diff --git a/CHANGELOG b/CHANGELOG
index 04fda6314..9d2b7de35 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,5 +1,30 @@
# Nmap Changelog ($Id$)
+o Added --iflist argument which prints a list of system interfaces and
+ routes detected by Nmap.
+
+o Fixed a protocol scan (-sO) problem which led to the error message:
+ "Error compiling our pcap filter: syntax error". Thanks to Michel
+ Arboi (michel(a)arboi.fr.eu.org) for reporting the problem.
+
+o Fixed an Nmap version detection crash on Windows which led to the
+ error message "Unexpected error in NSE_TYPE_READ callback. Error
+ code: 10053 (Unknown error)". Thanks to Srivatsan
+ (srivatsanp(a)adventnet.com) for reporting the problem.
+
+o Fixed some misspellings in docs/nmap.xml reported by Tom Sellers
+ (TSellers(a)trustmark.com).
+
+o Updated random scan (ip_is_reserved()) to reflect the latest IANA
+ assignments. This patch was sent in by Felix Groebert
+ (felix(a)groebert.org).
+
+o Applied some changes from Gisle Vanem (giva(a)bgnett.no) to make
+ Nmap compile with Cygwin.
+
+o XML "osmatch" element now has a "line" attribute giving the
+ reference fingerprint line number in nmap-os-fingerprints.
+
Nmap 3.84ALPHA1
o Added the ability for Nmap to send and properly route raw ethernet
@@ -10,7 +35,7 @@ o Added the ability for Nmap to send and properly route raw ethernet
platform, though you can override it with the new --send_eth and
--send_ip options.
-o Added ARP ping (-PR). Nmap can now send raw ethernet ARP requests to
+o Added ARP scanning (-PR). Nmap can now send raw ethernet ARP requests to
determine whether hosts on a LAN are up, rather than relying on
higher-level IP packets (which can only be sent after a successful
ARP request and reply anyway). This is much faster and more
@@ -19,7 +44,7 @@ o Added ARP ping (-PR). Nmap can now send raw ethernet ARP requests to
same LAN as the scanning machine. It is now used automatically for
any hosts that are detected to be on a local ethernet network,
unless --send_ip was specified. Example usage: nmap -sP -PR
- 192.168.0.0/16 . This is not yet supported on Windows.
+ 192.168.0.0/16 .
o Added the --spoof_mac option, which asks Nmap to use the given MAC
address for all of the raw ethernet frames it sends. The MAC given
@@ -56,6 +81,11 @@ o Added a distcc probes and a bunch of smtp matches from Dirk Mueller
even more probes and matches from Martin Macok
(martin.macok(a)underground.cz)
+o Nmap on Windows now compiles/links with the new WinPcap 3.1
+ header/lib files. So please upgrade to 3.1 from
+ http://www.winpcap.org before installing this version of Nmap.
+ While older versions may still work, they aren't supported with Nmap.
+
o Fixed a problem where Nmap compilation would use header files from
the libpcap included with Nmap even when it was linking to a system
libpcap. Thanks to Solar Designer (solar(a)openwall.com) and Okan
@@ -88,7 +118,10 @@ o Added a stripped-down and heavily modified version of Dug Song's
o Removed WinIP library (and all Windows raw sockets code) since MS
has gone and broken raw sockets. Maybe packet receipt via raw
- sockets will come back at some point.
+ sockets will come back at some point. As part of this removal, the
+ Windows-specific --win_help, --win_list_interfaces, --win_norawsock,
+ --win_forcerawsock, --win_nopcap, --win_nt4route, --win_noiphlpapi,
+ and --win_trace options have been removed.
o Chagned the interesting ports array from a 65K-member array of
pointers into an STL list. This noticeable reduces memory usage in
diff --git a/NmapOutputTable.cc b/NmapOutputTable.cc
index 97f862065..58c724484 100644
--- a/NmapOutputTable.cc
+++ b/NmapOutputTable.cc
@@ -136,7 +136,7 @@ NmapOutputTable::~NmapOutputTable() {
if (tableout) free(tableout);
}
-void NmapOutputTable::addItem(unsigned int row, unsigned int column, bool copy, char *item,
+void NmapOutputTable::addItem(unsigned int row, unsigned int column, bool copy, const char *item,
int itemlen) {
struct NmapOutputTableCell *cell;
@@ -160,7 +160,7 @@ void NmapOutputTable::addItem(unsigned int row, unsigned int column, bool copy,
memcpy(cell->str, item, itemlen);
cell->str[itemlen] = '\0';
} else {
- cell->str = item;
+ cell->str = (char *) item;
}
cell->weAllocated = copy;
diff --git a/NmapOutputTable.h b/NmapOutputTable.h
index a0fb4c87e..40ea08c4a 100644
--- a/NmapOutputTable.h
+++ b/NmapOutputTable.h
@@ -129,7 +129,7 @@ class NmapOutputTable {
// Copy specifies whether we must make a copy of item. Otherwise we'll just save the
// ptr (and you better not free it until this table is destroyed ). Skip the itemlen parameter if you
// don't know (and the function will use strlen).
- void addItem(unsigned int row, unsigned int column, bool copy, char *item, int itemlen = -1);
+ void addItem(unsigned int row, unsigned int column, bool copy, const char *item, int itemlen = -1);
// Like addItem except this version takes a prinf-style format string followed by varargs
void addItemFormatted(unsigned int row, unsigned int column, const char *fmt, ...)
__attribute__ ((format (printf, 4, 5)));
diff --git a/configure b/configure
index aea870011..21118d1ee 100755
--- a/configure
+++ b/configure
@@ -9059,4 +9059,4 @@ fi
if test -f docs/leet-nmap-ascii-art.txt; then
cat docs/leet-nmap-ascii-art.txt
fi
-echo "Configuration complete. Type make to compile."
