PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-17 13:09:02 +00:00
Code Issues Projects Releases Wiki Activity

Fixed bug from my previous commit, recommiting

Browse Source
This commit is contained in:
michael
2008-07-15 19:11:53 +00:00
parent 575b6cee19
commit 62340eabc8
2 changed files with 65 additions and 83 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
CHANGELOG
View File

@@ -62,6 +62,9 @@ o Added --ip-options support for the connect() scan (-sT). [Kris]
o Changed the order preference of timing ping propes. [Michael] o Changed the order preference of timing ping propes. [Michael]
o Enabled nmap to switch between multiple types of timing pings during port
scanning. [Michael]
Nmap 4.68 [2008-6-28] Nmap 4.68 [2008-6-28]
o Doug integrated all of your version detection submissions and o Doug integrated all of your version detection submissions and

145
scan_engine.cc
View File

@@ -966,21 +966,20 @@ double GroupScanStats::cc_scale() {
for a connect scan. */ for a connect scan. */
static bool pingprobe_is_appropriate(const UltraScanInfo *USI, static bool pingprobe_is_appropriate(const UltraScanInfo *USI,
const probespec *pingprobe) { const probespec *pingprobe) {
if (pingprobe->type == PS_NONE) switch(pingprobe->type){
return true; case(PS_NONE):
else if (pingprobe->type == PS_TCP) return true;
return USI->tcp_scan || (USI->ping_scan && USI->ptech.rawtcpscan); case(PS_CONNECTTCP):
else if (pingprobe->type == PS_UDP) return USI->scantype == CONNECT_SCAN || (USI->ping_scan && USI->ptech.connecttcpscan);
return USI->udp_scan || (USI->ping_scan && USI->ptech.rawudpscan); case(PS_TCP):
else if (pingprobe->type == PS_PROTO) case(PS_UDP):
return USI->prot_scan || (USI->ping_scan && USI->ptech.rawprotoscan); case(PS_PROTO):
else if (pingprobe->type == PS_ICMP) case(PS_ICMP):
return (USI->ping_scan && !USI->ping_scan_arp) || pingprobe->pd.icmp.type == 3; return ((USI->ping_scan && (!USI->ping_scan_arp || USI->ptech.rawtcpscan || USI->ptech.rawudpscan || USI->ptech.rawprotoscan )) ||
else if (pingprobe->type == PS_ARP) USI->tcp_scan || USI->udp_scan || USI->prot_scan || pingprobe->pd.icmp.type == 3);
case(PS_ARP):
return USI->ping_scan_arp; return USI->ping_scan_arp;
else if (pingprobe->type == PS_CONNECTTCP) }
return USI->scantype == CONNECT_SCAN || (USI->ping_scan && USI->ptech.connecttcpscan);
return false; return false;
} }
@@ -2483,9 +2482,9 @@ static void ultrascan_host_probe_update(UltraScanInfo *USI, HostScanStats *hss,
timing ping probe. */ timing ping probe. */
if (pingprobe_is_better(probe->pspec(), PORT_UNKNOWN, &hss->target->pingprobe, hss->target->pingprobe_state)) { if (pingprobe_is_better(probe->pspec(), PORT_UNKNOWN, &hss->target->pingprobe, hss->target->pingprobe_state)) {
if (o.debugging > 1) { if (o.debugging > 1) {
char buf[32]; char buf[32];
probespec2ascii(probe->pspec(), buf, sizeof(buf)); probespec2ascii(probe->pspec(), buf, sizeof(buf));
log_write(LOG_PLAIN, "Changing ping technique for %s to %s\n", hss->target->targetipstr(), buf); log_write(LOG_PLAIN, "Changing ping technique for %s to %s\n", hss->target->targetipstr(), buf);
} }
hss->target->pingprobe = *probe->pspec(); hss->target->pingprobe = *probe->pspec();
