Nmap is een handig programma voor het verkennen en controleren van je netwerk. Het is ontworpen om zonder vertragingen een groot netwerk te scannen, maar het werkt ook zonder problemen op een enkele host. Het programma maakt gebruik van zogenaamde 'raw IP packets' waarmee de actieve hosts en de beschikbare services met allerlei extra informatie worden achterhaald. Voor meer informatie over de mogelijkheden verwijzen we jullie door naar deze pagina. De ontwikkelaar van Insecure.org heeft Nmap 4.10 de deur uitgedaan met de volgende veranderingen sinds de vorige vermelding in onze meuktracker:
- Updated nmap-mac-prefixes to reflect the latest OUI DB from the IEEE as of May 31, 2006. Also added a couple unregistered OUI's (for QEMU and Bochs) suggested by Robert Millan.
- Fixed a bug which could cause false "open" ports when doing a UDP scan of localhost. This usually only happened when you scan tens of thousands of ports (e.g. -p- option).
- Fixed a bug in service detection which could lead to a crash when "--version-intensity 0" was used with a UDP scan. Thanks to Makoto Shiotsuki for reporting the problem and Doug Hoyte for producing a patch.
- Made some AIX and HP-UX portability fixes to Libdnet and NmapFE. These were sent in by Peter O'Gorman.
- When you do a UDP+TCP scan, the TCP ports are now shown first (in numerical order), followed by the UDP ports (also in order). This contrasts with the old format which showed all ports together in numerical order, regardless of protocol. This was at first a "bug", but then I started thinking this behavior may be better. If you have a preference for one format or the other, please post your reasons to nmap-dev.
- Changed mass_dns system to print a warning if it can't find any available DNS servers, but not quit like it used to. Thanks to Doug Hoyte for the patch.
- Integrated all of your submissions (about a thousand) from the first quarter of this year! Please keep 'em coming! The DB has increased from 3,153 signatures representing 381 protocols in 4.03 to 3,441 signatures representing 401 protocols. No other tool comes close! Many of the already existing match lines were improved too. Thanks to Version Detection Czar Doug Hoyte for doing this.
- Nmap now allows multiple ingored port states. If a 65K-port scan had, 64K filtered ports, 1K closed ports, and a few dozen open ports, Nmap used to list the dozen open ones among a thousand lines of closed ports. Now Nmap will give reports like "Not shown: 64330 filtered ports, 1000 closed ports" or "All 2051 scanned ports on 192.168.0.69 are closed (1051) or filtered (1000)", and omit all of those ports from the table. Open ports are never ignored. XML output can now have multiple directive (one for each ignored state). The number of ports in a single state before it is consolidated defaults to 26 or more, though that number increases as you add -v or -d options. With -d3 or higher, no ports will be consolidated. The XML output should probably be augmented to give the extraports directive 'ip', 'tcp', and 'udp' attributes which specify the corresponding port numbers in the given state in the same listing format as the nmaprun.scaninfo.services attribute, but that part hasn't yet been implemented. If you absoultely need the exact port numbers for each state in the XML, use -d3 for now.
- Nmap now ignores certain ICMP error message rate limiting (rather than slowing down to accomidate it) in cases such as SYN scan where an ICMP message and no response mean the same thing (port filtered). This is currently only done at timing level Aggressive (-T4) or higher, though we may make it the default if we don't hear problems with it. In addition, the --defeat-rst-ratelimit option has been added, which causes Nmap not to slow down to accomidate RST rate limits when encountered. For a SYN scan, this may cause closed ports to be labeled 'filtered' becuase Nmap refused to slow down enough to correspond to the rate limiting. Learn more about this new option here. Thanks to Martin Macok for writing the patch that these changes were based on.
- Moved my Nmap development environment to Visual C++ 2005 Express edition. In typical "MS Upgrade Treadmill" fashion, Visual Studio 2003 users will no longer be able to compile Nmap using the new solution files. The compilation, installation, and execution instructions at http://www.insecure.org/nmap/install/inst-windows.html have been upgraded.
- Automated my Windows build system so that I just have to type a single make command in the mswin32 directory. Thanks to Scott Worley, Shane & Jenny Walters, and Alex Prinsier for reading my appeal in the 4.03 CHANGELOG and assisting.
