Nmap Development mailing list archives
Re: OS Scan & Print Port Output after host timeout
From: Colin Phipps <cph () netcraft com>
Date: Mon, 12 Aug 2002 10:16:55 +0100
On Sat, Aug 10, 2002 at 04:31:31PM -0500, Johnson, Greg wrote:
(1) After a host_timeout, could nmap be made to print port output it may have accumulated? Nmap worked so hard to get that info, it's a pity to flush it away.
Agreed. It's not good to hammer a system with a port scan and then lose the results.
Removing the "else" at nmap.c 1017 around the output functions works for me. Less code, more results. I don't see any need to make an option for this behavior, so long as the output indicates that a timeout occurred.
This looks like a good time to resubmit my host-timeout patch. I have been using this for over a year and it seems solid. It fixes both pos_scan and super_scan to report after a timeout. It does print a warning when a timeout occurs. It was not included last time I submitted it in part because there were doubts about the safety of giving incomplete results. However, --host_timeout is not a default option, and there is a warning in the output - this is no less safe than the current output IMO, which gives a warning and tells you no ports at all. A timeout option that gives no output is simply not useful, so I hope this patch, or equivalent, will be included soon. -- Colin Phipps PGP 0x689E463E http://www.netcraft.com/
diff -pbur nmap-2.54BETA29/nmap.c nmap-2.54BETA29-NC/nmap.c --- nmap-2.54BETA29/nmap.c Fri Aug 10 06:53:07 2001 +++ nmap-2.54BETA29-NC/nmap.c Fri Aug 10 11:15:48 2001 @@ -1199,11 +1199,12 @@ int nmap_main(int argc, char *argv[]) { } if (currenths->timedout) { - log_write(LOG_NORMAL|LOG_SKID|LOG_STDOUT,"Skipping host %s (%s) due to host timeout\n", currenths->name, + log_write(LOG_NORMAL|LOG_SKID|LOG_STDOUT,"Results for host %s (%s) incomplete due to host timeout\n", currenths->name, inet_ntoa(currenths->host)); log_write(LOG_MACHINE,"Host: %s (%s)\tStatus: Timeout", inet_ntoa(currenths->host), currenths->name); - } else { + } + { assignignoredportstate(¤ths->ports); printportoutput(currenths, ¤ths->ports); printosscanoutput(currenths); diff -pbur nmap-2.54BETA29/scan_engine.c nmap-2.54BETA29-NC/scan_engine.c --- nmap-2.54BETA29/scan_engine.c Fri Aug 10 06:53:08 2001 +++ nmap-2.54BETA29-NC/scan_engine.c Fri Aug 10 11:21:04 2001 @@ -1059,11 +1059,11 @@ void pos_scan(struct hoststruct *target, error("WARNING: GAVE UP ON SCAN AFTER 20 RETRIES"); } + posscan_timedout: + if (o.verbose) log_write(LOG_STDOUT, "The %s took %ld %s to scan %d ports.\n", scantype2str(scantype), (long) time(NULL) - starttime, (((long) time(NULL) - starttime) == 1)? "second" : "seconds", numports); - posscan_timedout: - free(scan); if (rawsd >= 0) close(rawsd); @@ -1653,12 +1653,17 @@ void super_scan(struct hoststruct *targe } } while(changed && ++tries < 100); - openlist = testinglist; +superscan_timedout: /* cph - give a hint about open ports anyway */ if (o.debugging || o.verbose) log_write(LOG_STDOUT, "The %s took %ld %s to scan %d ports.\n", scantype2str(scantype), (long) time(NULL) - starttime, (((long) time(NULL) - starttime) == 1)? "second" : "seconds", numports); - for (current = openlist; current; current = (current->next >= 0)? &scan[current->next] : NULL) { + /* cph 2001/08/07 - all ports on both openlist and testinglist are + * potentially open, must mark them all as open for the results. + * Watch out for the messy logic here. */ + current = openlist; + do { + for (; current; current = (current->next >= 0)? &scan[current->next] : NULL) { if (scantype == IPPROT_SCAN) addport(&target->ports, current->portno, IPPROTO_IP, NULL, PORT_OPEN); else if (scantype != UDP_SCAN) @@ -1666,8 +1671,10 @@ void super_scan(struct hoststruct *targe else addport(&target->ports, current->portno, IPPROTO_UDP, NULL, PORT_OPEN); } - - superscan_timedout: + /* If we still have testinglist to do, get it now */ + current = testinglist; + testinglist = NULL; + } while (current); free(scan); close(rawsd);
--------------------------------------------------------------------- For help using this (nmap-dev) mailing list, send a blank email to nmap-dev-help () insecure org . List run by ezmlm-idx (www.ezmlm.org).
Current thread:
- OS Scan & Print Port Output after host timeout Johnson, Greg (Aug 10)
- Re: OS Scan & Print Port Output after host timeout Colin Phipps (Aug 12)
- Re: OS Scan & Print Port Output after host timeout Fyodor (Sep 25)