hss->target->pingprobe_state = PORT_UNKNOWN; hss->target->pingprobe_state = PORT_UNKNOWN;
@@ -2517,10 +2516,10 @@ static void ultrascan_port_probe_update(UltraScanInfo *USI, HostScanStats *hss,
/* This probe received a positive response. Consider making it the new /* This probe received a positive response. Consider making it the new
timing ping probe. */ timing ping probe. */
if (pingprobe_is_better(probe->pspec(), newstate, &hss->target->pingprobe, hss->target->pingprobe_state)) { if (pingprobe_is_better(probe->pspec(), newstate, &hss->target->pingprobe, hss->target->pingprobe_state)) {
if (o.debugging > 1) { if (o.debugging > 1) {
char buf[32]; char buf[32];
probespec2ascii(probe->pspec(), buf, sizeof(buf)); probespec2ascii(probe->pspec(), buf, sizeof(buf));
log_write(LOG_PLAIN, "Changing ping technique for %s to %s\n", hss->target->targetipstr(), buf); log_write(LOG_PLAIN, "Changing ping technique for %s to %s\n", hss->target->targetipstr(), buf);
} }
hss->target->pingprobe = *probe->pspec(); hss->target->pingprobe = *probe->pspec();
hss->target->pingprobe_state = newstate; hss->target->pingprobe_state = newstate;
@@ -4548,85 +4547,65 @@ static void waitForResponses(UltraScanInfo *USI) {
/* Initiate libpcap or some other sniffer as appropriate to be able to catch /* Initiate libpcap or some other sniffer as appropriate to be able to catch
responses */ responses */
static void begin_sniffer(UltraScanInfo *USI, vector<Target *> &Targets) { static void begin_sniffer(UltraScanInfo *USI, vector<Target *> &Targets) {
char pcap_filter[2048]; string pcap_filter="";
/* 20 IPv6 addresses is max (45 byte addy + 14 (" or src host ")) * 20 == 1180 */ /* 20 IPv6 addresses is max (45 byte addy + 14 (" or src host ")) * 20 == 1180 */
char dst_hosts[1200]; string dst_hosts="";
int filterlen = 0; char macstring[100];
int len; unsigned int len = 0;
unsigned int targetno; unsigned int targetno;
bool doIndividual = Targets.size() <= 20; // Don't bother IP limits if scanning huge # of hosts bool doIndividual = Targets.size() <= 20; // Don't bother IP limits if scanning huge # of hosts
pcap_filter[0] = '\0';
if (!USI->isRawScan()) if (!USI->isRawScan())
return; /* No sniffer needed! */ return; /* No sniffer needed! */
if (doIndividual) { if (doIndividual) {
for(targetno = 0; targetno < Targets.size(); targetno++) { for(targetno = 0; targetno < Targets.size(); targetno++) {
len = Snprintf(dst_hosts + filterlen, dst_hosts+=(targetno == 0)? "" : " or ";
sizeof(dst_hosts) - filterlen, dst_hosts+="src host ";
"%ssrc host %s", (targetno == 0)? "" : " or ", dst_hosts+=Targets[targetno]->targetipstr();
Targets[targetno]->targetipstr());
if (len < 0 || len + filterlen >= (int) sizeof(dst_hosts))
fatal("ran out of space in dst_hosts");
filterlen += len;
} }
} }
filterlen = 0;
USI->pd = my_pcap_open_live(Targets[0]->deviceName(), 100, (o.spoofsource)? 1 : 0, pcap_selectable_fd_valid()? 200 : 2); USI->pd = my_pcap_open_live(Targets[0]->deviceName(), 100, (o.spoofsource)? 1 : 0, pcap_selectable_fd_valid()? 200 : 2);
if(USI->ping_scan_arp){
if (USI->tcp_scan || USI->udp_scan) {
if (doIndividual)
len = Snprintf(pcap_filter, sizeof(pcap_filter),
"dst host %s and (icmp or (%s and (%s)))",