- Changed the PortList class to use much more efficient data structures and algorithms which take advantage of Nmap-specific behavior patterns. Thanks to Marek Majkowski for the patch.
- Fixed a bug which prevented certain TCP+UDP scan commands, such as "nmap -sSU -p1-65535 localhost" from scanning both TCP and UDP. Instead they gave the error message "WARNING: UDP scan was requested, but no udp ports were specified. Skipping this scan type". Thanks to Doug Hoyte for the patch.
- Nmap has traditionally required you to specify -T* timing options before any more granular options like --max-rtt-timeout, otherwise the general timing option would overwrite the value from your more specific request. This has now been fixed so that the more specific options always have precendence. Thanks to Doug Hoyte for this patch.
- Fixed a couple possible memory leaks reported by Ted Kremenek from the Stanford University sofware static analysis lab ("Checker" project).
- Nmap now prints a warning when you specify a target name which resolves to multiple IP addresses. Nmap proceeds to scan only the first of those addresses (as it always has done). Thanks to Doug Hoyte for the patch. The warning looks like this: Warning: Hostname google.com resolves to 3 IPs. Using 126.96.36.199.
- Disallow --host-timeout values of less than 1500ms, print a warning for values less than 15s.
- Changed all instances of inet_aton() into calls to inet_pton() instead. This allowed us to remove inet_aton.c from nbase. Thanks to KX for the patch.
- When debugging (-d) is specified, Nmap now prints a report on the timing variables in use. Thanks to Doug Hoyte for the patch. The report looks like this:---------- Timing report ----------
hostgroups: min 1, max 100000
rtt-timeouts: init 250, min 50, max 300
scan-delay: TCP 5, UDP 1000
parallelism: min 0, max 0
max-retries: 2, host-timeout 900000
- Modified the WinPcap installer file to explicitly uninstall an existing WinPcap (if you select that you wish to replace it) rather than just overwriting the old version. Thanks to Doug Hoyte for making this change.
- Added some P2P application ports to the nmap-services file. Thanks to Martin Macok for the patch.
- The write buffer length increased in 4.03 was increased even further when the debugging or verbosity levels are more than 2 (e.g. -d3). Thanks to Brandon Enright for the patch. The goal is to prevent you from ever seeing the fatal error: "log_vwrite: write buffer not large enough -- need to increase"
- Added a note to the Nmap configure dragon that people sick of him can submit their own ASCII art to email@example.com . If you are wondering WTF I am talking about, it is probably because only most elite Nmap users -- the ones who compile from source on UNIX -- get to see the 'l33t ASCII Art.
- Updated the LibPCRE build system to add the -fno-thread-jumps option to gcc when compiling on the new Intel-based Apple Mac OS X systems. Hopefully this resolves the version detection crashes that several people have reported on such systems. Thanks to Kurt Grutzmacher for sending the configure.ac patch.
- Made some portability fixes to keep Nmap compiling with the newest Visual Studio 2005. Thanks to KX for suggesting them.
- Service fingerprints are now provided in the XML output whenever they would appear in the interactive output (i.e. when a service response with data but is unrecognized). They are shown in a new 'servicefp' attribute to the 'service' tag. Thanks to Brandon Enright for sending the patch.
- Improved the Windows build system -- mswin32/Makefile now takes care of packaging Nmap and creating the installers once Visual Studio (GUI) is done building the Release version of mswin32/nmap.sln. If someone knows how to do this (build) step on the command line (using the Makefile), please let me know. Or if you know how to at least make 'Release' (rather than Debug) the default configuration, that would be valuable.
- WinPcap 3.1 binaries are now shipped in the Nmap tarball, along with a customized installer written by Doug Hoyte. That new WinPcap installer is now used by the Nmap self-installer (if you request WinPcap installation). Some Nmap users were uncomfortable with a "phone home" feature of the official WinPcap installer. It connects back to CACE Technologies, ostensibly to display news and (more recently) advertisements. Our new installer omits that feature, but should be otherwise perfectly compatible with WinPcap 3.1.
