FIXME: author] [see http://docbook.sf.net/el/author]
-.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
+.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
-.\"      Date: 06/13/2017
+.\"      Date: 08/01/2017
 .\"    Manual: nmap-update Reference Guide
 .\"    Source: nmap-update
 .\"  Language: English
 .\"
-.TH "NMAP\-UPDATE" "1" "06/13/2017" "nmap\-update" "nmap\-update Reference Guide"
+.TH "NMAP\-UPDATE" "1" "08/01/2017" "nmap\-update" "nmap\-update Reference Guide"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
--- a/docs/nmap.1
+++ b/docs/nmap.1
--- a/docs/nmap.usage.txt
+++ b/docs/nmap.usage.txt
@@ -1,4 +1,4 @@
-Nmap 7.50SVN ( https://nmap.org )
+Nmap 7.60SVN ( https://nmap.org )
 Usage: nmap [Scan Type(s)] [Options] {target specification}
 TARGET SPECIFICATION:
  Can pass hostnames, IP addresses, networks, etc.
--- a/docs/zenmap.1
+++ b/docs/zenmap.1
@@ -1,13 +1,13 @@
 '\" t
 .\"     Title: zenmap
 .\"    Author: [see the "Authors" section]
-.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
+.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
-.\"      Date: 06/13/2017
+.\"      Date: 08/01/2017
 .\"    Manual: Zenmap Reference Guide
 .\"    Source: Zenmap
 .\"  Language: English
 .\"
-.TH "ZENMAP" "1" "06/13/2017" "Zenmap" "Zenmap Reference Guide"
+.TH "ZENMAP" "1" "08/01/2017" "Zenmap" "Zenmap Reference Guide"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
--- a/mswin32/nmap.rc
+++ b/mswin32/nmap.rc
@@ -13,7 +13,7 @@
 //
 VS_VERSION_INFO VERSIONINFO
-FILEVERSION 7,0,50,100
+FILEVERSION 7,0,60,100
 FILEFLAGSMASK 0x3fL
 #ifdef _DEBUG
 FILEFLAGS 0x21L
@@ -30,7 +30,7 @@ BEGIN
        BEGIN
            VALUE "CompanyName", "Insecure.Org\0"
            VALUE "FileDescription", "Nmap\0"
-            VALUE "FileVersion", "7.50SVN\0"
+            VALUE "FileVersion", "7.60SVN\0"
            VALUE "InternalName", "Nmap\0"
            VALUE "LegalCopyright", "Copyright (c) Insecure.Com LLC (fyodor@insecure.org)\0"
            VALUE "LegalTrademarks", "NMAP\0"
--- a/ncat/docs/ncat.1
+++ b/ncat/docs/ncat.1
@@ -1,13 +1,13 @@
 '\" t
 .\"     Title: Ncat
 .\"    Author: [see the "Authors" section]
-.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
+.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
-.\"      Date: 06/13/2017
+.\"      Date: 08/01/2017
 .\"    Manual: Ncat Reference Guide
 .\"    Source: Ncat
 .\"  Language: English
 .\"
-.TH "NCAT" "1" "06/13/2017" "Ncat" "Ncat Reference Guide"
+.TH "NCAT" "1" "08/01/2017" "Ncat" "Ncat Reference Guide"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -43,7 +43,7 @@ Among Ncat\*(Aqs vast number of features there is the ability to chain Ncats tog
 .RS 4
 .\}
 .nf
-Ncat 7\&.50SVN ( https://nmap\&.org/ncat )
+Ncat 7\&.60SVN ( https://nmap\&.org/ncat )
 Usage: ncat [options] [hostname] [port]
 Options taking a time assume seconds\&. Append \*(Aqms\*(Aq for milliseconds,
@@ -92,6 +92,7 @@ Options taking a time assume seconds\&. Append \*(Aqms\*(Aq for milliseconds,
      \-\-ssl\-verify           Verify trust and domain name of certificates
      \-\-ssl\-trustfile        PEM file containing trusted SSL certificates
      \-\-ssl\-ciphers          Cipherlist containing SSL ciphers to use
      \-\-ssl\-alpn             ALPN protocol list to use\&.
      \-\-version              Display Ncat\*(Aqs version information and exit
 See the ncat(1) manpage for full options, descriptions and usage examples
@@ -101,10 +102,6 @@ See the ncat(1) manpage for full options, descriptions and usage examples
 .\}
 .sp
 .SH "CONNECT MODE AND LISTEN MODE"
 .\" connect mode (Ncat)
 .\" client mode (Ncat)
 .\" listen mode (Ncat)
 .\" server mode (Ncat)
 .PP
 Ncat operates in one of two primary modes: connect mode and listen mode\&. Other modes, such as the HTTP proxy server, act as special cases of these two\&. In connect mode, Ncat works as a client\&. In listen mode it is a server\&.
 .PP
@@ -117,7 +114,6 @@ arguments tell what to connect to\&.
 is required, and may be a hostname or IP address\&. If
 \fB\fIport\fR\fR
 is supplied, it must be a decimal port number\&. If omitted, it defaults to 31337\&.
 .\" default port of Ncat.\" 31337
 .PP
 In listen mode,
 \fB\fIhostname\fR\fR
@@ -131,19 +127,16 @@ is omitted, it defaults to 31337\&.
 .SH "PROTOCOL OPTIONS"
 .PP
 \fB\-4\fR (IPv4 only)
 .\" -4 (Ncat option)
 .RS 4
 Force the use of IPv4 only\&.
 .RE
 .PP
 \fB\-6\fR (IPv6 only)
 .\" -6 (Ncat option)
 .RS 4
 Force the use of IPv6 only\&.
 .RE
 .PP
 \fB\-U\fR, \fB\-\-unixsock\fR (Use Unix domain sockets)
 .\" --unixsock (Ncat option) .\" -U (Ncat option)
 .RS 4
 Use Unix domain sockets rather than network sockets\&. This option may be used on its own for stream sockets, or combined with
 \fB\-\-udp\fR
@@ -154,20 +147,17 @@ the section called \(lqUNIX DOMAIN SOCKETS\(rq\&.
 .RE
 .PP
 \fB\-u\fR, \fB\-\-udp\fR (Use UDP)
 .\" -u (Ncat option) .\" --udp (Ncat option)
 .RS 4
 Use UDP for the connection (the default is TCP)\&.
 .RE
 .PP
 \fB\-\-sctp\fR (Use SCTP)
 .\" --sctp (Ncat option)
 .RS 4
 Use SCTP for the connection (the default is TCP)\&. SCTP support is implemented in TCP\-compatible mode\&.
 .RE
 .SH "CONNECT MODE OPTIONS"
 .PP
 \fB\-g \fR\fB\fIhop1\fR\fR\fB[,\fIhop2\fR,\&.\&.\&.]\fR (Loose source routing)
 .\" -g (Ncat option)
 .RS 4
 Sets hops for IPv4 loose source routing\&. You can use
 \fB\-g\fR
@@ -177,7 +167,6 @@ multiple times with single hops to build the list, or combine the two\&. Hops ca
 .RE
 .PP
 \fB\-G \fR\fB\fIptr\fR\fR (Set source routing pointer)
 .\" -G (Ncat option)
 .RS 4
 Sets the IPv4 source route
 \(lqpointer\(rq
@@ -186,13 +175,11 @@ for use with
 .RE
 .PP
 \fB\-p \fR\fB\fIport\fR\fR, \fB\-\-source\-port \fR\fB\fIport\fR\fR (Specify source port)
 .\" --source-port (Ncat option) .\" -p (Ncat option)
 .RS 4
 Set the port number for Ncat to bind to\&.
 .RE
 .PP
 \fB\-s \fR\fB\fIhost\fR\fR, \fB\-\-source \fR\fB\fIhost\fR\fR (Specify source address)
 .\" --source (Ncat option) .\" -s (Ncat option)
 .RS 4
 Set the address for Ncat to bind to\&.
 .RE
@@ -203,26 +190,22 @@ the section called \(lqACCESS CONTROL OPTIONS\(rq
 for information on limiting the hosts that may connect to the listening Ncat process\&.
 .PP
 \fB\-l\fR, \fB\-\-listen\fR (Listen for connections)
 .\" --listen (Ncat option) .\" -l (Ncat option)
 .RS 4
 Listen for connections rather than connecting to a remote machine
 .RE
 .PP
 \fB\-m \fR\fB\fInumconns\fR\fR, \fB\-\-max\-conns \fR\fB\fInumconns\fR\fR (Specify maximum number of connections)
 .\" --max-conns (Ncat option) .\" -m (Ncat option)
 .RS 4
 The maximum number of simultaneous connections accepted by an Ncat instance\&. 100 is the default (60 on Windows)\&.
 .RE
 .PP
 \fB\-k\fR, \fB\-\-keep\-open\fR (Accept multiple connections)
 .\" --keep-open (Ncat option) .\" -k (Ncat option)
 .RS 4
 Normally a listening server accepts only one connection and then quits when the connection is closed\&. This option makes it accept multiple simultaneous connections and wait for more connections after they have all been closed\&. It must be combined with
 \fB\-\-listen\fR\&. In this mode there is no way for Ncat to know when its network input is finished, so it will keep running until interrupted\&. This also means that it will never close its output stream, so any program reading from Ncat and looking for end\-of\-file will also hang\&.
 .RE
 .PP
 \fB\-\-broker\fR (Connection brokering)
 .\" --broker (Ncat option)
 .RS 4
 Allow multiple parties to connect to a centralised Ncat server and communicate with each other\&. Ncat can broker communication between systems that are behind a NAT or otherwise unable to directly connect\&. This option is used in conjunction with
 \fB\-\-listen\fR, which causes the
@@ -231,7 +214,6 @@ port to have broker mode enabled\&.
 .RE
 .PP
 \fB\-\-chat\fR (Ad\-hoc \(lqchat server\(rq)
 .\" --chat (Ncat option)
 .RS 4
 The
 \fB\-\-chat\fR
@@ -240,15 +222,15 @@ option enables chat mode, intended for the exchange of text between several user
 .SH "SSL OPTIONS"
 .PP
 \fB\-\-ssl\fR (Use SSL)
 .\" --ssl (Ncat option)
 .RS 4
 In connect mode, this option transparently negotiates an SSL session with an SSL server to securely encrypt the connection\&. This is particularly handy for talking to SSL enabled HTTP servers, etc\&.
 .sp
 In server mode, this option listens for incoming SSL connections, rather than plain untunneled traffic\&.
 .sp
 In UDP connect mode, this option enables Datagram TLS (DTLS)\&. This is not supported in server mode\&.