+echo "Configuration complete. Type make (or gmake on some *BSD machines) to compile."
diff --git a/docs/nmap.dtd b/docs/nmap.dtd
index 235e45153..5e148d71b 100644
--- a/docs/nmap.dtd
+++ b/docs/nmap.dtd
@@ -202,6 +202,7 @@
diff --git a/docs/nmap.xsl b/docs/nmap.xsl
index 56e5b4b86..2f22a3d2f 100644
--- a/docs/nmap.xsl
+++ b/docs/nmap.xsl
@@ -358,10 +358,10 @@ function timestamp2date(stamp)
.
- Debbuging was disabled,
- Debugging was enabeld,
+ Debugging was disabled,
+ Debugging was enabled,
- the verbosing level was .
+ the verbosity level was .
diff --git a/libdnet-stripped/include/dnet/os.h b/libdnet-stripped/include/dnet/os.h
index 7bac1caa7..11dc54064 100644
--- a/libdnet-stripped/include/dnet/os.h
+++ b/libdnet-stripped/include/dnet/os.h
@@ -25,10 +25,11 @@
# ifndef __CYGWIN__
typedef unsigned int ssize_t;
# endif
-#if !defined(__GNUC__)
-#define snprintf _snprintf
-#define vsnprintf _vsnprintf
-# endif
+#if !defined(__GNUC__)
+typedef unsigned int ssize_t;
+#define snprintf _snprintf
+#define vsnprintf _vsnprintf
+#endif
#else
# include
# include
diff --git a/mswin32/IPExport.h b/mswin32/IPExport.h
index 59d5729ee..1e3022ad0 100644
--- a/mswin32/IPExport.h
+++ b/mswin32/IPExport.h
@@ -216,5 +216,3 @@ typedef struct _IP_ADAPTER_ORDER_MAP
#endif // IP_EXPORT_INCLUDED
-
-�
\ No newline at end of file
diff --git a/mswin32/winclude.h b/mswin32/winclude.h
index a8c702f5d..e85aa84fe 100644
--- a/mswin32/winclude.h
+++ b/mswin32/winclude.h
@@ -65,6 +65,9 @@
#ifndef WINCLUDE_H
#define WINCLUDE_H
+#include
+#include
+
#include "nbase.h"
#include
diff --git a/mswin32/winfix.cc b/mswin32/winfix.cc
index 68d640dc5..c4ebcd041 100644
--- a/mswin32/winfix.cc
+++ b/mswin32/winfix.cc
@@ -171,7 +171,7 @@ void win_init()
if(o.debugging > 2) printf("***WinIP*** trying to initialize winpcap 2.1\n");
PacketGetAdapterNames(pcaplist, &len);
if(o.debugging)
- printf("***WinIP*** winpcap present, dynamic linked to: %s\n", pcap_lib_version());
+ printf("Winpcap present, dynamic linked to: %s\n", pcap_lib_version());
}
#ifdef _MSC_VER
__except(GetExceptionCode() == DLI_ERROR)
diff --git a/nmap-os-fingerprints b/nmap-os-fingerprints
index fb5d41ddb..f69deae13 100644
--- a/nmap-os-fingerprints
+++ b/nmap-os-fingerprints
@@ -11569,7 +11569,7 @@ PU(DF=N%TOS=0%IPLEN=164%RIPTL=148%RID=E%RIPCK=E%UCK=E|F%ULEN=134%DAT=E)
# Linux 2.6.4 i686
# Linux gentoo 2.6.7-gentoo-r11 i686
# Linux gentoo 2.6.11-gentoo-r9
-Fingerprint Linux 2.4.18 - 2.6.11
+Fingerprint Linux 2.4.7 - 2.6.11
Class Linux | Linux | 2.4.X | general purpose
Class Linux | Linux | 2.5.X | general purpose
Class Linux | Linux | 2.6.X | general purpose
@@ -11836,20 +11836,6 @@ T6(DF=Y%W=0%ACK=O%Flags=R%Ops=)
T7(DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
PU(DF=N%TOS=C0%IPLEN=164%RIPTL=148%RID=E%RIPCK=E%UCK=F%ULEN=134%DAT=E)
-# Red Hat Enterprise Linux AS release 3.90 (Nahant), Kernel 2.6.8-1.528.2.10smp on an i686
-Fingerprint Linux 2.4.20 or 2.6.8
-Class Linux | Linux | 2.4.X | general purpose
-Class Linux | Linux | 2.6.X | general purpose
-TSeq(Class=RI%gcd=<6%SI=<28E2CAC&>68A83%IPID=Z%TS=1000HZ)
-T1(DF=Y%W=16A0%ACK=S++%Flags=AS%Ops=MNNTNW)
-T2(Resp=N)
-T3(Resp=Y%DF=Y%W=16A0%ACK=S++%Flags=AS%Ops=MNNTNW)
-T4(DF=Y%W=0%ACK=O%Flags=R%Ops=)
-T5(DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
-T6(DF=Y%W=0%ACK=O%Flags=R%Ops=)
-T7(DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
-PU(DF=N%TOS=0%IPLEN=164%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
-
Fingerprint Linux 2.4.20 x86
Class Linux | Linux | 2.4.X | general purpose
TSeq(Class=RI%gcd=<8%SI=<1DB22CE&>1862A%IPID=Z%TS=100HZ)
@@ -12254,21 +12240,6 @@ T6(DF=Y%W=0%ACK=O%Flags=R%Ops=)
T7(DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
PU(DF=N%TOS=C0%IPLEN=164%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
-# Linux kernel 2.4.26-1.ll.rh90.ccrma from RedHat 9.0
-# Linux kernel 2.6.5-63255U10_3cl (i686(X86)) from Conectiva Linux 10
-Fingerprint Linux 2.4.26 or 2.6.5
-Class Linux | Linux | 2.4.X | general purpose
-Class Linux | Linux | 2.6.X | general purpose
