diff --git a/CHANGELOG b/CHANGELOG index 191de452d8..a30ad95bbb 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,4 +1,8 @@ # Nmap Changelog ($Id$); -*-text-*- +4.21ALPHA3 + +o Just fixed a packaging problem with the 4.21ALPHA2 release (thanks + to Alan Jones for reporting it). 4.21ALPHA2 diff --git a/Makefile.in b/Makefile.in index a4e2094d8e..0547e93ccc 100644 --- a/Makefile.in +++ b/Makefile.in @@ -1,4 +1,4 @@ -export NMAP_VERSION = 4.21ALPHA2 +export NMAP_VERSION = 4.21ALPHA3 NMAP_NAME= Nmap NMAP_URL= http://insecure.org NMAP_PLATFORM=@host@ diff --git a/docs/nmap.1 b/docs/nmap.1 index 6056566ec3..cbf2a6570b 100644 --- a/docs/nmap.1 +++ b/docs/nmap.1 @@ -2,7 +2,7 @@ .\" It was generated using the DocBook XSL Stylesheets (version 1.69.1). .\" Instead of manually editing it, you probably should edit the DocBook XML .\" source for it and then use the DocBook XSL Stylesheets to regenerate it. -.TH "NMAP" "1" "03/12/2007" "" "Nmap Reference Guide" +.TH "NMAP" "1" "03/15/2007" "" "Nmap Reference Guide" .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) @@ -375,6 +375,25 @@ or \fB\-PS\fR) are specified, Nmap uses ARP instead for any of the targets which are on the same LAN. If you absolutely don't want to do an ARP scan, specify \fB\-\-send\-ip\fR. .TP +\fB\-\-traceroute\fR (Trace path to host) +Traceroutes are performed post\-scan using information from the scan results to determine the port and protocol most likely to reach the target. It works with all scan types except connect scans (\-sT) and idle scans (\-sI). All traces use nmap's dynamic timing model and are performed in parallel. +.sp +Traceroute works by sending packets with a low TTL (time\-to\-live) in an attempt to illicit ICMP TTL_EXCCEDED messages from intermediate hops between the scanner and the target host. Standard traceroute implementation start with a TTL of 1 and increment the TTL until the destination host is reached. Nmap's traceroute starts with a high TTL and then decrements the TTL until it reaches 0. Doing it backwards lets nmap employ clever caching algorithms to speed up traces over multiple hosts. On average nmap sends 5\-10 fewer packets per host, depending on network conditions. If a single subnet is being scanned (i.e. 192.168.0.0/24) nmap may only have to send a single packet to most hosts. +.sp +The output from each trace is consolidated to save space, There are two type of consolidation: timed out and reference trace. A reference trace is a cache of hops nmap has already reported. +Example\ 14.2.\ Timeout consolidation.sp +.nf + 1 ... Hop 1 timed out + 1 ... 6 Hop 1 to 6 timed out + +.fi +Example\ 14.3.