 .RE
 .PP
 \fB\-\-ssl\-verify\fR (Verify server certificates)
 .\" --ssl-verify (Ncat option)
 .RS 4
 In client mode,
 \fB\-\-ssl\-verify\fR
@@ -256,52 +238,48 @@ is like
 \fB\-\-ssl\fR
 except that it also requires verification of the server certificate\&. Ncat comes with a default set of trusted certificates in the file
 ca\-bundle\&.crt\&.
 .\" ca-bundle.crt
 Some operating systems provide a default list of trusted certificates; these will also be used if available\&. Use
 \fB\-\-ssl\-trustfile\fR
 to give a custom list\&. Use
 \fB\-v\fR
 one or more times to get details about verification failures\&.
 .\" revoked certificates
 Ncat does not check for revoked certificates\&.
 .\" certification revocation
 .sp
 This option has no effect in server mode\&.
 .RE
 .PP
 \fB\-\-ssl\-cert \fR\fB\fIcertfile\&.pem\fR\fR (Specify SSL certificate)
 .\" --ssl-cert (Ncat option)
 .RS 4
 This option gives the location of a PEM\-encoded certificate files used to authenticate the server (in listen mode) or the client (in connect mode)\&. Use it in combination with
 \fB\-\-ssl\-key\fR\&.
 .RE
 .PP
 \fB\-\-ssl\-key \fR\fB\fIkeyfile\&.pem\fR\fR (Specify SSL private key)
 .\" --ssl-key (Ncat option)
 .RS 4
 This option gives the location of the PEM\-encoded private key file that goes with the certificate named with
 \fB\-\-ssl\-cert\fR\&.
 .RE
 .PP
 \fB\-\-ssl\-trustfile \fR\fB\fIcert\&.pem\fR\fR (List trusted certificates)
 .\" --ssl-trustfile (Ncat option)
 .RS 4
 This option sets a list of certificates that are trusted for purposes of certificate verification\&. It has no effect unless combined with
 \fB\-\-ssl\-verify\fR\&. The argument to this option is the name of a PEM
 .\" PEM (Privacy Enhanced Mail)
 file containing trusted certificates\&. Typically, the file will contain certificates of certification authorities, though it may also contain server certificates directly\&. When this option is used, Ncat does not use its default certificates\&.
 .RE
 .PP
 \fB\-\-ssl\-ciphers \fR\fB\fIcipherlist\fR\fR (Specify SSL ciphersuites)
 .\" --ssl-ciphers (Ncat option)
 .RS 4
 This option sets the list of ciphersuites that Ncat will use when connecting to servers or when accepting SSL connections from clients\&. The syntax is described in the OpenSSL ciphers(1) man page, and defaults to
-ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH
+ALL:!aNULL:!eNULL:!LOW:!EXP:!MD5:@STRENGTH
 .RE
 .PP
 \fB\-\-ssl\-alpn \fR\fB\fIALPN list\fR\fR (Specify ALPN protocol list)
 .RS 4
 This option allows you to specify a comma\-separated list of protocols to send via the Application\-Layer Protocol Negotiation (ALPN) TLS extension\&. Not supported by all versions of OpenSSL\&.
 .RE
 .SH "PROXY OPTIONS"
 .PP
 \fB\-\-proxy \fR\fB\fIhost\fR\fR\fB[:\fR\fB\fIport\fR\fR\fB]\fR (Specify proxy address)
 .\" --proxy (Ncat option)
 .RS 4
 Requests proxying through
 \fIhost\fR:\fIport\fR, using the protocol specified by
@@ -312,7 +290,6 @@ If no port is specified, the proxy protocol\*(Aqs well\-known port is used (1080
 .RE
 .PP
 \fB\-\-proxy\-type \fR\fB\fIproto\fR\fR (Specify proxy protocol)
 .\" --proxy-type (Ncat option)
 .RS 4
 In connect mode, this option requests the protocol
 \fIproto\fR
@@ -329,7 +306,6 @@ http\&.
 .RE
 .PP
 \fB\-\-proxy\-auth \fR\fB\fIuser\fR\fR\fB[:\fIpass\fR]\fR (Specify proxy credentials)
 .\" --proxy-auth (Ncat option)
 .RS 4
 In connect mode, gives the credentials that will be used to connect to the proxy server\&. In listen mode, gives the credentials that will be required of connecting clients\&. For use with
 \fB\-\-proxy\-type http\fR, the form should be user:pass\&. For
@@ -338,7 +314,6 @@ In connect mode, gives the credentials that will be used to connect to the proxy
 .SH "COMMAND EXECUTION OPTIONS"
 .PP
 \fB\-e \fR\fB\fIcommand\fR\fR, \fB\-\-exec \fR\fB\fIcommand\fR\fR (Execute command)
 .\" --exec (Ncat option) .\" -e (Ncat option)
 .RS 4
 Execute the specified command after a connection has been established\&. The command must be specified as a full pathname\&. All input from the remote client will be sent to the application and responses sent back to the remote client over the socket, thus making your command\-line application interactive over a socket\&. Combined with
 \fB\-\-keep\-open\fR, Ncat will handle multiple simultaneous connections to your specified port/application like inetd\&. Ncat will only accept a maximum, definable, number of simultaneous connections controlled by the
@@ -347,7 +322,6 @@ option\&. By default this is set to 100 (60 on Windows)\&.
 .RE
 .PP
 \fB\-c \fR\fB\fIcommand\fR\fR, \fB\-\-sh\-exec \fR\fB\fIcommand\fR\fR (Execute command via sh)
 .\" --sh-exec (Ncat option) .\" -c (Ncat option)
 .RS 4
 Same as
 \fB\-e\fR, except it tries to execute the command via
@@ -355,7 +329,6 @@ Same as
 .RE
 .PP
 \fB\-\-lua\-exec \fR\fB\fIfile\fR\fR (Execute a \&.lua script)
 .\" --lua-exec (Ncat option)
 .RS 4
 Runs the specified file as a Lua script after a connection has been established, using a built\-in interpreter\&. Both the script\*(Aqs standard input and the standard output are redirected to the connection data streams\&.
 .RE
@@ -364,21 +337,16 @@ All exec options add the following variables to the child\*(Aqs environment:
 .PP
 \fBNCAT_REMOTE_ADDR\fR, \fBNCAT_REMOTE_PORT\fR
 .RS 4
 .\" NCAT_REMOTE_ADDR> environment variable
 .\" NCAT_REMOTE_PORT> environment variable
 The IP address and port number of the remote host\&. In connect mode, it\*(Aqs the target\*(Aqs address; in listen mode, it\*(Aqs the client\*(Aqs address\&.
 .RE
 .PP
 \fBNCAT_LOCAL_ADDR\fR, \fBNCAT_LOCAL_PORT\fR
 .RS 4
 .\" NCAT_LOCAL_ADDR> environment variable
 .\" NCAT_LOCAL_PORT> environment variable
 The IP address and port number of the local end of the connection\&.
 .RE
 .PP
 \fBNCAT_PROTO\fR
 .RS 4
 .\" NCAT_PROTO> environment variable
 The protocol in use: one of
 TCP,
 UDP, and
@@ -387,7 +355,6 @@ SCTP\&.
 .SH "ACCESS CONTROL OPTIONS"
 .PP
 \fB\-\-allow \fR\fB\fIhost\fR\fR\fB[,\fIhost\fR,\&.\&.\&.]\fR (Allow connections)
 .\" --allow (Ncat option)
 .RS 4
 The list of hosts specified will be the only hosts allowed to connect to the Ncat process\&. All other connection attempts will be disconnected\&. In case of a conflict between
 \fB\-\-allow\fR
@@ -398,14 +365,12 @@ takes precedence\&. Host specifications follow the same syntax used by Nmap\&.
 .RE
 .PP
 \fB\-\-allowfile \fR\fB\fIfile\fR\fR (Allow connections from file)
 .\" --allowfile (Ncat option)
 .RS 4
 This has the same functionality as
 \fB\-\-allow\fR, except that the allowed hosts are provided in a new\-line delimited allow file, rather than directly on the command line\&.
 .RE
 .PP
 \fB\-\-deny \fR\fB\fIhost\fR\fR\fB[,\fIhost\fR,\&.\&.\&.]\fR (Deny connections)
 .\" --deny (Ncat option)
 .RS 4
 Issue Ncat with a list of hosts that will not be allowed to connect to the listening Ncat process\&. Specified hosts will have their session silently terminated if they try to connect\&. In case of a conflict between
 \fB\-\-allow\fR
@@ -416,7 +381,6 @@ takes precedence\&. Host specifications follow the same syntax used by Nmap\&.
 .RE
 .PP
 \fB\-\-denyfile \fR\fB\fIfile\fR\fR (Deny connections from file)
 .\" --denyfile (Ncat option)
 .RS 4
 This is the same functionality as
 \fB\-\-deny\fR, except that excluded hosts are provided in a new\-line delimited deny file, rather than directly on the command line\&.
@@ -433,7 +397,6 @@ h
 to the value to specify milliseconds, seconds, minutes, or hours\&.
 .PP
 \fB\-d \fR\fB\fItime\fR\fR, \fB\-\-delay \fR\fB\fItime\fR\fR (Specify line delay)
 .\" --delay (Ncat option) .\" -d (Ncat option)
 .RS 4
 Set the delay interval for lines sent\&. This effectively limits the number of lines that Ncat will send in the specified period\&. This may be useful for low\-bandwidth sites, or have other uses such as coping with annoying
 \fBiptables \-\-limit\fR
@@ -441,32 +404,27 @@ options\&.
 .RE
 .PP
 \fB\-i \fR\fB\fItime\fR\fR, \fB\-\-idle\-timeout \fR\fB\fItime\fR\fR (Specify idle timeout)
 .\" --idle-timeout (Ncat option) .\" -i (Ncat option)
 .RS 4
 Set a fixed timeout for idle connections\&. If the idle timeout is reached, the connection is terminated\&.
 .RE
 .PP
 \fB\-w \fR\fB\fItime\fR\fR, \fB\-\-wait \fR\fB\fItime\fR\fR (Specify connect timeout)
 .\" --wait (Ncat option) .\" -w (Ncat option)
 .RS 4
 Set a fixed timeout for connection attempts\&.
