From 6d5aefc1615cbdde51ea4db08e467c08bb349bce Mon Sep 17 00:00:00 2001 From: fyodor Date: Sat, 30 Apr 2005 05:54:29 +0000 Subject: [PATCH] getting closer to being ready for CSW release --- CHANGELOG | 15 +++++++++++++++ Makefile.in | 4 ++-- TargetGroup.cc | 4 ++-- configure | 2 +- configure.ac | 2 +- docs/nmap.1 | 13 ++++++++++--- 6 files changed, 31 insertions(+), 9 deletions(-) diff --git a/CHANGELOG b/CHANGELOG index 33b7177d9..29ef6dd6f 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -2,6 +2,21 @@ UNRELEASED +o Added ARP ping (-PR). Nmap can now send raw ethernet ARP requests to + determine whether hosts on a LAN are up, rather than relying on + higher-level IP packets (which can only be sent after a successful ARP + request and reply anyway). This is much faster and more reliable + (not subject to IP-level firewalling) than IP-based probes. The + downside is that it only works when the target machine is on the same + LAN as the scanning machine. It is recommended whenever those + conditions are met, and may sometime become the default when Nmap + detects that the conditions are met. Example usage: nmap -sP -PR + 192.168.0.0/16 . This is not yet supported on Windows. + +o Added a stripped-down version of Dug Song's excellent libdnet + networking library (v. 1.10). This allows Nmap to send raw ethernet + frames for the new ARP ping feature. + o Fixed the way tcp connect scan (-sT) respons to ICMP network unreachable responses (patch by Richard Moore (rich(a)westpoint.ltd.uk). diff --git a/Makefile.in b/Makefile.in index ee1e9d578..62669cab7 100644 --- a/Makefile.in +++ b/Makefile.in @@ -60,7 +60,7 @@ export DEPS = nmap.h nmap_amigaos.h nmap_error.h targets.h idle_scan.h osscan.h all: $(TARGET) $(TARGETNMAPFE) -$(TARGET): $(DEPS) @PCAP_DEPENDS@ @PCRE_DEPENDS@ @LIBDNET_DEPENDS@ $(NBASEDIR)/libnbase.a $(NSOCKDIR)/src/libnsock.a $(OBJS) +$(TARGET): $(DEPS) @PCAP_DEPENDS@ @PCRE_DEPENDS@ @DNET_DEPENDS@ $(NBASEDIR)/libnbase.a $(NSOCKDIR)/src/libnsock.a $(OBJS) @echo Compiling nmap rm -f $@ $(CXX) $(LDFLAGS) -o $@ $(OBJS) $(LIBS) @@ -113,7 +113,7 @@ pcap_clean: -cd $(LIBPCAPDIR) && $(MAKE) clean pcre_clean: -cd $(LIBPCREDIR) && $(MAKE) clean -dnet_clean +dnet_clean: -cd $(LIBDNETDIR) && $(MAKE) clean nmapfe_clean: -cd nmapfe && $(MAKE) clean diff --git a/TargetGroup.cc b/TargetGroup.cc index 6a9e10a12..af9ddfa64 100644 --- a/TargetGroup.cc +++ b/TargetGroup.cc @@ -304,7 +304,7 @@ int TargetGroup::parse_expr(const char * const target_expr, int af) { * get_next_host should be used for skipping the last octet :-) * returns: number of hosts skipped */ int TargetGroup::skip_range(_octet_nums octet) { - int hosts_skipped = 0, /* number of hosts skipped */ + unsigned long hosts_skipped = 0, /* number of hosts skipped */ oct = 0, /* octect number */ i; /* simple lcv */ @@ -330,7 +330,7 @@ int TargetGroup::skip_range(_octet_nums octet) { } /* catch if we try to take more than are left */ - assert(ipsleft >= hosts_skipped - 1); + assert(ipsleft + 1>= hosts_skipped); /* increment the next octect that we can above us */ for (i = oct; i >= 0; i--) { diff --git a/configure b/configure index f17caf65e..eef802578 100755 --- a/configure +++ b/configure @@ -6341,7 +6341,7 @@ subdirs="$subdirs libdnet-stripped " CXXFLAGS="-I$LIBDNETDIR/include $CXXFLAGS" LIBDNET_LIBS="$LIBDNETDIR/src/.libs/libdnet.a" - DNET_DEPENDS="$LIBDNETDIR/libdnet.a" + DNET_DEPENDS="$LIBDNETDIR/src/.libs/libdnet.a" DNET_CLEAN="dnet_clean" DNET_DIST_CLEAN="dnet_dist_clean" else diff --git a/configure.ac b/configure.ac index 285a312c4..98f88dcfa 100644 --- a/configure.ac +++ b/configure.ac @@ -465,7 +465,7 @@ if test $have_dnet != yes ; then AC_CONFIG_SUBDIRS( libdnet-stripped ) CXXFLAGS="-I$LIBDNETDIR/include $CXXFLAGS" LIBDNET_LIBS="$LIBDNETDIR/src/.libs/libdnet.a" - DNET_DEPENDS="$LIBDNETDIR/libdnet.a" + DNET_DEPENDS="$LIBDNETDIR/src/.libs/libdnet.a" DNET_CLEAN="dnet_clean" DNET_DIST_CLEAN="dnet_dist_clean" else diff --git a/docs/nmap.1 b/docs/nmap.1 index 07b8bf57b..48c9fad0e 100644 --- a/docs/nmap.1 +++ b/docs/nmap.1 @@ -143,9 +143,9 @@ for a RST or a SYN/ACK. For non-root users, a connect() method is used. .Sp By default (for root users), nmap uses both the ICMP and ACK -techniques in parallel. You can change the -.B \-P -option described later. +techniques in parallel. You can change these with the +.B \-P +options described later. .Sp Note that pinging is done by default anyway, and only hosts that respond are scanned. Only use this option if you wish @@ -387,6 +387,13 @@ ACK packets for root users. Hosts that are up should respond with a RST (or, rarely, a SYN|ACK). You can set the destination ports in the same manner as \-PA above. .TP +.B \-PR +This option specifies a raw ethernet ARP ping. It cannot be used in +combination with any of the other ping types. When the target +machines are on the same network you are scanning from, this is the +fastest and most reliable (because it goes below IP-level filters) +ping method. Nmap sends an IPv4-to-Ethernet ARP request for each +target IP, and watches for any ARP response. .B \-PU [portlist] This option sends UDP probes to the specified hosts, expecting an ICMP port unreachable packet (or possibly a UDP response if the port is