\ Reference consolidation (hop cache).sp +.nf + 1 \-\- Hop 1 has been taken from the reference trace + 1 \-\-> 6 Hop 1 to 6 have been taken from the reference trace + +.fi +.TP \fB\-n\fR (No DNS resolution) Tells Nmap to \fInever\fR @@ -669,25 +688,6 @@ option. By default, Nmap randomizes the scanned port order (except that certain commonly accessible ports are moved near the beginning for efficiency reasons). This randomization is normally desirable, but you can specify \fB\-r\fR for sequential port scanning instead. -.TP -\fB\-\-traceroute\fR (Trace path to host) -Traceroutes are performed post\-scan and they uses information from the scan results to determines a valid responsive port and protocol to trace to. It works with all scan types apart from connect scans (\-sT) and idle scans (\-sI). All traces use nmap's dynamic timing model and are performed in parallel. -.sp -Traceroute works by sending packets with a low TTL (time\-to\-live) in an attempt to illicit ICMP TTL_EXCCEDED messages from intermediate hops between the scanner and the target host. Standard traceroute implementation start with a TTL of 1 and increment the TTL until the destination host is reached. Nmap's traceroute starts with a high TTL and then decrements the TTL until it reaches 0. Doing it backwards means nmap can employ clever caching algorithms to speed up traces over multiple hosts. On average nmap sends 5\-10 less packet per host, depending on network condition. If a related subnet is being scanned (I.E 192.168.0.0/24) nmap may only have to send a single packet to the majority of hosts. -.sp -The output from each trace is consolidated to save space, There are two type of consolidation timed out and reference trace. A reference trace can be considered a cache of hops nmap has seen so far. -Example\ 14.2.\ Timeout consolidation.sp -.nf - 1 ... Hop 1 timed out - 1 ... 6 Hop 1 to 6 timed out - -.fi -Example\ 14.3.\ Reference consolidation (hop cache).sp -.nf - 1 \-\- Hop 1 has been taken from the reference trace - 1 \-\-> 6 Hop 1 to 6 have been taken from the reference trace - -.fi .SH "SERVICE AND VERSION DETECTION" .PP Point Nmap at a remote machine and it might tell you that ports 25/tcp, 80/tcp, and 53/udp are open. Using its diff --git a/docs/nmap.usage.txt b/docs/nmap.usage.txt index ac9b950bd8..1e370563ce 100644 --- a/docs/nmap.usage.txt +++ b/docs/nmap.usage.txt @@ -24,6 +24,7 @@ SCAN TECHNIQUES: -sI : Idlescan -sO: IP protocol scan -b : FTP bounce scan + --traceroute: Trace hop path to each host PORT SPECIFICATION AND SCAN ORDER: -p : Only scan specified ports Ex: -p22; -p1-65535; -p U:53,111,137,T:21-25,80,139,8080 diff --git a/nmap-os-db b/nmap-os-db index c18465497e..36db5947d8 100644 --- a/nmap-os-db +++ b/nmap-os-db @@ -3471,6 +3471,24 @@ T7(R=Y%DF=Y%T=40%TG=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=) U1(DF=N%T=40%TG=40%TOS=C0%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUL=G%RUD=G) IE(DFI=N%T=40%TG=40%TOSI=S%CD=S%SI=S%DLI=S) +# Linux 2.6.17-1.2157_FC5 #1 SMP Tue Jul 11 22:53:56 EDT 2006 x86_64 x86_64 x86_64 GNU/Linux +# Linux 2.6.18-1.2868.fc6xen #1 SMP Fri Dec 15 18:20:31 EST 2006 i686 i686 i386 GNU/Linux +Fingerprint Linux 2.6.17 - 2.6.18 (Fedora) +Class Linux | Linux | 2.6.X | general purpose +SEQ(SP=C4-D0%GCD=<7%ISR=C3-D3%TI=Z%II=I%TS=8) +OPS(O1=M400CST11NW7%O2=M400CST11NW7%O3=M400CNNT11NW7%O4=M400CST11NW7%O5=M400CST11NW7%O6=M400CST11) +WIN(W1=8000%W2=8000%W3=8000%W4=8000%W5=8000%W6=8000) +ECN(R=Y%DF=Y%T=40%TG=40%W=8018%O=M400CNNSNW7%CC=N%Q=) +T1(R=Y%DF=Y%T=40%TG=40%S=O%A=S+%F=AS%RD=0%Q=) +T2(R=N) +T3(R=Y%DF=Y%T=40%TG=40%W=8000%S=O%A=S+%F=AS%O=M400CST11NW7%RD=0%Q=) +T4(R=Y%DF=Y%T=40%TG=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=) +T5(R=Y%DF=Y%T=40%TG=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=) +T6(R=Y%DF=Y%T=40%TG=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=) +T7(R=Y%DF=Y%T=40%TG=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=) +U1(DF=N%T=40%TG=40%TOS=C0%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUL=G%RUD=G) +IE(DFI=N%T=40%TG=40%TOSI=S%CD=S%SI=S%DLI=S) + # Linux 2.6.17 i686 (custom compiled) # Linux 2.6.17-gentoo-r8 #1 Tue Sep 19 14:27:17 EDT 2006 i686 Intel(R) Pentium(R) 4 CPU 2.40GHz GNU/Linux # Linux jess 2.6.18.2-pentiumm #1 PREEMPT Tue Nov 14 20:10:06 WST 2006 i686 GNU/Linux (Debian 3.1) @@ -3545,6 +3563,24 @@ T7(R=Y%DF=Y%T=40%TG=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=) U1(DF=N%T=40%TG=40%TOS=C0%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUL=G%RUD=G) IE(DFI=N%T=40%TG=40%TOSI=S%CD=S%SI=S%DLI=S) +# Linux 2.6.18.2 SMP x86_64 +# Linux 2.6.17-1.2157_FC5 #1 SMP Tue Jul 11 22:53:56 EDT 2006 x86_64 x86_64 x86_64 GNU/Linux +Fingerprint Linux 2.6.17 - 2.6.18 SMP x86_64 +Class Linux | Linux | 2.6.X | general purpose +SEQ(SP=BF-CF%GCD=<7%ISR=C4-CE%TI=Z%II=I%TS=8) +OPS(O1=M5B4ST11NW7%O2=M5B4ST11NW7%O3=M5B4NNT11NW7%O4=M5B4ST11NW7%O5=M5B4ST11NW7%O6=M5B4ST11) +WIN(W1=16A0%W2=16A0%W3=16A0%W4=16A0%W5=16A0%W6=16A0) +ECN(R=Y%DF=Y%T=40%TG=40%W=16D0%O=M5B4NNSNW7%CC=N%Q=) +T1(R=Y%DF=Y%T=40%TG=40%S=O%A=S+%F=AS%RD=0%Q=) +T2(R=N) +T3(R=Y%DF=Y%T=40%TG=40%W=16A0%S=O%A=S+%F=AS%O=M5B4ST11NW7%RD=0%Q=) +T4(R=Y%DF=Y%T=40%TG=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=) +T5(R=Y%DF=Y%T=40%TG=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=) +T6(R=Y%DF=Y%T=40%TG=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=) +T7(R=Y%DF=Y%T=40%TG=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=) +U1(DF=N%T=40%TG=40%TOS=C0%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUL=G%RUD=G) +IE(DFI=N%T=40%TG=40%TOSI=S%CD=S%SI=S%DLI=S) + # Linux 2.6.19 SMP PREEMPT x86 (pentium4) w/highmem # Linux 2.6.19 #1 SMP PREEMPT Fri Dec 8 20:20:56 IST 2006 i686 GNU/Linux # Linux 2.6.19-rc6-mm2 (x86, custom compiled), Debian Unstable @@ -3602,24 +3638,6 @@ T7(R=Y%DF=Y%T=40%TG=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=) U1(DF=N%T=40%TG=40%TOS=C0%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUL=G%RUD=G) IE(DFI=N%T=40%TG=40%TOSI=S%CD=S%SI=S%DLI=S) -# Linux 2.6.17-1.2157_FC5 #1 SMP Tue Jul 11 22:53:56 EDT 2006 x86_64 x86_64 x86_64 GNU/Linux -# Linux 2.6.18-1.2868.fc6xen #1 SMP Fri Dec 15 18:20:31 EST 2006 i686 i686 i386 GNU/Linux -Fingerprint Linux 2.6.17 - 2.6.18 (Fedora) -Class Linux | Linux | 2.6.X | general purpose -SEQ(SP=C4-D0%GCD=<7%ISR=C3-D3%TI=Z%II=I%TS=8) -OPS(O1=M400CST11NW7%O2=M400CST11NW7%O3=M400CNNT11NW7%O4=M400CST11NW7%O5=M400CST11NW7%O6=M400CST11) -WIN(W1=8000%W2=8000%W3=8000%W4=8000%W5=8000%W6=8000) -ECN(R=Y%DF=Y%T=40%TG=40%W=8018%O=M400CNNSNW7%CC=N%Q=) -T1(R=Y%DF=Y%T=40%TG=40%S=O%A=S+%F=AS%RD=0%Q=) -T2(R=N) -T3(R=Y%DF=Y%T=40%TG=40%W=8000%S=O%A=S+%F=AS%O=M400CST11NW7%RD=0%Q=) -T4(R=Y%DF=Y%T=40%TG=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=) -T5(R=Y%DF=Y%T=40%TG=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=) -T6(R=Y%DF=Y%T=40%TG=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=) -T7(R=Y%DF=Y%T=40%TG=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=) -U1(DF=N%T=40%TG=40%TOS=C0%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUL=G%RUD=G) -IE(DFI=N%T=40%TG=40%TOSI=S%CD=S%SI=S%DLI=S) - # Linux 2.6.17.13, x86, slackware 11.0 Fingerprint Linux 2.6.17.13 (Slackware 11.0, x86) Class Linux | Linux | 2.6.X | general purpose @@ -3981,24 +3999,6 @@ T7(R=Y%DF=Y%T=40%TG=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=) U1(DF=N%T=40%TG=40%TOS=C0%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUL=G%RUD=G) IE(DFI=N%T=40%TG=40%TOSI=S%CD=S%SI=S%DLI=S) -# Linux 2.6.18.2 SMP x86_64 -# Linux 2.6.17-1.2157_FC5 #1 SMP Tue Jul 11 22:53:56 EDT 2006 x86_64 x86_64 x86_64 GNU/Linux -Fingerprint Linux 2.6.17 - 2.6.18 SMP x86_64 -Class Linux | Linux | 2.6.X | general purpose -SEQ(SP=BF-CF%GCD=<7%ISR=C4-CE%TI=Z%II=I%TS=8) -OPS(O1=M5B4ST11NW7%O2=M5B4ST11NW7%O3=M5B4NNT11NW7%O4=M5B4ST11NW7%O5=M5B4ST11NW7%O6=M5B4ST11) -WIN(W1=16A0%W2=16A0%W3=16A0%W4=16A0%W5=16A0%W6=16A0) -ECN(R=Y%DF=Y%T=40%TG=40%W=16D0%O=M5B4NNSNW7%CC=N%Q=) -T1(R=Y%DF=Y%T=40%TG=40%S=O%A=S+%F=AS%RD=0%Q=) -T2(R=N) -T3(R=Y%DF=Y%T=40%TG=40%W=16A0%S=O%A=S+%F=AS%O=M5B4ST11NW7%RD=0%Q=) -T4(R=Y%DF=Y%T=40%TG=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=) -T5(R=Y%DF=Y%T=40%TG=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=) -T6(R=Y%DF=Y%T=40%TG=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=) -T7(R=Y%DF=Y%T=40%TG=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=) -U1(DF=N%T=40%TG=40%TOS=C0%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUL=G%RUD=G) -IE(DFI=N%T=40%TG=40%TOSI=S%CD=S%SI=S%DLI=S) - # "Linux 2.6.19s #2 Thu Dec 7 11:56:38 CET 2006 i686 GNU/Linux" 2.6.19 custom-built Fingerprint Linux 2.6.19 Class Linux | Linux | 2.6.X | general purpose diff --git a/nmap_winconfig.h b/nmap_winconfig.h index 685e2b40aa..f7d2a70699 100644 --- a/nmap_winconfig.h +++ b/nmap_winconfig.h @@ -106,7 +106,7 @@ /* Without this, Windows will give us all sorts of crap about using functions like strcpy() even if they are done safely */ #define _CRT_SECURE_NO_DEPRECATE 1 -#define NMAP_VERSION "4.21ALPHA2" +#define NMAP_VERSION "4.21ALPHA3" #define NMAP_NAME "Nmap" #define NMAP_URL "http://insecure.org" #define NMAP_PLATFORM "i686-pc-windows-windows" diff --git a/traceroute.cc b/traceroute.cc index bc61d2026f..83decee0e6 100644 --- a/traceroute.cc +++ b/traceroute.cc @@ -834,7 +834,7 @@ Traceroute::trace (vector < Target * >&Targets) { * otherwise it is equal to o.timing_level. If the timing level it 0 * it is equal to 1 */ if (tg->getRemaining () >= - tg->gotReply ? (!o.timing_level ? 1 : o.timing_level) : 2) + (tg->gotReply ? (!o.timing_level ? 1 : o.timing_level) : 2)) continue; } if (tg->getState () != G_OK || !tg->hopDistance)