 .RE
 .SH "OUTPUT OPTIONS"
 .PP
 \fB\-o \fR\fB\fIfile\fR\fR, \fB\-\-output \fR\fB\fIfile\fR\fR (Save session data)
 .\" --output (Ncat option) .\" -o (Ncat option)
 .RS 4
 Dump session data to a file
 .RE
 .PP
 \fB\-x \fR\fB\fIfile\fR\fR, \fB\-\-hex\-dump \fR\fB\fIfile\fR\fR (Save session data in hex)
 .\" --hex-dump (Ncat option) .\" -x (Ncat option)
 .RS 4
 Dump session data in hex to a file\&.
 .RE
 .PP
 \fB\-\-append\-output\fR (Append output)
 .\" --append-output (Ncat option)
 .RS 4
 Issue Ncat with
 \fB\-\-append\-ouput\fR
@@ -478,7 +436,6 @@ and it will append the resulted output rather than truncating the specified outp
 .RE
 .PP
 \fB\-v\fR, \fB\-\-verbose\fR (Be verbose)
 .\" --verbose (Ncat option) .\" -v (Ncat option)
 .RS 4
 Issue Ncat with
 \fB\-v\fR
@@ -488,49 +445,39 @@ and it will be verbose and display all kinds of useful connection based informat
 .SH "MISC OPTIONS"
 .PP
 \fB\-C\fR, \fB\-\-crlf\fR (Use CRLF as EOL)
 .\" --crlf (Ncat option) .\" -C (Ncat option)
 .RS 4
 This option tells Ncat to convert LF
 .\" LF line ending
 line endings to CRLF
 .\" CRLF line ending
 when taking input from standard input\&.
 .\" standard input
 This is useful for talking to some stringent servers directly from a terminal in one of the many common plain\-text protocols that use CRLF for end\-of\-line\&.
 .RE
 .PP
 \fB\-h\fR, \fB\-\-help\fR (Help screen)
 .\" --help (Ncat option) .\" -h (Ncat option)
 .RS 4
 Displays a short help screen with common options and parameters, and then exits\&.
 .RE
 .PP
 \fB\-\-recv\-only\fR (Only receive data)
 .\" --recv-only (Ncat option)
 .RS 4
 If this option is passed, Ncat will only receive data and will not try to send anything\&.
 .RE
 .PP
 \fB\-\-send\-only\fR (Only send data)
 .\" --send-only (Ncat option)
 .RS 4
 If this option is passed, then Ncat will only send data and will ignore anything received\&. This option also causes Ncat to close the network connection and terminate after EOF is received on standard input\&.
 .RE
 .PP
 \fB\-\-no\-shutdown\fR (Do not shutdown into half\-duplex mode)
 .\" --no-shutdown (Ncat option)
 .RS 4
 If this option is passed, Ncat will not invoke shutdown on a socket aftering seeing EOF on stdin\&. This is provided for backward\-compatibility with OpenBSD netcat, which exhibits this behavior when executed with its \*(Aq\-d\*(Aq option\&.
 .RE
 .PP
 \fB\-t\fR, \fB\-\-telnet\fR (Answer Telnet negotiations)
 .\" -t (Ncat option)
 .RS 4
 Handle DO/DONT WILL/WONT Telnet negotiations\&. This makes it possible to script Telnet sessions with Ncat\&.
 .RE
 .PP
 \fB\-\-version\fR (Display version)
 .\" --version (Ncat option)
 .RS 4
 Displays the Ncat version number and exits\&.
 .RE
@@ -623,7 +570,7 @@ Like its authors, Ncat isn\*(Aqt perfect\&. But you can help make it better by s
 nmap\-dev
 archives at
 \m[blue]\fB\%http://seclists.org/\fR\m[]\&.
-.\" nmap-dev mailing list
+
 Read this full manual page as well\&. If nothing comes of this, mail a bug report to
 <dev@nmap\&.org>\&. Please include everything you have learned about the problem, as well as what version of Ncat you are running and what operating system version it is running on\&. Problem reports and Ncat usage questions sent to dev@nmap\&.org are far more likely to be answered than those sent to Fyodor directly\&.
 .PP
@@ -688,8 +635,6 @@ The original Netcat was written by *Hobbit*
 Netcat (or any other implementation), Ncat is most definitely based on Netcat in spirit and functionality\&.
 .SH "LEGAL NOTICES"
 .SS "Ncat Copyright and Licensing"
 .\" copyright
 .\" GNU General Public License
 .PP
 Ncat is (C) 2005\(en2012 Insecure\&.Com LLC\&. It is distributed as free and open source software under the same license terms as our Nmap software\&. Precise terms and further details are available
 from \m[blue]\fB\%https://nmap.org/man/man-legal.html\fR\m[]\&.
@@ -706,10 +651,8 @@ Source is provided to this software because we believe users have a right to kno
 Source code also allows you to port Nmap (which includes Ncat) to new platforms, fix bugs, and add new features\&. You are highly encouraged to send your changes to
 <dev@nmap\&.org>
 for possible incorporation into the main distribution\&. By sending these changes to Fyodor or one of the Insecure\&.Org development mailing lists, it is assumed that you are offering the Nmap Project (Insecure\&.Com LLC) the unlimited, non\-exclusive right to reuse, modify, and relicense the code\&. Nmap will always be available open source,
 .\" open source
 but this is important because the inability to relicense code has caused devastating problems for other Free Software projects (such as KDE and NASM)\&. We also occasionally relicense the code to third parties as discussed in the Nmap man page\&. If you wish to specify special license conditions of your contributions, just say so when you send them\&.
-.SS "No Warranty
+.SS "No Warranty"
 .\" warranty (lack of)"
 .PP
 This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE\&. See the GNU General Public License v2\&.0 for more details at
 \m[blue]\fB\%http://www.gnu.org/licenses/gpl-2.0.html\fR\m[], or in the
@@ -718,25 +661,19 @@ file included with Nmap\&.
 .SS "Inappropriate Usage"
 .PP
 Ncat should never be installed with special privileges (e\&.g\&. suid root)\&.
 .\" suid
 That would open up a major security vulnerability as other users on the system (or attackers) could use it for privilege escalation\&.
 .SS "Third\-Party Software"
 .PP
 This product includes software developed by the
 \m[blue]\fBApache Software Foundation\fR\m[]\&\s-2\u[2]\d\s+2\&. A modified version of the
 \m[blue]\fBLibpcap portable packet capture library\fR\m[]\&\s-2\u[3]\d\s+2
 .\" libpcap
 is distributed along with Ncat\&. The Windows version of Ncat utilized the Libpcap\-derived
 \m[blue]\fBWinPcap library\fR\m[]\&\s-2\u[4]\d\s+2
 .\" WinPcap
 instead\&. Certain raw networking functions use the
 \m[blue]\fBLibdnet\fR\m[]\&\s-2\u[5]\d\s+2
 .\" libdnet
 networking library, which was written by Dug Song\&.
 .\" Song, Dug
 A modified version is distributed with Ncat\&. Ncat can optionally link with the
 \m[blue]\fBOpenSSL cryptography toolkit\fR\m[]\&\s-2\u[6]\d\s+2
 .\" OpenSSL
 for SSL version detection support\&. All of the third\-party software described in this paragraph is freely redistributable under BSD\-style software licenses\&.
 .SH "NOTES"
 .IP " 1." 4
--- a/ncat/docs/ncat.usage.txt
+++ b/ncat/docs/ncat.usage.txt
@@ -1,4 +1,4 @@
-Ncat 7.50SVN ( https://nmap.org/ncat )
+Ncat 7.60SVN ( https://nmap.org/ncat )
 Usage: ncat [options] [hostname] [port]
 Options taking a time assume seconds. Append 'ms' for milliseconds,
@@ -47,6 +47,7 @@ Options taking a time assume seconds. Append 'ms' for milliseconds,
      --ssl-verify           Verify trust and domain name of certificates
      --ssl-trustfile        PEM file containing trusted SSL certificates
      --ssl-ciphers          Cipherlist containing SSL ciphers to use
      --ssl-alpn             ALPN protocol list to use.
      --version              Display Ncat's version information and exit
 See the ncat(1) manpage for full options, descriptions and usage examples
--- a/ncat/ncat.h
+++ b/ncat/ncat.h
@@ -152,7 +152,7 @@
 /* Ncat information for output, etc. */
 #define NCAT_NAME "Ncat"
 #define NCAT_URL "https://nmap.org/ncat"
-#define NCAT_VERSION "7.50SVN"
+#define NCAT_VERSION "7.60SVN"
 #ifndef __GNUC__
 #ifndef __attribute__
--- a/ndiff/docs/ndiff.1
+++ b/ndiff/docs/ndiff.1
@@ -1,13 +1,13 @@
 '\" t
 .\"     Title: ndiff
 .\"    Author: [see the "Authors" section]
-.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
+.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
-.\"      Date: 06/13/2017
+.\"      Date: 08/01/2017
 .\"    Manual: User Commands
 .\"    Source: Ndiff
 .\"  Language: English
 .\"
-.TH "NDIFF" "1" "06/13/2017" "Ndiff" "User Commands"
+.TH "NDIFF" "1" "08/01/2017" "Ndiff" "User Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
--- a/nmap.h
+++ b/nmap.h
@@ -129,7 +129,7 @@
 *                                                                         *
 ***************************************************************************/
-/* $Id$ */
+/* $Id: nmap.h 36906 2017-07-31 22:29:24Z dmiller $ */
 #ifndef NMAP_H
 #define NMAP_H
@@ -190,13 +190,13 @@
 #ifndef NMAP_VERSION
 /* Edit this definition only within the quotes, because it is read from this
   file by the makefiles. */
-#define NMAP_VERSION "7.50SVN"
+#define NMAP_VERSION "7.60SVN"
-#define NMAP_NUM_VERSION "7.0.50.100"
+#define NMAP_NUM_VERSION "7.0.60.100"
 #endif
 /* The version number of updates retrieved by the nmap-update
   program. It can be different (but should always be the same or
   earlier) than NMAP_VERSION. */
-#define NMAP_UPDATE_CHANNEL "7.40"
+#define NMAP_UPDATE_CHANNEL "7.60"
 #define NMAP_XMLOUTPUTVERSION "1.04"
--- a/nping/docs/nping.1
+++ b/nping/docs/nping.1
@@ -1,13 +1,13 @@
 '\" t
 .\"     Title: nping
 .\"    Author: [see the "Authors" section]
-.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
+.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
-.\"      Date: 06/13/2017
+.\"      Date: 08/01/2017
 .\"    Manual: Nping Reference Guide
 .\"    Source: Nping
 .\"  Language: English
 .\"
-.TH "NPING" "1" "06/13/2017" "Nping" "Nping Reference Guide"
+.TH "NPING" "1" "08/01/2017" "Nping" "Nping Reference Guide"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -33,7 +33,6 @@ nping \- Network packet generation tool / ping utility
 .HP \w'\fBnping\fR\ 'u
 \fBnping\fR [\fIOptions\fR] {\fItargets\fR}
 .SH "DESCRIPTION"
 .\" Nping: description of
 .PP
 Nping is an open\-source tool for network packet generation, response analysis and response time measurement\&. Nping allows users to generate network packets of a wide range of protocols, letting them tune virtually any field of the protocol headers\&. While Nping can be used as a simple ping utility to detect active hosts, it can also be used as a raw packet generator for network stack stress tests, ARP poisoning, Denial of Service attacks, route tracing, and other purposes\&.
