scan. ARP scan had a hardcoded initial timeout of 100 ms, which could be
lower than the minimum requested. The default minimum timeout is also
100 ms, so this has no effect if --min-rtt-timeout is not used.
* Adding path-mtu.nse for Path MTU Discovery
* Nmap now stores the MTU for interfaces (from SIOCGIFMTU or libdnet)
* Scripts can access the MTU for host.interface via host.interface_mtu
* Nmap prints the MTU for interfaces in --iflist
targets.cc, and return false if it is so. This indicates that we are not
doing a raw scan. target->deviceName != NULL is necessary before
checking target->directlyConnected(), otherwise you get this assertion
failure when doing any non-root scan (such as -sT or -sL) as root with
two or more targets:
nmap: Target.cc:369: bool Target::directlyConnected() const: Assertion `directly_connected == 0 || directly_connected == 1' failed.
Aborted
This is how the logic originally worked, and I accidentally broke it in
r17892.
one already present in the current group. This is because ultra_scan
does not cope with multiple targets sharing the same IP address. However
this alone isn't enough to force a new host group, because the loop in
nmap.cc concatenates groups that nexthost splits apart, with its own
duplicate logic for breaking up groups.
different host group. Also insert the target into the group only after
we're sure we want it, instead of provisionally inserting it and then
removing it after we find it's unwanted.
"base address" from which a group of addresses were derived, for example
in "scanme.nmap.org/24", "scanme.nmap.org" would be the base address.
Use these methods to set the target name of that one host even when
addresses come from a netmask.
Before, a variable was set to NULL if it was not AF_INET, and was later
dereferenced in handling target groups containing IPv4 addresses. This
never actually caused a problem because Nmap's -6 switch is global, so
if an AF_INET6 address was passed to hostInExclude, none of the target
groups could have contained IPv4 addresses and the NULL dereference
would not have occurred. It might have broken easily in the future
though. Now the IPv4 target groups make sure they are dealing with an
AF_INET address.
a layer 4 protocol used mostly for telephony related applications.
This brings the following new features:
o SCTP INIT chunk port scan (-sY): open ports return an INIT-ACK
chunk, closed ones an ABORT chunk. This is the SCTP equivalent
of a TCP SYN stealth scan.
o SCTP COOKIE-ECHO chunk port scan (-sZ): open ports are silent,
closed ports return an ABORT chunk.
o SCTP INIT chunk ping probes (-PY): host discovery using SCTP
INIT chunk packets.
o SCTP-specific IP protocol scan (-sO -p sctp).
o SCTP-specific traceroute support (--traceroute).
o The ability to use the deprecated Adler32 algorithm as specified
in RFC 2960 instead of CRC32C from RFC 4960 (--adler32).
o 42 well-known SCTP ports were added to the nmap-services file.
Part of the work on SCTP support was kindly sponsored by
Compass Security AG, Switzerland. [Daniel Roethlisberger]
host, which means that it is either found down or else all
port/script/traceroute/etc. scanning is finished. In r12798 I made it be
updated as soon as DNS resolution happened, to make the status display
"X undergoing Ping Scan" accurate. However the main loop also uses this
variable to count how many addresses have been generated so it knows
when to stop scanning random addresses. If -iR was used, only the first
hostgroup out of all the random addresses would be fully scanned and
then the scan would end. This change fixes that and also makes the
output more like it was pre-r12798; for example, if you had done name
resolution on 1024 hosts with --max-hostgroup 8, and had found the 8th
up host at the 280th one pinged, the output was
Stats: 0:00:29 elapsed; 1016 hosts completed (8 up), 8 undergoing Connect Scan
and is now
Stats: 0:00:29 elapsed; 272 hosts completed (8 up), 8 undergoing Connect Scan
that it is set properly for ping scan. Previously status reports during
ping scan always looked like
Stats: 25:34:33 elapsed; 991232 hosts completed (72530 up), 0 undergoing Ping Scan
Note the "0 undergoing". Now that number will be set to 4096 or whatever
the current ping scan group size happens to be.
Previously the ping probe data structures were stored in NmapOps,
now they will be stored in the scan_lists struct. All other changes
auxiliary to this reorganization.
line, since this can differ from the reverse DNS results. It can be
particularly important when doing HTTP tests against virtual hosts.
The data can be accessed from target->HostName() from Nmap proper
and host.targetname from NSE scripts. The NSE HTTP library now uses
this for the Host header. Thanks to Sven Klemm for adding this
useful feature.
This is the merging of the code that was previously in
/nmap-exp/david/nmap-massping-migration. These are all the big changes
that get rid of massping in favor of doing host discovery using
ultra_scan.
For now, there is a toggle that turns these new changes off. Undefine
NEW_MASSPING in targets.cc to go back to the old code. All of that will
be deleted eventually.
There are likely a few more changes that will be made to this system in
the near future. Those will be made in
/nmap-exp/david/nmap-massping-migration and merged back.
Don't release this just yet, because I'm going to make a few more
commits real quick to remove some debugging stuff.
(Note to self: this merge back was from r5693 in
/nmap-exp/david/nmap-massping-migration.)