-TSeq(Class=RI%gcd=<6%SI=<247BECA&>5659F%IPID=Z%TS=1000HZ)
-T1(DF=Y%W=16A0%ACK=S++%Flags=AS%Ops=MNNTNW)
-T2(Resp=N)
-T3(Resp=Y%DF=Y%W=16A0%ACK=S++%Flags=AS%Ops=MNNTNW)
-T4(DF=Y%W=0%ACK=O%Flags=R%Ops=)
-T5(DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
-T6(DF=Y%W=0%ACK=O%Flags=R%Ops=)
-T7(DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
-PU(DF=N%TOS=C0%IPLEN=164%RIPTL=148%RID=E%RIPCK=F%UCK=F%ULEN=134%DAT=E)
-
Fingerprint Linux 2.4.26-gentoo-r6 w/grsec
Class Linux | Linux | 2.4.X | general purpose
TSeq(Class=TR%gcd=<6%IPID=RD%TS=100HZ)
@@ -12334,19 +12305,6 @@ T6(DF=N%W=800|1000|C00%ACK=S%Flags=AR%Ops=WNMETL)
T7(DF=N%W=1000|400%ACK=S++%Flags=AR%Ops=WNMETL)
PU(DF=N%TOS=C0%IPLEN=164%RIPTL=148%RID=E%RIPCK=E%UCK=F%ULEN=134%DAT=E)
-# Linux 2.4.3-2.10.1smp (RedHat 7.0.98 Wolverine)
-Fingerprint Linux 2.4.3 SMP (RedHat)
-Class Linux | Linux | 2.4.X | general purpose
-TSeq(Class=RI%gcd=<6%SI=<2E7A750&>76F8A%IPID=Z%TS=1000HZ)
-T1(DF=Y%W=16A0%ACK=S++%Flags=AS%Ops=MNNTNW)
-T2(Resp=N)
-T3(Resp=Y%DF=Y%W=16A0%ACK=S++%Flags=AS%Ops=MNNTNW)
-T4(DF=Y%W=0%ACK=O%Flags=R%Ops=)
-T5(DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
-T6(DF=Y%W=0%ACK=O%Flags=R%Ops=)
-T7(DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
-PU(DF=Y%TOS=C0%IPLEN=164%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
-
# Linux kernel 2.4.30 (vanilla)
Fingerprint Linux 2.4.30
Class Linux | Linux | 2.4.X | general purpose
@@ -12414,7 +12372,7 @@ PU(DF=N%TOS=C0%IPLEN=164%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
# Linux Athena 2.6.3-1-686 #2 Tue Feb 24 20:24:38 EST 2004 i686 GNU/Linux
# Linux 2.4.7 (RedHat 7.3 on SPARC)
-Fingerprint Linux 2.4.7 through 2.6.3
+Fingerprint Linux 2.4.7 - 2.6.11
Class Linux | Linux | 2.4.X | general purpose
Class Linux | Linux | 2.6.X | general purpose
TSeq(Class=RI%gcd=<6%SI=<1682210&>399B1%IPID=Z%TS=1000HZ)
@@ -12492,7 +12450,7 @@ T6(DF=Y%W=0%ACK=O%Flags=R%Ops=)
T7(DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
PU(DF=N%TOS=D0%IPLEN=164%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
-Fingerprint Linux 2.6.0 (x86)
+Fingerprint Linux 2.6.0 - 2.6.11
Class Linux | Linux | 2.6.X | general purpose
TSeq(Class=RI%gcd=<6%SI=<34CD71A&>861AC%IPID=Z%TS=1000HZ)
T1(DF=Y%W=16A0%ACK=S++%Flags=AS%Ops=MNNTNW)
@@ -12516,19 +12474,6 @@ T6(DF=Y%W=0%ACK=O%Flags=R%Ops=)
T7(DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
PU(DF=N%TOS=C0%IPLEN=164%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
-# Linux 2.6.0-test5 x86
-Fingerprint Linux 2.6.0-test5 - 2.6.0 (x86)
-Class Linux | Linux | 2.6.X | general purpose
-TSeq(Class=RI%gcd=<6%SI=<29CB5CE&>6ADE5%IPID=Z%TS=1000HZ)
-T1(DF=Y%W=16A0%ACK=S++%Flags=AS%Ops=MNNTNW)
-T2(Resp=N)
-T3(Resp=Y%DF=Y%W=16A0%ACK=S++%Flags=AS%Ops=MNNTNW)
-T4(DF=Y%W=0%ACK=O%Flags=R%Ops=)
-T5(DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
-T6(DF=Y%W=0%ACK=O%Flags=R%Ops=)
-T7(DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
-PU(DF=N%TOS=0|80%IPLEN=164%RIPTL=148%RID=E%RIPCK=E%UCK=F%ULEN=134%DAT=E)
-
# Linux 2.6.0-test5 x86
Fingerprint Linux 2.6.0-test5 x86
Class Linux | Linux | 2.6.X | general purpose
@@ -12610,7 +12555,7 @@ PU(DF=N%TOS=C0%IPLEN=164%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
# Linux 2.6.10 #1 Wed Jan 5 12:36:35 CET 2005 i686 unknown Debian 3.0r2
# linux gentoo kernel 2.6.10
# Linux kernel 2.6.10-custom (x86) from Debian GNU/Linux 3.1
-Fingerprint Linux 2.6.10
+Fingerprint Linux 2.6.0 - 2.6.11
Class Linux | Linux | 2.6.X | general purpose
TSeq(Class=RI%gcd=<6%SI=<1A5ABDA&>43761%IPID=Z%TS=1000HZ)
T1(DF=Y%W=16A0%ACK=S++%Flags=AS%Ops=MNNTNW)
@@ -12706,7 +12651,7 @@ PU(DF=N%TOS=C0%IPLEN=164%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
# Linux 2.6.3-gentoo-r1 #5 Wed Apr 7 13:48:31 EDT 2004 i686 Pentium III (Coppermine) GenuineIntel GNU/Linux
# Gentoo 1.4.16; Kernel 2.6.7
# Linux sarge 2.6.8-2-386 #1 Thu May 19 17:40:50 JST 2005 i686 GNU/Linux
-Fingerprint Linux 2.6.3 - 2.6.8
+Fingerprint Linux 2.6.0 - 2.6.11
Class Linux | Linux | 2.6.X | general purpose
TSeq(Class=RI%gcd=<6%SI=<16883CC&>1CD61%IPID=Z%TS=1000HZ)
