o Added initial SCTP port scanning support to Nmap. SCTP is

a layer 4 protocol used mostly for telephony related applications. This brings the following new features: o SCTP INIT chunk port scan (-sY): open ports return an INIT-ACK chunk, closed ones an ABORT chunk. This is the SCTP equivalent of a TCP SYN stealth scan. o SCTP COOKIE-ECHO chunk port scan (-sZ): open ports are silent, closed ports return an ABORT chunk. o SCTP INIT chunk ping probes (-PY): host discovery using SCTP INIT chunk packets. o SCTP-specific IP protocol scan (-sO -p sctp). o SCTP-specific traceroute support (--traceroute). o The ability to use the deprecated Adler32 algorithm as specified in RFC 2960 instead of CRC32C from RFC 4960 (--adler32). o 42 well-known SCTP ports were added to the nmap-services file. Part of the work on SCTP support was kindly sponsored by Compass Security AG, Switzerland. [Daniel Roethlisberger]
2026-01-02 04:49:02 +00:00 · 2009-06-03 23:15:45 +00:00
parent 99c4008c03
commit 50830f7488
36 changed files with 1333 additions and 152 deletions
--- a/nmap.h
+++ b/nmap.h
@@ -218,6 +218,11 @@ void *realloc();
 #include <arpa/inet.h>
 #endif

+/* For systems without SCTP in netinet/in.h, such as MacOS X */
+#ifndef IPPROTO_SCTP
+#define IPPROTO_SCTP 132
+#endif
+
 /* Keep assert() defined for security reasons */
 #undef NDEBUG

@@ -271,6 +276,9 @@ void *realloc();
                                            change this to 113 */
 #define DEFAULT_UDP_PROBE_PORT_SPEC "31338" /* The port UDP ping probes go to
                                               if unspecified by user */
+#define DEFAULT_SCTP_PROBE_PORT_SPEC "80" /* The port SCTP probes go to
+                                             if unspecified by
+                                             user */
 #define DEFAULT_PROTO_PROBE_PORT_SPEC "1,2,4" /* The IPProto ping probes to use
                                                 if unspecified by user */

@@ -290,6 +298,10 @@ void *realloc();
 #define MAX_UDP_SCAN_DELAY 1000
 #endif

+#ifndef MAX_SCTP_SCAN_DELAY
+#define MAX_SCTP_SCAN_DELAY 1000
+#endif
+
 /* Maximum number of extra hostnames, OSs, and devices, we
   consider when outputing the extra service info fields */
 #define MAX_SERVICE_INFO_FIELDS 5
@@ -339,6 +351,7 @@ void *realloc();
 #define PINGTYPE_UDP  512
 #define PINGTYPE_ARP 1024
 #define PINGTYPE_PROTO 2048
+#define PINGTYPE_SCTP_INIT 4096

 /* Empirically determined optimum combinations of different numbers of probes:
     -PE