 .PP
@@ -50,9 +49,6 @@ to specify TCP Probe Mode,
 to specify the target ports; and then the two target hostnames\&.
 .PP
 \fBExample\ \&1.\ \&A representative Nping execution\fR
 .\" -c (Nping option): example of
 .\" --tcp (Nping option): example of
 .\" -p (Nping option): example of
 .sp
 .if n \{\
 .RS 4
@@ -85,8 +81,6 @@ Nping done: 2 IP addresses pinged in 4\&.01 seconds
 .SH "OPTIONS SUMMARY"
 .PP
 This options summary is printed when Nping is run with no arguments\&. It helps people remember the most common options, but is no substitute for the in\-depth documentation in the rest of this manual\&. Some obscure options aren\*(Aqt even included here\&.
 .\" summary of options (Nping)
 .\" command-line options: of Nping
 .sp
 .if n \{\
 .RS 4
@@ -215,15 +209,11 @@ SEE THE MAN PAGE FOR MANY MORE OPTIONS, DESCRIPTIONS, AND EXAMPLES
 .if n \{\
 .RE
 .\}
 .\" 
 .\" 
 .SH "TARGET SPECIFICATION"
 .\" target specification: in Nping
 .PP
 Everything on the Nping command line that isn\*(Aqt an option or an option argument is treated as a target host specification\&. Nping uses the same syntax for target specifications that Nmap does\&. The simplest case is a single target given by IP address or hostname\&.
 .PP
 Nping supports CIDR\-style
 .\" CIDR (Classless Inter-Domain Routing)
 addressing\&. You can append
 /\fInumbits\fR
 to an IPv4 address or hostname and Nping will send probes to every IP address for which the first
@@ -235,13 +225,11 @@ would send probes to the 256 hosts between 192\&.168\&.10\&.0 (binary:
 11000000 10101000 00001010 11111111), inclusive\&.
 192\&.168\&.10\&.40/24
 would ping exactly the same targets\&. Given that the host scanme\&.nmap\&.org
 .\" scanme.nmap.org
 is at the IP address 64\&.13\&.134\&.52, the specification
 scanme\&.nmap\&.org/16
 would send probes to the 65,536 IP addresses between 64\&.13\&.0\&.0 and 64\&.13\&.255\&.255\&. The smallest allowed value is
 /0, which targets the whole Internet\&. The largest value is
 /32, which targets just the named host or IP address because all address bits are fixed\&.
 .\" address ranges
 .PP
 CIDR notation is short but not always flexible enough\&. For example, you might want to send probes to 192\&.168\&.0\&.0/16 but skip any IPs ending with \&.0 or \&.255 because they may be used as subnet network and broadcast addresses\&. Nping supports this through octet range addressing\&. Rather than specify a normal IP address, you can specify a comma\-separated list of numbers or ranges for each octet\&. For example,
 192\&.168\&.0\-255\&.1\-254
@@ -289,7 +277,6 @@ or
 bcast
 sets ff:ff:ff:ff:ff:ff\&.
 .SH "GENERAL OPERATION"
 .\" general operation
 .PP
 Unlike other ping and packet generation tools, Nping supports multiple target host and port specifications\&. While this provides great flexibility, it is not obvious how Nping handles situations where there is more than one host and/or more than one port to send probes to\&. This section explains how Nping behaves in these cases\&.
 .PP
@@ -372,12 +359,10 @@ SENT (4\&.0330s) TCP 192\&.168\&.0\&.21 > 3\&.3\&.3\&.3:139
 .\}
 .RE
 .SH "PROBE MODES"
 .\" probe modes
 .PP
 Nping supports a wide variety of protocols\&. Although in some cases Nping can automatically determine the mode from the options used, it is generally a good idea to specify it explicitly\&.
 .PP
 \fB\-\-tcp\-connect\fR (TCP Connect mode)
 .\" --tcp-connect (Nping option) .\" TCP connect: in Nping .\" TCP connect
 .RS 4
 TCP connect mode is the default mode when a user does not have raw packet privileges\&. Instead of writing raw packets as most other modes do, Nping asks the underlying operating system to establish a connection with the target machine and port by issuing the
 connect
@@ -385,43 +370,35 @@ system call\&. This is the same high\-level system call that web browsers, P2P c
 .RE
 .PP
 \fB\-\-tcp\fR (TCP mode)
 .\" --tcp (Nping option)
 .RS 4
 TCP is the mode that lets users create and send any kind of TCP packet\&. TCP packets are sent embedded in IP packets that can also be tuned\&. This mode can be used for many different purposes\&. For example you could try to discover open ports by sending TCP SYN messages without completing the three\-way handshake\&. This technique is often referred to as half\-open scanning, because you don\*(Aqt open a full TCP connection\&. You send a SYN packet, as if you are going to open a real connection and then wait for a response\&. A SYN/ACK indicates the port is open, while a RST indicates it\*(Aqs closed\&. If no response is received one could assume that some intermediate network device is filtering the responses\&. Another use could be to see how a remote TCP/IP stack behaves when it receives a non\-RFC\-compliant packet, like one with both SYN and RST flags set\&. One could also do some evil by creating custom RST packets using an spoofed IP address with the intent of closing an active TCP connection\&.
 .RE
 .PP
 \fB\-\-udp\fR (UDP mode)
 .\" --udp (Nping option)
 .RS 4
 UDP mode can have two different behaviours\&. Under normal circumstances, it lets users create custom IP/UDP packets\&. However, if Nping is run by a user without raw packet privileges and no changes to the default protocol headers are requested, then Nping enters the unprivileged UDP mode which basically sends UDP packets to the specified target hosts and ports using the
 sendto
 system call\&. Note that in this unprivileged mode it is not possible to see low\-level header information of the packets on the wire but only status information about the amount of bytes that are being transmitted and received\&. UDP mode can be used to interact with any UDP\-based server\&. Examples are DNS servers, streaming servers, online gaming servers, and port knocking/single\-packet
 .\" port knocking
 authorization daemons\&.
 .RE
 .PP
 \fB\-\-icmp\fR (ICMP mode)
 .\" --icmp (Nping option)
 .RS 4
 ICMP mode is the default mode when the user runs Nping with raw packet privileges\&. Any kind of ICMP message can be created\&. The default ICMP type is Echo, i\&.e\&., ping\&. ICMP mode can be used for many different purposes, from a simple request for a timestamp or a netmask to the transmission of fake destination unreachable messages, custom redirects, and router advertisements\&.
 .RE
 .PP
 \fB\-\-arp\fR (ARP/RARP mode)
 .\" --arp (Nping option)
 .RS 4
 ARP lets you create and send a few different ARP\-related packets\&. These include ARP, RARP, DRARP, and InARP requests and replies\&. This mode can ban be used to perform low\-level host discovery, and conduct ARP\-cache poisoning attacks\&.
 .RE
 .PP
 \fB\-\-traceroute\fR (Traceroute mode)
 .\" --tcp-connect (Nping option)
 .RS 4
 Traceroute is not a mode by itself but a complement to TCP, UDP, and ICMP modes\&. When this option is specified Nping will set the IP TTL value of the first probe to 1\&. When the next router receives the packet it will drop it due to the expiration of the TTL and it will generate an ICMP destination unreachable message\&. The next probe will have a TTL of 2 so now the first router will forward the packet while the second router will be the one that drops the packet and generates the ICMP message\&. The third probe will have a TTL value of 3 and so on\&. By examining the source addresses of all those ICMP Destination Unreachable messages it is possible to determine the path that the probes take until they reach their final destination\&.
 .RE
 .\" 
 .SH "TCP CONNECT MODE"
 .PP
 \fB\-p \fR\fB\fIport_spec\fR\fR, \fB\-\-dest\-port \fR\fB\fIport_spec\fR\fR (Target ports)
 .\" --dest-port (Nping option) .\" -p (Nping option)
 .RS 4
 This option specifies which ports you want to try to connect to\&. It can be a single port, a comma\-separated list of ports (e\&.g\&.
 80,443,8080), a range (e\&.g\&.
@@ -432,7 +409,6 @@ to target ports from 1 through 65535\&. Using port zero is allowed if you specif
 .RE
 .PP
 \fB\-g \fR\fB\fIportnumber\fR\fR, \fB\-\-source\-port \fR\fB\fIportnumber\fR\fR (Spoof source port)
 .\" --source-port (Nping option) .\" -g (Nping option)
 .RS 4
 This option asks Nping to use the specified port as source port for the TCP connections\&. Note that this might not work on all systems or may require root privileges\&. Specified value must be an integer in the range [0\(en65535]\&.
 .RE
@@ -454,7 +430,6 @@ This option asks Nping to use the specified port as source port for the TCP conn
 .RE
 .PP
 \fB\-\-seq \fR\fB\fIseqnumber\fR\fR (Sequence Number)
 .\" --seq (Nping option)
 .RS 4
 Specifies the TCP sequence number\&. In SYN packets this is the initial sequence number (ISN)\&. In a normal transmission this corresponds to the sequence number of the first byte of data in the segment\&.
 \fIseqnumber\fR
@@ -462,7 +437,6 @@ must be a number in the range [0\(en4294967295]\&.
 .RE
 .PP
 \fB\-\-flags \fR\fB\fIflags\fR\fR (TCP Flags)
 .\" --flags (Nping option)
 .RS 4
 This option specifies which flags should be set in the TCP packet\&.
 \fIflags\fR
@@ -523,58 +497,48 @@ NONE
 means to set no flags\&. It is important that if you don\*(Aqt want any flag to be set, you request it explicitly because in some cases the SYN flag may be set by default\&. Here is a brief description of the meaning of each flag:
 .PP
 CWR (Congestion Window Reduced)
 .\" CWR (TCP flag)
 .RS 4
 Set by an ECN\-Capable sender when it reduces its congestion window (due to a retransmit timeout, a fast retransmit or in response to an ECN notification\&.
