to verify their correctness and to check more than just the table in
ipv4-address-space. Beyond comment changes and some code movement:
* 198.51.100.0/24 and 203.0.113.0/24 are reserved by RFC5737 (Jan 2010)
* Fix 198.18.0.0/15, which was implemented wrongly. This goes back a while
and was handled somewhat like 198.18.0.0/18.
is used. See discussion at http://seclists.org/nmap-dev/2010/q1/837.
In this patch, all output formats are treated the same. So if a host
isn't shown in normal output, it's not shown in XML output either.
This establishes a more regular syntax for some options that disable
phases of a scan:
-n no reverse DNS
-Pn no host discovery
-sn no port scan
Also, the -sP was possibly misleading because the 'P' suggests "ping
scan," when you can now do more than just pinging when you disable port
scanning. For example, -sC -sn and -sn -Pn --traceroute make sense.
Warning: --min-parallelism and --max-parallelism are ignored with --scan-delay.
It was checking o.min_parallelism against -1, when its default value is
0.
file again when it needs it. This is called from nmap_free_mem, because
cp_free (also called by nmap_free_mem) invalidates members of the
services data structures.
In normal use this doesn't matter. It only matters when reinvoking the
engine several times with --interactive.
This always goes to XML and grepable output. It goes to normal in
interactive output in verbose mode. The format for printing a down host
is changed slightly:
Nmap scan report for 1.1.1.1 [host down]
just handle it in the normal program flow. A problem with having two
pieces of code doing the same thing was that they varied a bit; if you
ran -sP --traceroute you wouldn't get the "Final times for host" output
because that was left out of one of the output loops. Another problem
was that the special-case logic assumed that traceroute was the only
thing that could happen after a port scan, which is not true because
script scanning can happen too. Running -sP --traceroute --script=all
would not run any scripts. Now it run asn-query and whois as expected.
numbers in a collision-free way for a full 2^32 cycle. This allows
Nmap to generate random IPs with -iR that don't have duplicates.
See:
http://seclists.org/nmap-dev/2009/q3/0695.html
How this is done is documented in the code.
properly so our signal handing code actually activates. But our signal
handling code was a bit questionable in many respects, so I removed most
of it under the theory that it hasn't been working for years and nobody
seemed to notice/care, so we presumably don't really need it. And if we
do decide to add it again, we basically will need to do it over because
we now want to do it safely from a reentrancy perspective. In particular,
I removed sigdie() and reaper(). We still have a few signal() calls. In
particular, we ignore SIGPIPE and we set SIGINT, SIGTERM, SIGHUP, and
SIGSEGV to the defaults (SIG_DFL) explicitly. Thanks to Ithilgore, Luis,
and Solar Designer in particular for fidning or commenting on the issue.
error
You can't use --max-parallelism with --scan-delay.
QUITTING!
to a warning
Warning: --min-parallelism and --max-parallelism are ignored with --scan-delay.
a layer 4 protocol used mostly for telephony related applications.
This brings the following new features:
o SCTP INIT chunk port scan (-sY): open ports return an INIT-ACK
chunk, closed ones an ABORT chunk. This is the SCTP equivalent
of a TCP SYN stealth scan.
o SCTP COOKIE-ECHO chunk port scan (-sZ): open ports are silent,
closed ports return an ABORT chunk.
o SCTP INIT chunk ping probes (-PY): host discovery using SCTP
INIT chunk packets.
o SCTP-specific IP protocol scan (-sO -p sctp).
o SCTP-specific traceroute support (--traceroute).
o The ability to use the deprecated Adler32 algorithm as specified
in RFC 2960 instead of CRC32C from RFC 4960 (--adler32).
o 42 well-known SCTP ports were added to the nmap-services file.
Part of the work on SCTP support was kindly sponsored by
Compass Security AG, Switzerland. [Daniel Roethlisberger]
exhaustive testing of 90 different probes, this one emerged as the
best four-probe combination, finding 14% more Internet hosts than
the previous default, -PE -PA80. The default for nonroot users is
-PS80,443, replacing the previous default of -PS80. In addition,
ping probes are now sent in order of effectiveness (-PE first) so
that less likely probes may not have to be sent.