inet_ntoa(Targets[0]->v4source()),
(USI->tcp_scan)? "tcp" : "udp", dst_hosts);
else len = Snprintf(pcap_filter, sizeof(pcap_filter),
"dst host %s and (icmp or %s)",
inet_ntoa(Targets[0]->v4source()),
(USI->tcp_scan)? "tcp" : "udp");
if (len < 0 || len >= (int) sizeof(pcap_filter))
fatal("ran out of space in pcap filter");
filterlen = len;
} else if (USI->prot_scan || (USI->ping_scan && USI->ptech.rawprotoscan)) {
if (doIndividual)
len = Snprintf(pcap_filter, sizeof(pcap_filter),
"dst host %s and (icmp or (%s))",
inet_ntoa(Targets[0]->v4source()), dst_hosts);
else
len = Snprintf(pcap_filter, sizeof(pcap_filter), "dst host %s",
inet_ntoa(Targets[0]->v4source()));
if (len < 0 || len >= (int) sizeof(pcap_filter))
fatal("ran out of space in pcap filter");
filterlen = len;
} else if (USI->ping_scan_arp) {
const u8 *mac = Targets[0]->SrcMACAddress(); const u8 *mac = Targets[0]->SrcMACAddress();
assert(mac); assert(mac);
len = Snprintf(pcap_filter, sizeof(pcap_filter), pcap_filter="arp and ether dst host ";
"arp and ether dst host %02X:%02X:%02X:%02X:%02X:%02X", len = Snprintf(macstring, sizeof(macstring),
mac[0], mac[1], mac[2], mac[3], mac[4], mac[5]); "%02X:%02X:%02X:%02X:%02X:%02X", mac[0], mac[1], mac[2], mac[3], mac[4], mac[5]);
if (len < 0 || len >= (int) sizeof(pcap_filter)) if(len>=sizeof(macstring))
fatal("ran out of space in pcap filter"); fatal("macstring too long");
filterlen = len; pcap_filter+=macstring;
} else if (USI->ping_scan) { //its not arp or connect, so it must be tcp, udp, prot, or icmp
} else if(USI->prot_scan || (USI->ping_scan && USI->ptech.rawprotoscan)){
if (doIndividual){
pcap_filter="dst host ";
pcap_filter+=inet_ntoa(Targets[0]->v4source());
pcap_filter+=" and (icmp or (";
pcap_filter+=dst_hosts;
pcap_filter+="))";
}else{
pcap_filter="dst host ";
pcap_filter+=inet_ntoa(Targets[0]->v4source());
}
} else {
/* Handle all the different ping types (except ARP and TCP connect) with one /* Handle all the different ping types (except ARP and TCP connect) with one
filter. */ filter. */
if (doIndividual) if (doIndividual){
len = Snprintf(pcap_filter, sizeof(pcap_filter), pcap_filter="dst host ";
"dst host %s and (icmp or ((tcp or udp) and (%s)))", pcap_filter+=inet_ntoa(Targets[0]->v4source());
inet_ntoa(Targets[0]->v4source()), dst_hosts); pcap_filter+=" and (icmp or ((tcp or udp) and (";
else pcap_filter+=dst_hosts;
len = Snprintf(pcap_filter, sizeof(pcap_filter), pcap_filter+=")))";
"dst host %s and (icmp or tcp or udp)", }else{
inet_ntoa(Targets[0]->v4source())); pcap_filter="dst host ";
if (len < 0 || len >= (int) sizeof(pcap_filter)) pcap_filter+=inet_ntoa(Targets[0]->v4source());
fatal("ran out of space in pcap filter"); pcap_filter+=" and (icmp or tcp or udp)";
filterlen = len; }
} else assert(0); /* Other scan types? */ }
if (o.debugging > 2) log_write(LOG_PLAIN, "Pcap filter: %s\n", pcap_filter); if (o.debugging > 2) log_write(LOG_PLAIN, "Pcap filter: %s\n", pcap_filter.c_str());
set_pcap_filter(Targets[0]->deviceName(), USI->pd, pcap_filter); set_pcap_filter(Targets[0]->deviceName(), USI->pd, pcap_filter.c_str());
/* pcap_setnonblock(USI->pd, 1, NULL); */ /* pcap_setnonblock(USI->pd, 1, NULL); */
return; return;
} }