- Fixed (I hope) a problem where aggressive --min-parallelization option values could cause Nmap to quit with the message "box(300, 100, 15) called (min,max,num)". Thanks to Richard van den Berg for reporting the problem.
- Fixed a rare crash bug thanks to a report and patch from Ganga Bhavani
- Increased a write buffer length to keep Nmap from quitting with the message "log_vwrite: write buffer not large enough -- need to increase". Thanks to Dave for reporting the issue.
- Cleaned up the Amiga port code to use atexit() rather than the previous macro hack. Thanks to Kris Katterjohn for the patch. Applied maybe half a dozen new other code cleanup patches from him as well.
- Made some changes to various Nmap initialization functions which help ALT Linux and Owl developers run Nmap in a chroot environment. Thanks to Dmitry V. Levin for the patch.
- Cleaned up the code a bit by making a bunch (nearly 100) global symbols (mostly function calls) static. I was also able to removed some unused functions and superfluous config.h.in defines. Thanks to Dmitry V. Levin for sending a list of candidate symbols.
- Nmap now tests for the existence of data files using stat(2) rather than testing whether they can be opened for reading (with fopen). This is because some device files (tape drives, etc.) may react badly to being opened at all. Thanks to Dmitry V. Levin for the suggestion.
- Changed Nmap to cache interface information rather than opening and closing it (with dnet's eth_open and eth_close functions) all the time.
- Applied a one-character Visual Studio 2005 compatibility patch from kx. It changed getch() into _getch() on Windows.
- Added the --log-errors option, which causes most warnings and error messages that are printed to interactive-mode output (stdout/stderr) to also be printed to the normal-format output file (if you specified one). This will not work for most errors related to bad command-line arguments, as Nmap may not have initialized its output files yet. In addition, some Nmap error/warning messages use a different system that does not yet support this option.
- Rewrote much of the Nmap results output functions to be more efficient and support --log-errors.
- Fixed a flaw in the scan engine which could (in rare cases) lead to a deadlock situation that prevents a scan from completing. Thanks to Ganga Bhavani for reporting and helping to debug the problem.
- If the pcap_open_live() call (initiates sniffing) fails, Nmap now tries up to two more times after waiting a little while. This is attempt to work around a rare bug on Windows in which the pcap_open_live() fails for unknown reasons.
- Fixed a flaw in the runtime interaction in which Nmap would include hosts currently being scanned in the number of hosts "completed" statistic.
- Fixed a crash in OS scan which could occur on Windows when a DHCP lease issue causes the system to lose its IP address. Nmap still quits, but at least it gives a proper error message now. Thanks to Ganga Bhavani for the patch.
- Applied more than half a dozen small code cleanup patches from Kris Katterjohn.
- Modified the configure script to accept CXX when specified as an absolute path rather than just the executable name. Thanks to Daniel Roethlisberger for this patch.
- Fixed a bug that would cause bogus reverse-DNS resolution on big-endian machines. Thanks to Doug Hoyte, Seth Miller, Tony Doan, and Andrew Lutomirsky for helping to debug and patch the problem.
- Fixed an important memory leak in the raw ethernet sending system. Thanks to Ganga Bhavani for identifying the bug and sending a patch.
- Fixed --system-dns option so that --system_dns works too. Error messages were changed to reflect the former (preferred) name. Thanks to Sean Swift and Peter VanEeckhoutte for reporting the problem.
- Fixed a crash which would report this message: "NmapOutputTable.cc:143: void NmapOutputTable::addItem(unsigned int, unsigned int, bool, const char*, int): Assertion `row < numRows' failed." Thanks to Jake Schneider for reporting and helping to debug the problem.
- Whenever Nmap sends packets with the SYN bit set (except for OS detection), it now includes the maximum segment size (MSS) tcp option with a value of 1460. This makes it stand out less as almost all hosts set at least this option. Thanks to Juergen Schmidt for the suggestion.
- Applied a patch for a Windows interface reading bug in the aDNS subsystem from Doug Hoyte.
- Minor changes to recognize DragonFly BSD in configure scripts. Thanks to Joerg Sonnenberger for sending the patch.
- Fixed a minor bug in an error message starting with "eth_send of ARP packet returned". Thanks to J.W. Hoogervorst for finding this.