PROBESTATE_EXCLUDED, and PROBESTATE_INCOMPLETE to 3, not 2. We're
looking up the service name in the same way as when no service detection
is done, so the confidence should be the same.
I think you can make a case that the confidence should be lower if
service detection is done but doesn't find a match. But this matches the
behavior of Nmap 4.76, using a confidence of 3 for
PROBESTATE_FINISHED_NOMATCH.
match, not only for PROBESTATE_EXCLUDED. Otherwise a serviceDeductions
gets allocated but its name doesn't get set. Later, when a
serviceDeductions is present with no name, XML output doesn't print the
service element.
port is unknown, instead of -1. This makes it a better fit with the
other accessor functions. For those callers that need to know whether a
port is in the default state or not, add PortList::portIsDefault.
Having getPortState return -1 for ports in the default state would cause
the slightly wrong
Discovered unknown port 88/udp on 192.168.0.190 is actually open
to be printed instead of
Discovered open|filtered port 88/udp on 192.168.0.190 is actually open
scan response, instead of checking for a current state of
PORT_OPENFILTERED. The code calls getPortState, but the port may not
have been assigned a state, again because of the new Port allocation
architecture, so the function returns -1.
It would make sense to have getPortState return the default port state
if a Port has not been allocated, but there are two other places it is
used where the code relies on it returning -1 to indicate that a port
has not received a state yet.
called. Formerly the only way to create a port was to call
PortList::addPort, which also set the state. Now ports are allocated on
demand whenever anything about a port is set. If we don't set the state
and reason, they're "unknown" and "unknown-reason". Because of the
special handling of PORT_UNKNOWN in the output table, this could lead to
an assertion failure reported by Jon Kibler.
changes. The first is that Port objects don't allocate memory for
service and RPC results unless that information is set. This reduces the
size of a bare Port from 92 to 40 bytes on my machine. The second change
is that PortList now has the notion of a "default port state," which is
the state of any ports that didn't receive a response. These ports don't
need an allocated Port object, which saves a lot of memory in scans
where most ports didn't get a response.
a layer 4 protocol used mostly for telephony related applications.
This brings the following new features:
o SCTP INIT chunk port scan (-sY): open ports return an INIT-ACK
chunk, closed ones an ABORT chunk. This is the SCTP equivalent
of a TCP SYN stealth scan.
o SCTP COOKIE-ECHO chunk port scan (-sZ): open ports are silent,
closed ports return an ABORT chunk.
o SCTP INIT chunk ping probes (-PY): host discovery using SCTP
INIT chunk packets.
o SCTP-specific IP protocol scan (-sO -p sctp).
o SCTP-specific traceroute support (--traceroute).
o The ability to use the deprecated Adler32 algorithm as specified
in RFC 2960 instead of CRC32C from RFC 4960 (--adler32).
o 42 well-known SCTP ports were added to the nmap-services file.
Part of the work on SCTP support was kindly sponsored by
Compass Security AG, Switzerland. [Daniel Roethlisberger]
attempt to reduce the number of warnings like "Warning: Servicescan
failed to fill info_template...". Parts of this change include:
o Improved the text of the warning to be less confusing
o Increased the internal version info buffer to 256 chars from 128
o Increased the final version string length to 160 from 128 chars
o Changed the behavior when constructing the final version string so
that if it runs out of space, rather than dropping the output of that
template it truncates the template with ...
o Fixed the printing of unneeded spaces between templates when one of the
templates isn't going to be printed at all.
measurements. These commonly responsive ports are moved to the front of the
list when randomizing ports to help us quickly get some timing feedback and
find a timing ping probe.
The previous list was
{ 21, 22, 23, 25, 53, 80, 113, 256, 389, 443, 554, 636, 1723, 3389 }
The new list is
{ 80, 23, 443, 21, 22, 25, 3389, 110, 445, 139, 143, 53, 135, 113 }
The ports that were removed are
256 fw1-secureremote
389 ldap
554 rtsp
636 ldapssl
1723 pptp
The ports that were added are
110 pop3
135 msrpc
139 netbios-ssn
143 imap
445 microsoft-ds
as the "name_confidence" member of a service match. I grepped the whole source
tree and couldn't find any reference to "confidence" besides its declaration
and initialization; it builds fine without it.