T1(DF=Y%W=16A0%ACK=S++%Flags=AS%Ops=MNNTNW)
@@ -12980,7 +12925,7 @@ PU(DF=N%TOS=C0%IPLEN=164%RIPTL=148%RID=E%RIPCK=E%UCK=F%ULEN=134%DAT=E)
# Linux 2.6.8.1-12mdk #1 i686 Intel(R) Xeon(TM) CPU 2.80GHz unknown GNU/Linux
# Linux 2.6.8-1-k7 #1 i686 GNU/Linux
-Fingerprint Linux 2.6.8
+Fingerprint Linux 2.6.0 - 2.6.11
Class Linux | Linux | 2.6.X | general purpose
TSeq(Class=RI%gcd=<6%SI=<18C0F36&>3F49D%IPID=Z%TS=1000HZ)
T1(DF=Y%W=16A0%ACK=S++%Flags=AS%Ops=MNNTNW)
@@ -13036,7 +12981,7 @@ PU(DF=N%TOS=C0%IPLEN=164%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
# Linux 2.6.11-gentoo-r2-ck1
# Linux 2.6.11-gentoo-r4 #1 i686 P4CPU+2.40GHz GenuineIntel GNU/Linux Gentoo Base System version 1.4.16
# Linux 2.6.11-gentoo-r9-nymph #1i686 Pentium III (Coppermine) GenuineIntel GNU/Linux
-Fingerprint Linux 2.6.8 - 2.6.11
+Fingerprint Linux 2.6.0 - 2.6.11
Class Linux | Linux | 2.6.X | general purpose
TSeq(Class=RI%gcd=<6%SI=<1F96C34&>50AA5%IPID=Z%TS=1000HZ)
T1(DF=Y%W=16A0%ACK=S++%Flags=AS%Ops=MNNTNW)
@@ -13064,7 +13009,7 @@ PU(DF=N%TOS=C0%IPLEN=164%RIPTL=148%RID=E%RIPCK=E%UCK=F%ULEN=134%DAT=E)
# Linux 2.6.9 #1 i686
# Linux kernel 2.6.9 (PIII-80Mhz)
-Fingerprint Linux 2.6.9
+Fingerprint Linux 2.6.0 - 2.6.11
Class Linux | Linux | 2.6.X | general purpose
TSeq(Class=RI%gcd=<6%SI=<2AB93AA&>6D5A3%IPID=Z%TS=1000HZ)
T1(DF=Y%W=16A0%ACK=S++%Flags=AS%Ops=MNNTNW)
@@ -13103,30 +13048,6 @@ T6(DF=Y%W=0%ACK=O%Flags=R%Ops=)
T7(DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
PU(DF=N%TOS=C0%IPLEN=164%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
-Fingerprint Linux kernel 2.6.4 (x86)
-Class Linux | Linux | 2.6.X | general purpose
-TSeq(Class=RI%gcd=<6%SI=<16FCF2E&>297DE%IPID=Z%TS=1000HZ)
-T1(DF=Y%W=16A0%ACK=S++%Flags=AS%Ops=MNNTNW)
-T2(Resp=N)
-T3(Resp=Y%DF=Y%W=16A0%ACK=S++%Flags=AS%Ops=MNNTNW)
-T4(DF=Y%W=0%ACK=O%Flags=R%Ops=)
-T5(DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
-T6(DF=Y%W=0%ACK=O%Flags=R%Ops=)
-T7(DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
-PU(DF=N%TOS=20%IPLEN=164%RIPTL=148%RID=E%RIPCK=E%UCK=F%ULEN=134%DAT=E)
-
-Fingerprint Linux kernel 2.6.4 (X86)
-Class Linux | Linux | 2.6.X | general purpose
-TSeq(Class=RI%gcd=198DF%IPID=Z%TS=1000HZ)
-T1(DF=Y%W=1680%ACK=S++%Flags=AS%Ops=MNNTNW)
-T2(Resp=Y%DF=Y%W=0%ACK=S%Flags=AR%Ops=)
-T3(Resp=Y%DF=Y%W=1680%ACK=S++%Flags=AS%Ops=MNNTNW)
-T4(DF=Y%W=0%ACK=O%Flags=R%Ops=)
-T5(DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
-T6(DF=Y%W=0%ACK=O%Flags=R%Ops=)
-T7(DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
-PU(DF=N%TOS=C0%IPLEN=164%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
-
# Linux 2.6.5 (Gentoo)
# Linux 2.6.8 (Fedora Core 2)
# Fingerprint Linux kernel 2.6.8-1.521 Fedora 2
diff --git a/nmap.cc b/nmap.cc
index b555bfcc8..bf5cc1d00 100644
--- a/nmap.cc
+++ b/nmap.cc
@@ -240,6 +240,7 @@ int nmap_main(int argc, char *argv[]) {
struct sockaddr_storage ss;
size_t sslen;
int option_index;
+ bool iflist = false;
struct option long_options[] =
{
{"version", no_argument, 0, 'V'},
@@ -247,9 +248,11 @@ int nmap_main(int argc, char *argv[]) {
{"datadir", required_argument, 0, 0},
{"debug", optional_argument, 0, 'd'},
{"help", no_argument, 0, 'h'},
+ {"iflist", no_argument, 0, 0},
{"max_parallelism", required_argument, 0, 'M'},
{"min_parallelism", required_argument, 0, 0},
{"timing", required_argument, 0, 'T'},
+ {"timing", no_argument, 0, 0},
{"max_rtt_timeout", required_argument, 0, 0},
{"min_rtt_timeout", required_argument, 0, 0},
{"initial_rtt_timeout", required_argument, 0, 0},
@@ -351,6 +354,8 @@ int nmap_main(int argc, char *argv[]) {
if (o.scanflags < 0) {
fatal("--scanflags option must be a number between 0 and 255 (inclusive) or a string like \"URGPSHFIN\".");
}
+ } else if (strcmp(long_options[option_index].name, "iflist") == 0 ) {
+ iflist = true;
} else if (strcmp(long_options[option_index].name, "min_parallelism") == 0 ) {
o.min_parallelism = atoi(optarg);
if (o.min_parallelism < 1) fatal("Argument to --min_parallelism must be at least 1!");
@@ -774,7 +779,10 @@ int nmap_main(int argc, char *argv[]) {
