o [Ncat, Ndiff] The exit codes of these programs now reflect whether
they succeeeded. For Ncat, 0 means the connection was successful, 1
indicates a network error, and 2 indicates any other error. For
Ndiff, 0 means the scans were equal, 1 means they were different,
and 2 indicates a runtime error. [David]
can happen with -PN against a filtered host or with -PN -sP against any
host.
This works as expected when the remote host actually responds to the
ping probes, but takes a long time when the remote host ignores it. Take
this for example:
nmap -PN -sP --traceroute www.microsoft.com -n
TRACEROUTE (using proto 1/icmp)
HOP RTT ADDRESS
1 0.77 192.168.0.1
2 38.76 206.81.73.81
3 38.65 206.81.73.82
4 39.28 66.54.149.185
5 39.73 63.211.250.17
6 39.15 4.68.107.190
7 40.05 4.69.132.37
8 59.33 4.69.132.106
9 54.55 4.69.145.208
10 ...
11 ...
[Lots more lines]
49 ...
50 ...
! maximum TTL reached (50)
Nmap done: 1 IP address (1 host up) scanned in 2201.79 seconds
The traceroute can't stop, as it normally does, when it gets a response
from the target because no such response is forthcoming. So it keeps
going until it hits its own limit. The same trace against www.google.com
takes only about 30 seconds.
including alias extension, in several places to avoid this error message
when an alias has an IP address but the primary interface doesn't:
Failed to lookup subnet/netmask for device (venet0): venet0: no IPv4 address assigned
The patch also considers an interface alias if the primary interface
does not appear in the list of interfaces (perhaps because it does not
have an IP address assigned) when building the table of routes.
surrounding whitespace is ignored). Here is a simple example for clarity:
--script-args 'greeting = This is a greeting'
Becomes: { ["greeting"] = "This is a greeting" }
strdup before being handed to lua_pushstring. That was excessive because
lua_pushstring already makes its own internal copy of the string. This
was found by Coverity.
target address address field, not the destination address in the
enclosing ethernet frame. Some operating systems, including Windows
7 and Solaris 10, are known to at least sometimes send their ARP
replies to the broadcast address and Nmap wouldn't notice them. The
symptom of this was that root scans wouldn't work ("Host seems
down") but non-root scans would work. Thanks to Mike Calmus and
Vijay Sankar for reporting the problem, and Marcus Haebler for
suggesting the fix.
to be enabled when the GCC major version was greater than or equal to 4,
but the test was backwards to it was in effect for for versions less
than or equal to 4. So it was in effect already unconditional.
-fstrict-aliasing is supported all the way back in 2.95.2, and I suppose
-fno-strict-aliasing is too.
Script.new. Because of the new strict.lua library being added, scripts
would look for the absent filename global at load-time and fail due to an
error (ssh-hostkey.nse).
for an interface, and skip the interface. The warning looks like
Warning: Unable to get hardware address for interface %s -- skipping it.
This happens when a FireWire interface (fw*) has an address configured on Mac
OS X. Previously Nmap would die in getinterfaces so it wasn't even possible to
scan over the other interfaces.
o Fixed a log_write call and a pfatal call to use a syntax which is
safer from format strings bugs. This allows Nmap to build with the
gcc -Wformat -Werror=format-security options. [Guillaume Rousse]