 .RE
 .PP
 ECN (Explicit Congestion Notification)
 .\" ECN (TCP flag)
 .RS 4
 During the three\-way handshake it indicates that sender is capable of performing explicit congestion notification\&. Normally it means that a packet with the IP Congestion Experienced flag set was received during normal transmission\&. See RFC 3168
 .\" RFC 3168
 for more information\&.
 .RE
 .PP
 URG (Urgent)
 .\" URG (TCP flag)
 .RS 4
 Segment is urgent and the urgent pointer field carries valid information\&.
 .RE
 .PP
 ACK (Acknowledgement)
 .\" ACK (TCP flag)
 .RS 4
 The segment carries an acknowledgement and the value of the acknowledgement number field is valid and contains the next sequence number that is expected from the receiver\&.
 .RE
 .PP
 PSH (Push)
 .\" PSH (TCP flag)
 .RS 4
 The data in this segment should be immediately pushed to the application layer on arrival\&.
 .RE
 .PP
 RST (Reset)
 .\" RST (TCP flag)
 .RS 4
 There was some problem and the sender wants to abort the connection\&.
 .RE
 .PP
 SYN (Synchronize)
 .\" SYN (TCP flag)
 .RS 4
 The segment is a request to synchronize sequence numbers and establish a connection\&. The sequence number field contains the sender\*(Aqs initial sequence number\&.
 .RE
 .PP
 FIN (Finish)
 .\" FIN (TCP flag)
 .RS 4
 The sender wants to close the connection\&.
 .RE
 .RE
 .PP
 \fB\-\-win \fR\fB\fIsize\fR\fR (Window Size)
 .\" --win (Nping option)
 .RS 4
 Specifies the TCP window size, this is, the number of octets the sender of the segment is willing to accept from the receiver at one time\&. This is usually the size of the reception buffer that the OS allocates for a given connection\&.
 \fIsize\fR
@@ -582,7 +546,6 @@ must be a number in the range [0\(en65535]\&.
 .RE
 .PP
 \fB\-\-badsum\fR (Invalid Checksum)
 .\" --badsum (Nping option)
 .RS 4
 Asks Nping to use an invalid TCP checksum for the packets sent to target hosts\&. Since virtually all host IP stacks properly drop these packets, any responses received are likely coming from a firewall or an IDS that didn\*(Aqt bother to verify the checksum\&. For more details on this technique, see
 \m[blue]\fB\%https://nmap.org/p60-12.html\fR\m[]\&.
@@ -590,7 +553,6 @@ Asks Nping to use an invalid TCP checksum for the packets sent to target hosts\&
 .SH "UDP MODE"
 .PP
 \fB\-p \fR\fB\fIport_spec\fR\fR, \fB\-\-dest\-port \fR\fB\fIport_spec\fR\fR (Target ports)
 .\" --dest-port (Nping option)
 .RS 4
 This option specifies which ports you want UDP datagrams to be sent to\&. It can be a single port, a comma\-separated list of ports (e\&.g\&.
 80,443,8080), a range (e\&.g\&.
@@ -601,7 +563,6 @@ to target ports from 1 through 65535\&. Using port zero is allowed if you specif
 .RE
 .PP
 \fB\-g \fR\fB\fIportnumber\fR\fR, \fB\-\-source\-port \fR\fB\fIportnumber\fR\fR (Spoof source port)
 .\" --source-port (Nping option)
 .RS 4
 This option asks Nping to use the specified port as source port for the transmitted datagrams\&. Note that this might not work on all systems or may require root privileges\&. Specified value must be an integer in the range [0\(en65535]\&.
 .RE
@@ -614,7 +575,6 @@ Asks Nping to use an invalid UDP checksum for the packets sent to target hosts\&
 .SH "ICMP MODE"
 .PP
 \fB\-\-icmp\-type \fR\fB\fItype\fR\fR (ICMP type)
 .\" --icmp-type (Nping option)
 .RS 4
 This option specifies which type of ICMP messages should be generated\&.
 \fItype\fR
@@ -627,7 +587,6 @@ the section called \(lqICMP Types\(rq\&.
 .RE
 .PP
 \fB\-\-icmp\-code \fR\fB\fIcode\fR\fR (ICMP code)
 .\" --icmp-code (Nping option)
 .RS 4
 This option specifies which ICMP code should be included in the generated ICMP messages\&.
 \fIcode\fR
@@ -640,7 +599,6 @@ the section called \(lqICMP Codes\(rq\&.
 .RE
 .PP
 \fB\-\-icmp\-id \fR\fB\fIid\fR\fR (ICMP identifier)
 .\" --icmp-id (Nping option)
 .RS 4
 This option specifies the value of the identifier used in some of the ICMP messages\&. In general it is used to match request and reply messages\&.
 \fIid\fR
@@ -648,7 +606,6 @@ must be a number in the range [0\(en65535]\&.
 .RE
 .PP
 \fB\-\-icmp\-seq \fR\fB\fIseq\fR\fR (ICMP sequence)
 .\" --icmp-seq (Nping option)
 .RS 4
 This option specifies the value of the sequence number field used in some ICMP messages\&. In general it is used to match request and reply messages\&.
 \fIid\fR
@@ -656,7 +613,6 @@ must be a number in the range [0\(en65535]\&.
 .RE
 .PP
 \fB\-\-icmp\-redirect\-addr \fR\fB\fIaddr\fR\fR (ICMP Redirect address)
 .\" --icmp-redirect-addr (Nping option)
 .RS 4
 This option sets the address field in ICMP Redirect messages\&. In other words, it sets the IP address of the router that should be used when sending IP datagrams to the original destination\&.
 \fIaddr\fR
@@ -664,7 +620,6 @@ can be either an IPv4 address or a hostname\&.
 .RE
 .PP
 \fB\-\-icmp\-param\-pointer \fR\fB\fIpointer\fR\fR (ICMP Parameter Problem pointer)
 .\" --icmp-param-pointer (Nping option)
 .RS 4
 This option specifies the pointer that indicates the location of the problem in ICMP Parameter Problem messages\&.
 \fIpointer\fR
@@ -672,7 +627,6 @@ should be a number in the range [0\(en255]\&. Normally this option is only used
 .RE
 .PP
 \fB\-\-icmp\-advert\-lifetime \fR\fB\fIttl\fR\fR (ICMP Router Advertisement Lifetime)
 .\" --icmp-advert-lifetime (Nping option)
 .RS 4
 This option specifies the router advertisement lifetime, this is, the number of seconds the information carried in an ICMP Router Advertisement can be considered valid for\&.
 \fIttl\fR
@@ -680,7 +634,6 @@ must be a positive integer in the range [0\(en65535]\&.
 .RE
 .PP
 \fB\-\-icmp\-advert\-entry \fR\fB\fIaddr\fR\fR\fB,\fR\fB\fIpref\fR\fR (ICMP Router Advertisement Entry)
 .\" --icmp-advert-entry (Nping option)
 .RS 4
 This option adds a Router Advertisement entry to an ICMP Router Advertisement message\&. The parameter must be two values separated by a comma\&.
 \fIaddr\fR
@@ -691,7 +644,6 @@ is the preference level for the specified IP\&. It must be a number in the range
 .RE
 .PP
 \fB\-\-icmp\-orig\-time \fR\fB\fItimestamp\fR\fR (ICMP Originate Timestamp)
 .\" --icmp-orig-time (Nping option)
 .RS 4
 This option sets the Originate Timestamp in ICMP Timestamp messages\&. The Originate Timestamp is expressed as the number of milliseconds since midnight UTC and it corresponds to the time the sender last touched the Timestamp message before its transmission\&.
 \fItimestamp\fR
@@ -707,7 +659,6 @@ now, for example
 .RE
 .PP
 \fB\-\-icmp\-recv\-time \fR\fB\fItimestamp\fR\fR (ICMP Receive Timestamp)
 .\" --icmp-recv-time (Nping option)
 .RS 4
 This option sets the Receive Timestamp in ICMP Timestamp messages\&. The Receive Timestamp is expressed as the number of milliseconds since midnight UTC and it corresponds to the time the echoer first touched the Timestamp message on receipt\&.
 \fItimestamp\fR
@@ -716,7 +667,6 @@ is as with
 .RE
 .PP
 \fB\-\-icmp\-trans\-time \fR\fB\fItimestamp\fR\fR (ICMP Transmit Timestamp)
 .\" --icmp-trans-time (Nping option)
 .RS 4
 This option sets the Transmit Timestamp in ICMP Timestamp messages\&. The Transmit Timestamp is expressed as the number of milliseconds since midnight UTC and it corresponds to the time the echoer last touched the Timestamp message before its transmission\&.
 \fItimestamp\fR
@@ -724,11 +674,9 @@ is as with
 \fB\-\-icmp\-orig\-time\fR\&.
 .RE
 .SS "ICMP Types"
 .\" ICMP types: mnemonics of, in Nping
 .PP
 These identifiers may be used as mnemonics for the ICMP type numbers given to the
 \fB\-\-icmp\-type\fR
 .\" --icmp-type (Nping option)
 option\&. In general there are three forms of each identifier: the full name (e\&.g\&.
 destination\-unreachable), the short name (e\&.g\&.
 dest\-unr), or the initials (e\&.g\&.
@@ -821,16 +769,12 @@ Address Mask Reply (type 18)\&. This message contains a subnet mask and is sent
 traceroute, trace, tc
 .RS 4
 Traceroute (type 30)\&. This message is normally sent by an intermediate device when it receives an IP datagram with a traceroute option\&. ICMP Traceroute messages are still experimental, see RFC 1393
 .\" RFC 1393
 for more information\&.
 .RE
 .\" 
 .SS "ICMP Codes"
 .\" ICMP codes: mnemonics of, in Nping
 .PP
 These identifiers may be used as mnemonics for the ICMP code numbers given to the
 \fB\-\-icmp\-code\fR
 .\" --icmp-code (Nping option)
 option\&. They are listed by the ICMP type they correspond to\&.
 .sp
 .it 1 an-trap
@@ -933,7 +877,6 @@ Code 15\&. Precedence value in the IP TOS field is lower than the minimum allowe
 redirect\-network, redi\-net, net
 .RS 4
 Code 0\&. Redirect all future datagrams with the same destination network as the original datagram, to the router specified in the Address field\&. The use of this code is prohibited by RFC 1812\&.
 .\" RFC 1812
 .RE
 .PP
 redirect\-host, redi\-host, host
@@ -1015,11 +958,9 @@ bad\-length, bad\-len, badlen
 Code 2\&. The length of the IP datagram is incorrect\&.