if (o.verbose && tm->tm_mon == 8 && tm->tm_mday == 1) {
log_write(LOG_STDOUT|LOG_SKID, "Happy %dth Birthday to Nmap, may it live to be %d!\n", tm->tm_year - 97, tm->tm_year + 3 );
}
-
+ if (iflist) {
+ print_iflist();
+ exit(0);
+ }
}
if ((o.pingscan || o.listscan) && fastscan) {
@@ -1536,11 +1544,6 @@ struct scan_lists *getpts(char *origexpr) {
}
void printusage(char *name, int rc) {
-#ifdef WIN32
-#define WIN32_PRINTF " --win_help Windows-specific features\n"
-#else
-#define WIN32_PRINTF
-#endif
printf(
"Nmap %s Usage: nmap [Scan Type(s)] [Options] \n"
"Some Common Scan Types ('*' options require root privileges)\n"
@@ -1565,7 +1568,6 @@ void printusage(char *name, int rc) {
" -iL Get targets from file; Use '-' for stdin\n"
"* -S /-e Specify source address or network interface\n"
" --interactive Go into interactive mode (then press h for help)\n"
- WIN32_PRINTF
"Example: nmap -v -sS -O www.my.com 192.168.0.0/16 '192.88-90.*.*'\n"
"SEE THE MAN PAGE FOR MANY MORE OPTIONS, DESCRIPTIONS, AND EXAMPLES \n", NMAP_VERSION);
exit(rc);
@@ -1699,7 +1701,9 @@ char *tsseqclass2ascii(int seqclass) {
* 2001 (www.junk.org is an example of a new address in this range).
*
* Check for
- * the most recent assigments.
+ * the most recent assigments and
+ * for bogon
+ * netblocks.
*/
int ip_is_reserved(struct in_addr *ip)
@@ -1707,24 +1711,6 @@ int ip_is_reserved(struct in_addr *ip)
char *ipc = (char *) &(ip->s_addr);
unsigned char i1 = ipc[0], i2 = ipc[1], i3 = ipc[2], i4 = ipc[3];
- /* 224-239/8 is all multicast stuff */
- /* 240-255/8 is IANA reserved */
- if (i1 >= 224)
- return 1;
-
- /* 096-123/8 is IANA reserved */
- /* 127/8 is reserved for loopback */
- if (i1 >= 96 && i1 <= 123)
- return 1;
-
- /* 073-079/8 is IANA reserved */
- if (i1 >= 73 && i1 <= 79)
- return 1;
-
- /* 089-095/8 is IANA reserved */
- if (i1 >= 83 && i1 <= 95)
- return 1;
-
/* do all the /7's and /8's with a big switch statement, hopefully the
* compiler will be able to optimize this a little better using a jump table
* or what have you
@@ -1744,27 +1730,50 @@ int ip_is_reserved(struct in_addr *ip)
case 36: /* 036/8 is IANA reserved */
case 37: /* 037/8 is IANA reserved */
case 39: /* 039/8 is IANA reserved */
- case 41: /* 041/8 is IANA reserved */
case 42: /* 042/8 is IANA reserved */
+ case 49: /* 049/8 is IANA reserved */
+ case 50: /* 050/8 is IANA reserved */
case 55: /* misc. U.S.A. Armed forces */
- case 127: /* localhost */
- case 197:
+ case 127: /* 127/8 is reserved for loopback */
+ case 197: /* 197/8 is IANA reserved */
+ case 223: /* 223/8 is IANA reserved */
return 1;
default:
break;
}
+
+ /* 077-079/8 is IANA reserved */
+ if (i1 >= 77 && i1 <= 79)
+ return 1;
+
+ /* 092-123/8 is IANA reserved */
+ if (i1 >= 92 && i1 <= 123)
+ return 1;
+
/* 172.16.0.0/12 is reserved for private nets by RFC1819 */
if (i1 == 172 && i2 >= 16 && i2 <= 31)
return 1;
+ /* 173-187/8 is IANA reserved */
+ if (i1 >= 173 && i1 <= 187)
+ return 1;
+
/* 192.168.0.0/16 is reserved for private nets by RFC1819 */
/* 192.0.2.0/24 is reserved for documentation and examples */
+ /* 192.88.99.0/24 is used as 6to4 Relay anycast prefix by RFC3068 */
if (i1 == 192) {
if (i2 == 168)
return 1;
- else if (i2 == 0 && i3 == 2)
+ if (i2 == 0 && i3 == 2)
return 1;
+ if (i2 == 88 && i3 == 99)
+ return 1;
+ }
+
+ /* 198.18.0.0/15 is used for benchmark tests by RFC2544 */
+ if (i1 == 198 && i2 == 18 && i3 >= 1 && i3 <= 64) {
+ return 1;
}
/* reserved for DHCP clients seeking addresses, not routable outside LAN */
@@ -1776,6 +1785,11 @@ int ip_is_reserved(struct in_addr *ip)
if (i1 == 204 && i2 == 152 && (i3 == 64 || i3 == 65))
return 1;
+ /* 224-239/8 is all multicast stuff */
+ /* 240-255/8 is IANA reserved */
+ if (i1 >= 224)
+ return 1;
+
/* 255.255.255.255, note we already tested for i1 in this range */
if (i2 == 255 && i3 == 255 && i4 == 255)
return 1;
diff --git a/nmap_error.h b/nmap_error.h
index 38569d2b9..5e25d3e83 100644
--- a/nmap_error.h
+++ b/nmap_error.h
@@ -126,6 +126,10 @@
#include
#endif
+#ifdef __cplusplus
+extern "C" {
+#endif
+
void fatal(const char *fmt, ...)
