This always goes to XML and grepable output. It goes to normal in
interactive output in verbose mode. The format for printing a down host
is changed slightly:
Nmap scan report for 1.1.1.1 [host down]
just handle it in the normal program flow. A problem with having two
pieces of code doing the same thing was that they varied a bit; if you
ran -sP --traceroute you wouldn't get the "Final times for host" output
because that was left out of one of the output loops. Another problem
was that the special-case logic assumed that traceroute was the only
thing that could happen after a port scan, which is not true because
script scanning can happen too. Running -sP --traceroute --script=all
would not run any scripts. Now it run asn-query and whois as expected.
numbers in a collision-free way for a full 2^32 cycle. This allows
Nmap to generate random IPs with -iR that don't have duplicates.
See:
http://seclists.org/nmap-dev/2009/q3/0695.html
How this is done is documented in the code.
properly so our signal handing code actually activates. But our signal
handling code was a bit questionable in many respects, so I removed most
of it under the theory that it hasn't been working for years and nobody
seemed to notice/care, so we presumably don't really need it. And if we
do decide to add it again, we basically will need to do it over because
we now want to do it safely from a reentrancy perspective. In particular,
I removed sigdie() and reaper(). We still have a few signal() calls. In
particular, we ignore SIGPIPE and we set SIGINT, SIGTERM, SIGHUP, and
SIGSEGV to the defaults (SIG_DFL) explicitly. Thanks to Ithilgore, Luis,
and Solar Designer in particular for fidning or commenting on the issue.
error
You can't use --max-parallelism with --scan-delay.
QUITTING!
to a warning
Warning: --min-parallelism and --max-parallelism are ignored with --scan-delay.
a layer 4 protocol used mostly for telephony related applications.
This brings the following new features:
o SCTP INIT chunk port scan (-sY): open ports return an INIT-ACK
chunk, closed ones an ABORT chunk. This is the SCTP equivalent
of a TCP SYN stealth scan.
o SCTP COOKIE-ECHO chunk port scan (-sZ): open ports are silent,
closed ports return an ABORT chunk.
o SCTP INIT chunk ping probes (-PY): host discovery using SCTP
INIT chunk packets.
o SCTP-specific IP protocol scan (-sO -p sctp).
o SCTP-specific traceroute support (--traceroute).
o The ability to use the deprecated Adler32 algorithm as specified
in RFC 2960 instead of CRC32C from RFC 4960 (--adler32).
o 42 well-known SCTP ports were added to the nmap-services file.
Part of the work on SCTP support was kindly sponsored by
Compass Security AG, Switzerland. [Daniel Roethlisberger]
exhaustive testing of 90 different probes, this one emerged as the
best four-probe combination, finding 14% more Internet hosts than
the previous default, -PE -PA80. The default for nonroot users is
-PS80,443, replacing the previous default of -PS80. In addition,
ping probes are now sent in order of effectiveness (-PE first) so
that less likely probes may not have to be sent.
host, which means that it is either found down or else all
port/script/traceroute/etc. scanning is finished. In r12798 I made it be
updated as soon as DNS resolution happened, to make the status display
"X undergoing Ping Scan" accurate. However the main loop also uses this
variable to count how many addresses have been generated so it knows
when to stop scanning random addresses. If -iR was used, only the first
hostgroup out of all the random addresses would be fully scanned and
then the scan would end. This change fixes that and also makes the
output more like it was pre-r12798; for example, if you had done name
resolution on 1024 hosts with --max-hostgroup 8, and had found the 8th
up host at the 280th one pinged, the output was
Stats: 0:00:29 elapsed; 1016 hosts completed (8 up), 8 undergoing Connect Scan
and is now
Stats: 0:00:29 elapsed; 272 hosts completed (8 up), 8 undergoing Connect Scan
loops that iterate over targets, not inside them. That prevents having
to iterate over every target doing nothing in the common case when those
scan types aren't used.
"\n" from a few error() calls. Changed a few f?printf() calls to
error() or log_write().
Most notably, I didn't change any of the --interactive printf()s or
the usage printf() call.
I think we should draw up some internal notes on when to use
LOG_STDOUT versus LOG_PLAIN versus all the other LOG_* options.
that it is set properly for ping scan. Previously status reports during
ping scan always looked like
Stats: 25:34:33 elapsed; 991232 hosts completed (72530 up), 0 undergoing Ping Scan
Note the "0 undergoing". Now that number will be set to 4096 or whatever
the current ping scan group size happens to be.
keeps the following debugging line from being printed in these modes:
PORTS: Using top 1000 ports found open (TCP:0, UDP:0)
This also speeds these up because it doesn't necessarily have to read and parse
nmap-services. Going from 0.25s to 0.04s for listing a /24 sounds good to me :)