 .RE
 .RE
 .\" 
 .SH "ARP MODE"
 .PP
 \fB\-\-arp\-type \fR\fB\fItype\fR\fR (ICMP Type)
 .\" --arp-type (Nping option)
 .RS 4
 This option specifies which type of ARP messages should be generated\&.
 \fItype\fR
@@ -1032,7 +973,6 @@ the section called \(lqARP Types\(rq\&.
 .RE
 .PP
 \fB\-\-arp\-sender\-mac \fR\fB\fImac\fR\fR (Sender MAC address)
 .\" --arp-sender-mac (Nping option)
 .RS 4
 This option sets the Sender Hardware Address field of the ARP header\&. Although ARP supports many types of link layer addresses, currently Nping only supports MAC addresses\&.
 \fImac\fR
@@ -1042,7 +982,6 @@ must be specified using the traditional MAC notation (e\&.g\&.
 .RE
 .PP
 \fB\-\-arp\-sender\-ip \fR\fB\fIaddr\fR\fR (Sender IP address)
 .\" --arp-sender-ip (Nping option)
 .RS 4
 This option sets the Sender IP field of the ARP header\&.
 \fIaddr\fR
@@ -1050,22 +989,18 @@ can be given as an IPv4 address or a hostname\&.
 .RE
 .PP
 \fB\-\-arp\-target\-mac \fR\fB\fImac\fR\fR (target MAC address)
 .\" --arp-target-mac (Nping option)
 .RS 4
 This option sets the Target Hardware Address field of the ARP header\&.
 .RE
 .PP
 \fB\-\-arp\-target\-ip \fR\fB\fIaddr\fR\fR (target ip address)
 .\" --arp-target-ip (Nping option)
 .RS 4
 This option sets the Target IP field of the ARP header\&.
 .RE
 .SS "ARP Types"
 .\" ARP types: mnemonics of, in Nping
 .PP
 These identifiers may be used as mnemonics for the ARP type numbers given to the
 \fB\-\-arp\-type\fR
 .\" --arp-type (Nping option)
 option\&.
 .PP
 arp\-request, arp, a
@@ -1081,7 +1016,6 @@ ARP Reply (type 2)\&. An ARP reply is a message that a host sends in response to
 rarp\-request, rarp, r
 .RS 4
 RARP Requests (type 3)\&. RARP requests are used to translate a link layer address (normally a MAC address) to a network layer address (usually an IP address)\&. Basically a RARP request is a broadcasted message sent by a host that wants to know his own IP address because it doesn\*(Aqt have any\&. It was the first protocol designed to solve the bootstrapping problem\&. However, RARP is now obsolete and DHCP is used instead\&. For more information about RARP see RFC 903\&.
 .\" RFC 903
 .RE
 .PP
 rarp\-reply, rarp\-rep, rr
@@ -1092,7 +1026,6 @@ RARP Reply (type 4)\&. A RARP reply is a message sent in response to a RARP requ
 drarp\-request, drarp, d
 .RS 4
 Dynamic RARP Request (type 5)\&. Dynamic RARP is an extension to RARP used to obtain or assign a network layer address from a fixed link layer address\&. DRARP was used mainly in Sun Microsystems platforms in the late 90\*(Aqs but now it\*(Aqs no longer used\&. See RFC 1931
 .\" RFC 1931
 for more information\&.
 .RE
 .PP
@@ -1109,7 +1042,6 @@ DRARP Error (type 7)\&. DRARP Error messages are usually sent in response to DRA
 inarp\-request, inarp, i
 .RS 4
 Inverse ARP Request (type 8)\&. InARP requests are used to translate a link layer address to a network layer address\&. It is similar to RARP request but in this case, the sender of the InARP request wants to know the network layer address of another node, not its own address\&. InARP is mainly used in Frame Relay and ATM networks\&. For more information see RFC 2390\&.
 .\" RFC 2390
 .RE
 .PP
 inarp\-reply, inarp\-rep, ir
@@ -1120,14 +1052,11 @@ Inverse ARP Reply (type 9)\&. InARP reply messages are sent in response to InARP
 arp\-nak, an
 .RS 4
 ARP NAK (type 10)\&. ARP NAK messages are an extension to the ATMARP protocol and they are used to improve the robustness of the ATMARP server mechanism\&. With ARP NAK, a client can determine the difference between a catastrophic server failure and an ATMARP table lookup failure\&. See RFC 1577
 .\" RFC 1577
 for more information\&.
 .RE
 .\" 
 .SH "IPV4 OPTIONS"
 .PP
 \fB\-S \fR\fB\fIaddr\fR\fR, \fB\-\-source\-ip \fR\fB\fIaddr\fR\fR (Source IP Address)
 .\" --source-ip (Nping option) .\" -S (Nping option)
 .RS 4
 Sets the source IP address\&. This option lets you specify a custom IP address to be used as source IP address in sent packets\&. This allows spoofing the sender of the packets\&.
 \fIaddr\fR
@@ -1135,24 +1064,20 @@ can be an IPv4 address or a hostname\&.
 .RE
 .PP
 \fB\-\-dest\-ip \fR\fB\fIaddr\fR\fR (Destination IP Address)
 .\" --dest-ip (Nping option)
 .RS 4
 Adds a target to Nping\*(Aqs target list\&. This option is provided for consistency but its use is deprecated in favor of plain target specifications\&. See
 the section called \(lqTARGET SPECIFICATION\(rq\&.
 .RE
 .PP
 \fB\-\-tos \fR\fB\fItos\fR\fR (Type of Service)
 .\" --tos (Nping option)
 .RS 4
 Sets the IP TOS field\&. The TOS field is used to carry information to provide quality of service features\&. It is normally used to support a technique called Differentiated Services\&. See RFC 2474
 .\" RFC 2474
 for more information\&.
 \fItos\fR
 must be a number in the range [0\(en255]\&.
 .RE
 .PP
 \fB\-\-id \fR\fB\fIid\fR\fR (Identification)
 .\" --id (Nping option)
 .RS 4
 Sets the IPv4 Identification field\&. The Identification field is a 16\-bit value that is common to all fragments belonging to a particular message\&. The value is used by the receiver to reassemble the original message from the fragments received\&.
 \fIid\fR
@@ -1160,19 +1085,16 @@ must be a number in the range [0\(en65535]\&.
 .RE
 .PP
 \fB\-\-df\fR (Don\*(Aqt Fragment)
 .\" --df (Nping option)
 .RS 4
 Sets the Don\*(Aqt Fragment bit in sent packets\&. When an IP datagram has its DF flag set, intermediate devices are not allowed to fragment it so if it needs to travel across a network with a MTU smaller that datagram length the datagram will have to be dropped\&. Normally an ICMP Destination Unreachable message is generated and sent back to the sender\&.
 .RE
 .PP
 \fB\-\-mf\fR (More Fragments)
 .\" --mf (Nping option)
 .RS 4
 Sets the More Fragments bit in sent packets\&. The MF flag is set to indicate the receiver that the current datagram is a fragment of some larger datagram\&. When set to zero it indicates that the current datagram is either the last fragment in the set or that it is the only fragment\&.
 .RE
 .PP
 \fB\-\-ttl \fR\fB\fIhops\fR\fR (Time To Live)
 .\" --ttl (Nping option)
 .RS 4
 Sets the IPv4 Time\-To\-Live (TTL) field in sent packets to the given value\&. The TTL field specifies how long the datagram is allowed to exist on the network\&. It was originally intended to represent a number of seconds but it actually represents the number of hops a packet can traverse before being dropped\&. The TTL tries to avoid a situation in which undeliverable datagrams keep being forwarded from one router to another endlessly\&.
 \fIhops\fR
@@ -1180,13 +1102,11 @@ must be a number in the range [0\(en255]\&.
 .RE
 .PP
 \fB\-\-badsum\-ip\fR (Invalid IP checksum)
 .\" --badsum-ip (Nping option)
 .RS 4
 Asks Nping to use an invalid IP checksum for packets sent to target hosts\&. Note that some systems (like most Linux kernels), may fix the checksum before placing the packet on the wire, so even if Nping shows the incorrect checksum in its output, the packets may be transparently corrected by the kernel\&.
 .RE
 .PP
 \fB\-\-ip\-options \fR\fB\fIS|R [route]|L [route]|T|U \&.\&.\&.\fR\fR, \fB\-\-ip\-options \fR\fB\fIhex string\fR\fR (IP Options)
 .\" --ip-options (Nping option)
 .RS 4
 The IP protocol offers several options which may be placed in packet headers\&. Unlike the ubiquitous TCP options, IP options are rarely seen due to practicality and security concerns\&. In fact, many Internet routers block the most dangerous options such as source routing\&. Yet options can still be useful in some cases for determining and manipulating the network route to target machines\&. For example, you may be able to use the record route option to determine a path to a target even when more traditional traceroute\-style approaches fail\&. Or if your packets are being dropped by a certain firewall, you may be able to specify a different route with the strict or loose source routing options\&.
 .sp
@@ -1210,7 +1130,6 @@ For more information and examples of using IP options with Nping, see the mailin
 .RE
 .PP
 \fB\-\-mtu \fR\fB\fIsize\fR\fR (Maximum Transmission Unit)
 .\" --mtu (Nping option)
 .RS 4
 This option sets a fictional MTU in Nping so IP datagrams larger than
 \fIsize\fR
@@ -1221,7 +1140,6 @@ must be specified in bytes and corresponds to the number of octets that can be c
 .SH "IPV6 OPTIONS"
 .PP
 \fB\-6\fR, \fB\-\-ipv6\fR (Use IPv6)
 .\" --ipv6 (Nping option) .\" -6 (Nping option)
 .RS 4
 Tells Nping to use IP version 6 instead of the default IPv4\&. It is generally a good idea to specify this option as early as possible in the command line so Nping can parse it soon and know in advance that the rest of the parameters refer to IPv6\&. The command syntax is the same as usual except that you also add the
 \fB\-6\fR
@@ -1235,7 +1153,6 @@ Please note that IPv6 support is still highly experimental and many modes and op
 .RE
 .PP
 \fB\-S \fR\fB\fIaddr\fR\fR, \fB\-\-source\-ip \fR\fB\fIaddr\fR\fR (Source IP Address)
 .\" --source-ip (Nping option)
 .RS 4
 Sets the source IP address\&. This option lets you specify a custom IP address to be used as source IP address in sent packets\&. This allows spoofing the sender of the packets\&.
 \fIaddr\fR
@@ -1243,36 +1160,30 @@ can be an IPv6 address or a hostname\&.