__attribute__ ((format (printf, 1, 2)));
void error(const char *fmt, ...)
@@ -134,5 +138,10 @@ void pfatal(const char *err, ...)
__attribute__ ((format (printf, 1, 2)));
void gh_perror(const char *err, ...)
__attribute__ ((format (printf, 1, 2)));
+
+#ifdef __cplusplus
+}
+#endif
+
#endif /* NMAP_ERROR_H */
diff --git a/output.cc b/output.cc
index 463d9e71c..673b3cd77 100644
--- a/output.cc
+++ b/output.cc
@@ -199,6 +199,79 @@ static int getServiceXMLBuf(struct serviceDeductions *sd, char *xmlbuf,
return 0;
}
+/* Print a detailed list of Nmap interfaces and routes to
+ normal/skiddy/stdout output */
+int print_iflist(void) {
+ int numifs = 0, numroutes = 0;
+ struct interface_info *iflist;
+ struct sys_route *routes;
+ NmapOutputTable *Tbl = NULL;
+ iflist = getinterfaces(&numifs);
+ int i;
+ /* First let's handle interfaces ... */
+ if (numifs == 0) {
+ log_write(LOG_NORMAL|LOG_SKID|LOG_STDOUT, "INTERFACES: NONE FOUND(!)\n");
+ } else {
+ int devcol=0, shortdevcol=1, ipcol=2, typecol = 3, upcol = 4, maccol = 5;
+ Tbl = new NmapOutputTable( numifs+1, 6 );
+ Tbl->addItem(0, devcol, false, "DEV", 3);
+ Tbl->addItem(0, shortdevcol, false, "(SHORT)", 7);
+ Tbl->addItem(0, ipcol, false, "IP/MASK", 7);
+ Tbl->addItem(0, typecol, false, "TYPE", 4);
+ Tbl->addItem(0, upcol, false, "UP", 2);
+ Tbl->addItem(0, maccol, false, "MAC", 3);
+ for(i=0; i < numifs; i++) {
+ Tbl->addItem(i+1, devcol, false, iflist[i].devfullname);
+ Tbl->addItemFormatted(i+1, shortdevcol, "(%s)", iflist[i].devname);
+ Tbl->addItemFormatted(i+1, ipcol, "%s/%d", inet_ntop_ez(&(iflist[i].addr), sizeof(iflist[i].addr)), iflist[i].netmask_bits);
+ if (iflist[i].device_type == devt_ethernet) {
+ Tbl->addItem(i+1, typecol, false, "ethernet");
+ Tbl->addItemFormatted(i+1, maccol, "%02X:%02X:%02X:%02X:%02X:%02X", iflist[i].mac[0], iflist[i].mac[1], iflist[i].mac[2], iflist[i].mac[3], iflist[i].mac[4], iflist[i].mac[5]);
+ }
+ else if (iflist[i].device_type == devt_loopback)
+ Tbl->addItem(i+1, typecol, false, "loopback");
+ else if (iflist[i].device_type == devt_p2p)
+ Tbl->addItem(i+1, typecol, false, "point2point");
+ else Tbl->addItem(i+1, typecol, false, "other");
+ Tbl->addItem(i+1, upcol, false, (iflist[i].device_up? "up" : "down"));
+ }
+ log_write(LOG_NORMAL|LOG_SKID|LOG_STDOUT, "************************INTERFACES************************\n");
+ log_write(LOG_NORMAL|LOG_SKID|LOG_STDOUT, "%s\n", Tbl->printableTable(NULL));
+ log_flush_all();
+ delete Tbl;
+ }
+
+ /* OK -- time to handle routes */
+ routes = getsysroutes(&numroutes);
+ u32 mask_nbo;
+ u16 nbits;
+ struct in_addr ia;
+ if (numroutes == 0) {
+ log_write(LOG_NORMAL|LOG_SKID|LOG_STDOUT, "ROUTES: NONE FOUND(!)\n");
+ } else {
+ int dstcol=0, devcol=1, gwcol=2;
+ Tbl = new NmapOutputTable( numroutes+1, 3 );
+ Tbl->addItem(0, dstcol, false, "DST/MASK", 8);
+ Tbl->addItem(0, devcol, false, "DEV", 3);
+ Tbl->addItem(0, gwcol, false, "GATEWAY", 7);
+ for(i=0; i < numroutes; i++) {
+ mask_nbo = htonl(routes[i].netmask);
+ addr_mtob(&mask_nbo, sizeof(mask_nbo), &nbits);
+ assert(nbits <= 32);
+ ia.s_addr = routes[i].dest;
+ Tbl->addItemFormatted(i+1, dstcol, "%s/%d", inet_ntoa(ia), nbits);
+ Tbl->addItem(i+1, devcol, false, routes[i].device->devfullname);
+ if (routes[i].gw.s_addr != 0)
+ Tbl->addItem(i+1, gwcol, true, inet_ntoa(routes[i].gw));
+ }
+ log_write(LOG_NORMAL|LOG_SKID|LOG_STDOUT, "**************************ROUTES**************************\n");
+ log_write(LOG_NORMAL|LOG_SKID|LOG_STDOUT, "%s\n", Tbl->printableTable(NULL));
+ log_flush_all();
+ delete Tbl;
+ }
+ return 0;
+}
+
/* Fills in namebuf (as long as there is space in buflen) with the
Name nmap normal output will use to describe the port. This takes
into account to confidence level, any SSL tunneling, etc. Truncates
@@ -208,7 +281,6 @@ static void getNmapServiceName(struct serviceDeductions *sd, int state,
char *dst = namebuf;
int lenremaining = buflen;
int len;
-
if (buflen < 1) return;
if (sd->service_tunnel == SERVICE_TUNNEL_SSL) {
@@ -1048,18 +1120,20 @@ void printosscanoutput(Target *currenths) {
printosclassificationoutput(currenths->FPR->getOSClassification(),
o.osscan_guess || !currenths->FPR->fingerprintSuitableForSubmission());
- if (currenths->FPR->overall_results == OSSCAN_SUCCESS && currenths->FPR->num_perfect_matches <= 8) {
+ if (currenths->FPR->overall_results == OSSCAN_SUCCESS && (currenths->FPR->num_perfect_matches <= 8 || o.debugging)) {
if (currenths->FPR->num_perfect_matches > 0) {
char *p;
log_write(LOG_MACHINE,"\tOS: %s", currenths->FPR->prints[0]->OS_name);
- log_write(LOG_XML, "\n",
- p = xml_convert(currenths->FPR->prints[0]->OS_name));
+ log_write(LOG_XML, "\n",
+ p = xml_convert(currenths->FPR->prints[0]->OS_name),
+ currenths->FPR->prints[0]->line);
free(p);
i = 1;
while(currenths->FPR->accuracy[i] == 1 ) {
log_write(LOG_MACHINE,"|%s", currenths->FPR->prints[i]->OS_name);
- log_write(LOG_XML, "\n",
- p = xml_convert(currenths->FPR->prints[i]->OS_name));
+ log_write(LOG_XML, "\n",
+ p = xml_convert(currenths->FPR->prints[i]->OS_name),
+ currenths->FPR->prints[i]->line);
free(p);
i++;
}
@@ -1090,9 +1164,10 @@ void printosscanoutput(Target *currenths) {
currenths->FPR->accuracy[0] - 0.10; i++) {
char *p;
log_write(LOG_NORMAL|LOG_SKID|LOG_STDOUT,", %s (%d%%)", currenths->FPR->prints[i]->OS_name, (int) (currenths->FPR->accuracy[i] * 100));
- log_write(LOG_XML, "\n",
+ log_write(LOG_XML, "\n",
p = xml_convert(currenths->FPR->prints[i]->OS_name),
- (int) (currenths->FPR->accuracy[i] * 100));
+ (int) (currenths->FPR->accuracy[i] * 100),
+ currenths->FPR->prints[i]->line);
free(p);
}
log_write(LOG_NORMAL|LOG_SKID|LOG_STDOUT, "\n");
@@ -1117,7 +1192,7 @@ void printosscanoutput(Target *currenths) {
} else {
log_write(LOG_NORMAL|LOG_SKID_NOXLT|LOG_STDOUT,"No OS matches for host (test conditions non-ideal).\nTCP/IP fingerprint:\n%s\n", mergeFPs(currenths->FPR->FPs, currenths->FPR->numFPs, currenths->FPR->osscan_opentcpport, currenths->FPR->osscan_closedtcpport, currenths->MACAddress()));
}
- } else if (currenths->FPR->overall_results == OSSCAN_TOOMANYMATCHES || currenths->FPR->num_perfect_matches > 8)
+ } else if (currenths->FPR->overall_results == OSSCAN_TOOMANYMATCHES || (currenths->FPR->num_perfect_matches > 8 && !o.debugging))
{
log_write(LOG_NORMAL|LOG_SKID|LOG_STDOUT,"Too many fingerprints match this host to give specific OS details\n");
if (o.debugging || o.verbose) {
@@ -1215,6 +1290,7 @@ void printserviceinfooutput(Target *currenths) {
char hostname_tbl[MAX_SERVICE_INFO_FIELDS][MAXHOSTNAMELEN];
char ostype_tbl[MAX_SERVICE_INFO_FIELDS][64];
char devicetype_tbl[MAX_SERVICE_INFO_FIELDS][64];
+ char *delim;
for (i=0; i &Targets) {
fatal("ran out of space in dst_hosts");
filterlen += len;
}
- len = snprintf(dst_hosts + filterlen, sizeof(dst_hosts) - filterlen, ")))");
- if (len < 0 || len + filterlen >= (int) sizeof(dst_hosts))
- fatal("ran out of space in dst_hosts");
}
filterlen = 0;
@@ -2964,7 +2961,7 @@ static void begin_sniffer(UltraScanInfo *USI, vector &Targets) {
if (USI->tcp_scan || USI->udp_scan) {
if (doIndividual)
len = snprintf(pcap_filter, sizeof(pcap_filter),
- "dst host %s and (icmp or (%s and (%s",
+ "dst host %s and (icmp or (%s and (%s)))",
inet_ntoa(Targets[0]->v4source()),
(USI->tcp_scan)? "tcp" : "udp", dst_hosts);
else len = snprintf(pcap_filter, sizeof(pcap_filter),
@@ -2977,7 +2974,7 @@ static void begin_sniffer(UltraScanInfo *USI, vector &Targets) {
} else if (USI->prot_scan) {
if (doIndividual)
len = snprintf(pcap_filter, sizeof(pcap_filter),
- "dst host %s and (icmp or (%s",
+ "dst host %s and (icmp or (%s))",
inet_ntoa(Targets[0]->v4source()), dst_hosts);
else
len = snprintf(pcap_filter, sizeof(pcap_filter), "dst host %s",
diff --git a/service_scan.cc b/service_scan.cc
index 2eafa2331..bdd896332 100644
--- a/service_scan.cc
+++ b/service_scan.cc
@@ -2012,6 +2012,7 @@ void servicescan_read_handler(nsock_pool nsp, nsock_event nse, void *mydata) {
case ECONNRESET:
case ECONNREFUSED: // weird to get this on a connected socket (shrug) but
// BSD sometimes gives it
+ case ECONNABORTED:
// Jerk hung up on us. Probably didn't like our probe. We treat it as with EOF above.