 .RE
 .PP
 \fB\-\-dest\-ip \fR\fB\fIaddr\fR\fR (Destination IP Address)
 .\" --dest-ip (Nping option)
 .RS 4
 Adds a target to Nping\*(Aqs target list\&. This option is provided for consistency but its use is deprecated in favor of plain target specifications\&. See
 the section called \(lqTARGET SPECIFICATION\(rq\&.
 .RE
 .PP
 \fB\-\-flow \fR\fB\fIlabel\fR\fR (Flow Label)
 .\" --flow (Nping option)
 .RS 4
 Sets the IPv6 Flow Label\&. The Flow Label field is 20 bits long and is intended to provide certain quality\-of\-service properties for real\-time datagram delivery\&. However, it has not been widely adopted, and not all routers or endpoints support it\&. Check RFC 2460
 .\" RFC 2560
 for more information\&.
 \fIlabel\fR
 must be an integer in the range [0\(en1048575]\&.
 .RE
 .PP
 \fB\-\-traffic\-class \fR\fB\fIclass\fR\fR (Traffic Class)
 .\" --traffic-class (Nping option)
 .RS 4
 Sets the IPv6 Traffic Class\&. This field is similar to the TOS field in IPv4, and is intended to provide the Differentiated Services method, enabling scalable service discrimination in the Internet without the need for per\-flow state and signaling at every hop\&. Check RFC 2474
 .\" RFC 2474
 for more information\&.
 \fIclass\fR
 must be an integer in the range [0\(en255]\&.
 .RE
 .PP
 \fB\-\-hop\-limit \fR\fB\fIhops\fR\fR (Hop Limit)
 .\" --hop-limit (Nping option)
 .RS 4
-.\" hop limit (IPv6)
+
 Sets the IPv6 Hop Limit field in sent packets to the given value\&. The Hop Limit field specifies how long the datagram is allowed to exist on the network\&. It represents the number of hops a packet can traverse before being dropped\&. As with the TTL in IPv4, IPv6 Hop Limit tries to avoid a situation in which undeliverable datagrams keep being forwarded from one router to another endlessly\&.
 \fIhops\fR
 must be a number in the range [0\(en255]\&.
@@ -1282,7 +1193,6 @@ must be a number in the range [0\(en255]\&.
 In most cases Nping sends packets at the raw IP level\&. This means that Nping creates its own IP packets and transmits them through a raw socket\&. However, in some cases it may be necessary to send packets at the raw Ethernet level\&. This happens, for example, when Nping is run under Windows (as Microsoft has disabled raw socket support since Windows XP SP2), or when Nping is asked to send ARP packets\&. Since in some cases it is necessary to construct ethernet frames, Nping offers some options to manipulate the different fields\&.
 .PP
 \fB\-\-dest\-mac \fR\fB\fImac\fR\fR (Ethernet Destination MAC Address)
 .\" --dest-mac (Nping option)
 .RS 4
 This option sets the destination MAC address that should be set in outgoing Ethernet frames\&. This is useful in case Nping can\*(Aqt determine the next hop\*(Aqs MAC address or when you want to route probes through a router other than the configured default gateway\&. The MAC address should have the usual format of six colon\-separated bytes, e\&.g\&.
 00:50:56:d4:01:98\&. Alternatively, hyphens may be used instead of colons\&. Use the word
@@ -1297,14 +1207,12 @@ to use ff:ff:ff:ff:ff:ff\&. If you set up a bogus destination MAC address your p
 .RE
 .PP
 \fB\-\-source\-mac \fR\fB\fImac\fR\fR (Ethernet Source MAC Address)
 .\" --source-mac (Nping option)
 .RS 4
 This option sets the source MAC address that should be set in outgoing Ethernet frames\&. This is useful in case Nping can\*(Aqt determine your network interface MAC address or when you want to inject traffic into the network while hiding your network card\*(Aqs real address\&. The syntax is the same as for
 \-\-dest\-mac\&. If you set up a bogus source MAC address you may not receive probe replies\&.
 .RE
 .PP
 \fB\-\-ether\-type \fR\fB\fItype\fR\fR (Ethertype)
 .\" --ether-type (Nping option)
 .RS 4
 This option sets the Ethertype field of the ethernet frame\&. The Ethertype is used to indicate which protocol is encapsulated in the payload\&.
 \fItype\fR
@@ -1316,11 +1224,9 @@ for IP version 4), or one of the mnemonics from
 the section called \(lqEthernet Types\(rq\&.
 .RE
 .SS "Ethernet Types"
 .\" Ethernet types: mnemonics of, in Nping
 .PP
 These identifiers may be used as mnemonics for the Ethertype numbers given to the
 \fB\-\-arp\-type\fR
 .\" --arp-type (Nping option)
 option\&.
 .PP
 ipv4, ip, 4
@@ -1447,11 +1353,9 @@ frrr
 .RS 4
 Fast Roaming Remote Request (type 0x890D)\&.
 .RE
 .\" 
 .SH "PAYLOAD OPTIONS"
 .PP
 \fB\-\-data \fR\fB\fIhex string\fR\fR (Append custom binary data to sent packets)
 .\" --data (Nping option)
 .RS 4
 This option lets you include binary data as payload in sent packets\&.
 \fIhex string\fR
@@ -1468,7 +1372,6 @@ no byte\-order conversion is performed\&. Make sure you specify the information
 .RE
 .PP
 \fB\-\-data\-string \fR\fB\fIstring\fR\fR (Append custom string to sent packets)
 .\" --data-string (Nping option)
 .RS 4
 This option lets you include a regular string as payload in sent packets\&.
 \fIstring\fR
@@ -1477,7 +1380,6 @@ can contain any string\&. However, note that some characters may depend on your
 .RE
 .PP
 \fB\-\-data\-length \fR\fB\fIlen\fR\fR (Append random data to sent packets)
 .\" --data-length (Nping option)
 .RS 4
 This option lets you include
 \fIlen\fR
@@ -1499,7 +1401,6 @@ Internally, client and server communicate over an encrypted and authenticated ch
 The following paragraphs describe the different options available in Nping\*(Aqs Echo mode\&.
 .PP
 \fB\-\-ec \fR\fB\fIpassphrase\fR\fR, \fB\-\-echo\-client \fR\fB\fIpassphrase\fR\fR (Run Echo client)
 .\" --echo-client (Nping option) .\" --ec (Nping option)
 .RS 4
 This option tells Nping to run as an Echo client\&.
 \fIpassphrase\fR
@@ -1516,7 +1417,6 @@ or
 .RE
 .PP
 \fB\-\-es \fR\fB\fIpassphrase\fR\fR, \fB\-\-echo\-server \fR\fB\fIpassphrase\fR\fR (Run Echo server)
 .\" --echo-server (Nping option) .\" --es (Nping option)
 .RS 4
 This option tells Nping to run as an Echo server\&.
 \fIpassphrase\fR
@@ -1526,7 +1426,6 @@ is a sequence of ASCII characters that is used used to generate the cryptographi
 .RE
 .PP
 \fB\-\-ep \fR\fB\fIport\fR\fR, \fB\-\-echo\-port \fR\fB\fIport\fR\fR (Set Echo TCP port number)
 .\" --echo-port (Nping option) .\" --ep (Nping option)
 .RS 4
 This option asks Nping to use the specified TCP port number for the Echo side channel connection\&. If this option is used with
 \fB\-\-echo\-server\fR, it specifies the port on which the server listens for connections\&. If it is used with
@@ -1534,7 +1433,6 @@ This option asks Nping to use the specified TCP port number for the Echo side ch
 .RE
 .PP
 \fB\-\-nc\fR, \fB\-\-no\-crypto\fR (Disable encryption and authentication)
 .\" --no-crypto (Nping option) .\" --nc (Nping option)
 .RS 4
 This option asks Nping not to use any cryptographic operations during an Echo session\&. In practical terms, this means that the Echo side channel session data will be transmitted in the clear, and no authentication will be performed by the server or client during the session establishment phase\&. When
 \fB\-\-no\-crypto\fR
@@ -1550,13 +1448,11 @@ The \-\-no\-crypto flag might be useful when setting up a public Echo server, be
 .RE
 .PP
 \fB\-\-once\fR (Serve one client and quit)
 .\" --once (Nping option)
 .RS 4
 This option asks the Echo server to quit after serving one client\&. This is useful when only a single Echo session wants to be established as it eliminates the need to access the remote host to shutdown the server\&.
 .RE
 .PP
 \fB\-\-safe\-payloads\fR (Zero application data before echoing a packet)
 .\" --safe-payloads (Nping option)
 .RS 4
 This option asks the Echo server to erase any application layer data found in client packets before echoing them\&. When the option is enabled, the Echo server parses the packets received from Echo clients and tries to determine if they contain data beyond the transport layer\&. If such data is found, it is overwritten with zeroes before transmitting the packets to the appropriate Echo client\&.
 .sp
@@ -1566,7 +1462,6 @@ Echo servers can handle multiple simultaneous clients running multiple echo sess
 The following examples illustrate how Nping\*(Aqs Echo mode can be used to discover intermediate devices\&.
 .PP
 \fBExample\ \&2.\ \&Discovering NAT devices\fR
 .\" --echo-client (Nping option): example of
 .sp
 .if n \{\
 .RS 4
@@ -1627,7 +1522,6 @@ In this example, the output is a bit more tricky\&. The absence of error message
 .SH "TIMING AND PERFORMANCE OPTIONS"
 .PP
 \fB\-\-delay \fR\fB\fItime\fR\fR (Delay between probes)
 .\" --delay (Nping option)
 .RS 4
 This option lets you control for how long will Nping wait before sending the next probe\&. Like in many other ping tools, the default delay is one second\&.
 \fItime\fR
@@ -1646,7 +1540,6 @@ for hours (e\&.g\&.
 .RE
 .PP
 \fB\-\-rate \fR\fB\fIrate\fR\fR (Send probes at a given rate)
 .\" --rate (Nping option)
 .RS 4
 This option specifies the number of probes that Nping should send per second\&. This option and
 \fB\-\-delay\fR
@@ -1658,19 +1551,16 @@ is the same as
 .SH "MISCELLANEOUS OPTIONS"
 .PP
 \fB\-h\fR, \fB\-\-help\fR (Display help)
 .\" --help (Nping option) .\" --h (Nping option)
 .RS 4
 Displays help information and exits\&.
 .RE
 .PP
 \fB\-V\fR, \fB\-\-version\fR (Display version)
 .\" --version (Nping option) .\" -V (Nping option)
 .RS 4
 Displays the program\*(Aqs version number and quits\&.