if (probe->isNullProbe()) {
// TODO: Perhaps should do further verification before making this assumption
diff --git a/tcpip.cc b/tcpip.cc
index 6929f95c6..c1ed961a6 100644
--- a/tcpip.cc
+++ b/tcpip.cc
@@ -1689,7 +1689,7 @@ bool NmapArpCache(int command, struct sockaddr_storage *ss, u8 *mac) {
in 6 bytes), senderIP, and rcvdtime (can be NULL if you don't care)
and returns 1. If it times out and reads no arp requests, returns
0. to_usec is the timeout period in microseconds. Use 0 to avoid
- blocking to the extent possible, and -1 to block forever. Returns
+ blocking to the extent possible. Returns
-1 or exits if ther is an error. */
int read_arp_reply_pcap(pcap_t *pd, u8 *sendermac, struct in_addr *senderIP,
long to_usec, struct timeval *rcvdtime) {
@@ -1706,7 +1706,7 @@ int read_arp_reply_pcap(pcap_t *pd, u8 *sendermac, struct in_addr *senderIP,
if (to_usec < 0) {
if (!warning) {
warning = 1;
- error("WARNING: Negative timeout value (%lu) passed to readip_pcap() -- using 0", to_usec);
+ error("WARNING: Negative timeout value (%lu) passed to %s() -- using 0", to_usec, __FUNCTION__);
}
to_usec = 0;
}
@@ -1724,15 +1724,18 @@ int read_arp_reply_pcap(pcap_t *pd, u8 *sendermac, struct in_addr *senderIP,
do {
#ifdef WIN32
- gettimeofday(&tv_end, NULL);
- long to_left = MAX(1, (to_usec - TIMEVAL_SUBTRACT(tv_end, tv_start)) / 1000);
- // Set the timeout (BUGBUG: this is cheating)
- PacketSetReadTimeout(pd->adapter, to_left);
+ if (to_usec == 0)
+ PacketSetReadTimeout(pd->adapter, 1);
+ else {
+ gettimeofday(&tv_end, NULL);
+ long to_left = MAX(1, (to_usec - TIMEVAL_SUBTRACT(tv_end, tv_start)) / 1000);
+ // Set the timeout (BUGBUG: this is cheating)
+ PacketSetReadTimeout(pd->adapter, to_left);
+ }
#endif
p = (u8 *) pcap_next(pd, &head);
-
if (p && head.caplen >= 42) { /* >= because Ethernet padding makes 60 */
/* frame type 0x0806 (arp), hw type eth (0x0001), prot ip (0x0800),
hw size (0x06), prot size (0x04) */
diff --git a/tcpip.h b/tcpip.h
index 78d2b1a8d..f026934f0 100644
--- a/tcpip.h
+++ b/tcpip.h
@@ -669,9 +669,13 @@ int ipaddr2devname( char *dev, const struct in_addr *addr );
int devname2ipaddr(char *dev, struct in_addr *addr);
/* Where the above 2 functions get their info */
struct interface_info *getinterfaces(int *howmany);
-/* Check whether an IP address appears to be directly connected to an
- interface on the computer (e.g. on the same ethernet network rather
- than having to route). Returns 1 if yes, -1 if maybe, 0 if not. */
+/* Parse the system routing table, converting each route into a
+ sys_route entry. Returns an array of sys_routes. numroutes is set
+ to the number of routes in the array. The routing table is only
+ read the first time this is called -- later results are cached.
+ The returned route array is sorted by netmask with the most
+ specific matches first. */
+struct sys_route *getsysroutes(int *howmany);
void sethdrinclude(int sd);
/* Fill buf (up to buflen -- truncate if necessary but always
diff --git a/utils.h b/utils.h
index a2ec16b31..8949ad05a 100644
--- a/utils.h
+++ b/utils.h
@@ -102,15 +102,15 @@
#ifndef UTILS_H
#define UTILS_H
-#ifdef WIN32
-#include "mswin32\winclude.h"
-#else
#include
#include
#include
#include
#include
#include
+#ifdef WIN32
+#include "mswin32\winclude.h"
+#else
#include
#if HAVE_NETINET_IN_H