 .RE
 .PP
 \fB\-c \fR\fB\fIrounds\fR\fR, \fB\-\-count \fR\fB\fIrounds\fR\fR (Stop after a given number of rounds)
 .\" --count (Nping option) .\" -c (Nping option)
 .RS 4
 This option lets you specify the number of times that Nping should loop over target hosts (and in some cases target ports)\&. Nping calls these
 \(lqrounds\(rq\&. In a basic execution with only one target (and only one target port in TCP/UDP modes), the number of rounds matches the number of probes sent to the target host\&. However, in more complex executions where Nping is run against multiple targets and multiple ports, the number of rounds is the number of times that Nping sends a complete set of probes that covers all target IPs and all target ports\&. For example, if Nping is asked to send TCP SYN packets to hosts 192\&.168\&.1\&.0\-255 and ports 80 and 433, then 256 \(mu 2\ \&=\ \&512 packets are sent in one round\&. So if you specify
@@ -1678,7 +1568,6 @@ This option lets you specify the number of times that Nping should loop over tar
 .RE
 .PP
 \fB\-e \fR\fB\fIname\fR\fR, \fB\-\-interface \fR\fB\fIname\fR\fR (Set the network interface to be used)
 .\" --interface (Nping option) .\" -e (Nping option)
 .RS 4
 This option tells Nping what interface should be used to send and receive packets\&. Nping should be able to detect this automatically, but it will tell you if it cannot\&.
 \fIname\fR
@@ -1686,34 +1575,28 @@ must be the name of an existing network interface with an assigned IP address\&.
 .RE
 .PP
 \fB\-\-privileged\fR (Assume that the user is fully privileged)
 .\" --privileged (Nping option)
 .RS 4
 Tells Nping to simply assume that it is privileged enough to perform raw socket sends, packet sniffing, and similar operations that usually require special privileges\&. By default Nping quits if such operations are requested by a user that has no root or administrator privileges\&. This option may be useful on Linux, BSD or similar systems that can be configured to allow unprivileged users to perform raw\-packet transmissions\&. The
 \fBNPING_PRIVILEGED\fR
 .\" NPING_PRIVILEGED environment variable
 environment variable may be set as an alternative to using
 \fB\-\-privileged\fR\&.
 .RE
 .PP
 \fB\-\-unprivileged\fR (Assume that the user lacks raw socket privileges)
 .\" --unprivileged (Nping option)
 .RS 4
 This option is the opposite of
 \fB\-\-privileged\fR\&. It tells Nping to treat the user as lacking network raw socket and sniffing privileges\&. This is useful for testing, debugging, or when the raw network functionality of your operating system is somehow broken\&. The
 \fBNPING_UNPRIVILEGED\fR
 .\" NPING_UNPRIVILEGED environment variable
 environment variable may be set as an alternative to using
 \fB\-\-unprivileged\fR\&.
 .RE
 .PP
 \fB\-\-send\-eth\fR (Use raw ethernet sending)
 .\" --send-eth (Nping option)
 .RS 4
 Asks Nping to send packets at the raw ethernet (data link) layer rather than the higher IP (network) layer\&. By default, Nping chooses the one which is generally best for the platform it is running on\&. Raw sockets (IP layer) are generally most efficient for Unix machines, while ethernet frames are required for Windows operation since Microsoft disabled raw socket support\&. Nping still uses raw IP packets despite this option when there is no other choice (such as non\-ethernet connections)\&.
 .RE
 .PP
 \fB\-\-send\-ip\fR (Send at raw IP level)
 .\" --send-ip (Nping option)
 .RS 4
 Asks Nping to send packets via raw IP sockets rather than sending lower level ethernet frames\&. It is the complement to the
 \fB\-\-send\-eth\fR
@@ -1721,30 +1604,25 @@ option\&.
 .RE
 .PP
 \fB\-\-bpf\-filter \fR\fB\fIfilter spec\fR\fR \fB\-\-filter \fR\fB\fIfilter spec\fR\fR (Set custom BPF filter)
 .\" --bpf-filter (Nping option) .\" --filter (Nping option)
 .RS 4
 This option lets you use a custom BPF filter\&. By default Nping chooses a filter that is intended to capture most common responses to the particular probes that are sent\&. For example, when sending TCP packets, the filter is set to capture packets whose destination port matches the probe\*(Aqs source port or ICMP error messages that may be generated by the target or any intermediate device as a result of the probe\&. If for some reason you expect strange packets in response to sent probes or you just want to sniff a particular kind of traffic, you can specify a custom filter using the BPF syntax used by tools like tcpdump\&.
 .\" tcpdump
 See the documentation at
 \m[blue]\fB\%http://www.tcpdump.org/\fR\m[]
 for more information\&.
 .RE
 .PP
 \fB\-H\fR, \fB\-\-hide\-sent\fR (Do not display sent packets)
 .\" --hide-sent (Nping option) .\" -H (Nping option)
 .RS 4
 This option tells Nping not to print information about sent packets\&. This can be useful when using very short inter\-probe delays (i\&.e\&., when flooding), because printing information to the standard output has a computational cost and disabling it can probably speed things up a bit\&. Also, it may be useful when using Nping to detect active hosts or open ports (e\&.g\&. sending probes to all TCP ports in a /24 subnet)\&. In that case, users may not want to see thousands of sent probes but just the replies generated by active hosts\&.
 .RE
 .PP
 \fB\-N\fR, \fB\-\-no\-capture\fR (Do not attempt to capture replies)
 .\" --no-capture (Nping option) .\" -N (Nping option)
 .RS 4
 This option tells Nping to skip packet capture\&. This means that packets in response to sent probes will not be processed or displayed\&. This can be useful when doing flooding and network stack stress tests\&. Note that when this option is specified, most of the statistics shown at the end of the execution will be useless\&. This option does not work with TCP Connect mode\&.
 .RE
 .SH "OUTPUT OPTIONS"
 .PP
 \fB\-v\fR\fB[\fIlevel\fR]\fR, \fB\-\-verbose \fR\fB[\fIlevel\fR]\fR (Increase or set verbosity level)
 .\" --verbose (Nping option) .\" -v (Nping option)
 .RS 4
 Increases the verbosity level, causing Nping to print more information during its execution\&. There are 9 levels of verbosity (\-4 to 4)\&. Every instance of
 \fB\-v\fR
@@ -1754,7 +1632,6 @@ decrements the verbosity level by one\&. Alternatively you can specify the level
 \fB\-v3\fR
 or
 \fB\-v\-1\fR\&. These are the available levels:
 .\" verbosity levels of Nping
 .PP
 Level \-4
 .RS 4
@@ -1803,13 +1680,11 @@ Same as level 3\&.
 .RE
 .PP
 \fB\-q\fR\fB[\fIlevel\fR]\fR, \fB\-\-reduce\-verbosity \fR\fB[\fIlevel\fR]\fR (Decrease verbosity level)
 .\" --reduce-verbosity (Nping option) .\" -q (Nping option)
 .RS 4
 Decreases the verbosity level, causing Nping to print less information during its execution\&.
 .RE
 .PP
 \fB\-d\fR\fB[\fIlevel\fR]\fR (Increase or set debugging level)
 .\" -d (Nping option)
 .RS 4
 When even verbose mode doesn\*(Aqt provide sufficient data for you, debugging is available to flood you with much more! As with the
 \fB\-v\fR, debugging is enabled with a command\-line flag
@@ -1822,7 +1697,7 @@ to set the level directly; for example
 \fB\-d4\fR\&.
 .sp
 Debugging output is useful when you suspect a bug in Nping, or if you are simply confused as to what Nping is doing and why\&. As this feature is mostly intended for developers, debug lines aren\*(Aqt always self\-explanatory\&. You may get something like
-.\" Nsock: debug output of
+
 .sp
 .if n \{\
 .RS 4
@@ -1835,7 +1710,6 @@ NSOCK (1\&.0000s) Callback: TIMER SUCCESS for EID 12; tcpconnect_event_handler()
 .\}
 .sp
 If you don\*(Aqt understand a line, your only recourses are to ignore it, look it up in the source code, or request help from the development list (nmap\-dev)\&. Some lines are self\-explanatory, but the messages become more obscure as the debug level is increased\&. These are the available levels:
 .\" debug levels of Nping
 .PP
 Level 0
 .RS 4
@@ -1865,7 +1739,6 @@ Like level 3 but also displays messages only a real Nping freak would want to se
 Level 5
 .RS 4
 Like level 4 but it enables basic debug information related to external libraries like Nsock\&.
 .\" Nsock
 .RE
 .PP
 Level 6
@@ -1874,7 +1747,6 @@ Like level 5 but it enables full, very detailed, debug information related to ex
 .RE
 .RE
 .SH "BUGS"
 .\" bugs, reporting
 .PP
 Like its author, Nping isn\*(Aqt perfect\&. But you can help make it better by sending bug reports or even writing patches\&. If Nping doesn\*(Aqt behave the way you expect, first upgrade to the latest Nmap version available from
 \m[blue]\fB\%https://nmap.org/download.html\fR\m[]\&. If the problem persists, do some research to determine whether it has already been discovered and addressed\&. Try searching for the error message on our search page at
@@ -1883,7 +1755,6 @@ or at Google\&. Also try browsing the
 nmap\-dev
 archives at
 \m[blue]\fB\%http://seclists.org/\fR\m[]
 .\" nmap-dev mailing list
 Read this full manual page as well\&. If nothing comes out of this, mail a bug report to
 <dev@nmap\&.org>\&. Please include everything you have learned about the problem, as well as what version of Nping you are running and what operating system version it is running on\&. Problem reports and Nping usage questions sent to
 <dev@nmap\&.org>
--- a/nping/nping.h
+++ b/nping/nping.h
@@ -342,7 +342,7 @@
 /* General tunable defines  **************************************************/
 #define NPING_NAME "Nping"
 #define NPING_URL "https://nmap.org/nping"
-#define NPING_VERSION "0.7.50SVN"
+#define NPING_VERSION "0.7.60SVN"
 #define DEFAULT_VERBOSITY VB_0
--- a/zenmap/share/zenmap/config/zenmap_version
+++ b/zenmap/share/zenmap/config/zenmap_version
@@ -1 +1 @@
-7.50SVN
+7.60SVN
--- a/zenmap/zenmapCore/Version.py
+++ b/zenmap/zenmapCore/Version.py
@@ -1 +1 @@
-VERSION = "7.50SVN"
+VERSION = "7.60SVN"