changelog

nmapp最强的扫描工具

  detection and the like.  This can be useful when Linux kernel
  capabilities or other systems are used that allow non-root users to
  perform raw packet or ethernet frame manipulation.  Without this
  flag or variable set, Nmap bails on UNIX if geteuid() is
  nonzero.

o Fixed Nmap compilation on Solaris x86 thanks to a patch from Simon
  Burr (simes(a)bpfh.net).

o ultra_scan() now sets pseudo-random ACK values (rather than 0) for
  any TCP scans in which the initial probe packet has the ACK flag set.
  This would be the ACK, Xmas, Maimon, and Window scans.

o Updated the Nmap version number, description, and similar fields
  that MS Visual Studio places in the binary.  This was done by editing
  mswin32/nmap.rc as suggested by Chris Paget (chrisp@ngssoftware.com)

o Fixed Nmap compilation on DragonFly BSD (and perhaps some other
  systems) by applying a short patch by Joerg Sonnenberger which omits
  the declaration of errno if it is a #define.

o Fixed an integer overflow that prevented Nmap from scanning
  2,147,483,648 hosts in one expression (e.g. 0.0.0.0/1).  Problem
  noted by Justin Cranford (jcranford(a)n-able.com).  While /1 scans
  are now possible, don't expect them to finish during your bathroom
  break.  No matter how constipated you are.

o Increased the buffer size allocated for fingerprints to prevent Nmap
  from running out and quitting (error message: "Assertion
  `servicefpalloc - servicefplen > 8' failed".  Thanks to Mike Hatz
  (mhatz(a)blackcat.com) for the report. [ Actually this was done in a
  previous version, but I forgot which one ]

o Changed from CVS to Subversion source control system (which
  rocks!). Neither repository is public (I'm paranoid because both CVS
  and SVN have had remotely exploitable security holes), so the main
  change users will see is that "Id" tags in file headers use the SVN
  format for version numbering and such.

Nmap 3.81

o Nmap now ships with and installs (in the same directory as other
  data files such as nmap-os-fingerprints) an XSL stylesheet for
  rendering the XML output as HTML.  This stylesheet was written by
  Benjamin Erb ( see http://www.benjamin-erb.de/nmap/ for examples).
  It supports tables, version detection, color-coded port states, and
  more.  The XML output has been augmented to include an
  xml-stylesheet directive pointing to nmap.xsl on the local
  filesystem.  You can point to a different XSL file by providing the
  filename or URL to the new --stylesheet argument.  Omit the
  xml-stylesheet directive entirely by specifying --no-stylesheet.
  The XML to HTML conversion can be done with an XSLT processor such
  as Saxon, Sablot, or Xalan, but modern browsers can do this on the
  fly -- simply load the XML output file in IE or Firefox.  Some
  features don't currently work with Firefox's on-the-fly rendering.
  Perhaps some Mozilla wizard can fix that in either the XSL or the
  browser itself.  I hate having things work better in IE :).  It is
  often more convenient to have the stylesheet loaded from a URL
  rather than the local filesystem, allowing the XML to be rendered on
  any machine regardless of whether/where the XSL is installed.  For
  privacy reasons (avoid loading of an external URL when you view
  results), Nmap uses the local filesystem by default.  If you would
  like the latest version of the stylesheet load from the web when
  rendering, specify 
  --stylesheet http://www.insecure.org/nmap/data/nmap.xsl .

o Fixed fragmentation option (-f).  One -f now sets sends fragments
  with just 8 bytes after the IP header, while -ff sends 16 bytes to
  reduce the number of fragments needed.  You can specify your own
  fragmentation offset (must be a multiple of 8) with the new --mtu
  flag.  Don't also specify -f if you use --mtu.  Remember that some
  systems (such as Linux with connection tracking) will defragment in
  the kernel anyway -- so test first while sniffing with ethereal.
  These changes are from a patch by Martin Macok
  (martin.macok(a)underground.cz).

o Nmap now prints the number (and total bytes) of raw IP packets sent
  and received when it completes, if verbose mode (-v) is enabled.  The
  report looks like:
  Nmap finished: 256 IP addresses (3 hosts up) scanned in 30.632 seconds
                 Raw packets sent: 7727 (303KB) | Rcvd: 6944 (304KB)

o Fixed (I hope) an error which would cause the Windows version of
  Nmap to abort under some circumstances with the error message
  "Unexpected error in NSE_TYPE_READ callback.  Error code: 10053
  (Unknown error)".  Problem reported by "Tony Golding"
  (biz(a)tonygolding.com).

o Added new "closed|filtered" state.  This is used for Idlescan, since
  that scan method can't distinguish between those two states.  Nmap
  previously just used "closed", but this is more accurate.

o Null, FIN, Maimon, and Xmas scans now mark ports as "open|filtered"
  instead of "open" when they fail to receive any response from the
  target port.  After all, it could just as easily be filtered as open.
  This is the same change that was made to UDP scan in 3.70.  Also as
  with UDP scan, adding version detection (-sV) will change the state
  from open|filtered to open if it confirms that they really are open.

o Fixed a bug in ACK scan that could cause Nmap to crash with the
  message "Unexpected port state: 6" in some cases.  Thanks to Glyn
  Geoghegan (glyng(a)corsaire.com) for reporting the problem.

o Change IP protocol scan (-sO) so that a response from the target
  host in any protocol at all will prove that protocol is open.  As
  before, no response means "open|filtered", an ICMP protocol
  unreachable means "closed", and most other ICMP error messages mean
  "filtered".

o Patched a Winpcap issue that prevented read timeouts from being
  honored on Solaris (thus slowing down Nmap substantially).  The
  problem report and patch were sent in by Ben Harris
  (bjh21(a)cam.ac.uk).

o Changed IP protocol scan (-sO) so that it sends valid ICMP, TCP, and
  UDP headers when scanning protocols 1, 6, and 17, respectively.  An
  empty IP header is still sent for all other protocols.  This should
  prevent the error messages such as "sendto in send_ip_packet:
  sendto(3, packet, 20, 0, 192.31.33.7, 16) => Operation not
  permitted" that Linux (and perhaps other systems) would give when
  they try to interpret the raw packet.  This also makes it more
  likely that these protocols will elicit a response, proving that the
  protocol is "open".

o The windows build now uses header and static library files from
  Winpcap 3.1Beta4.  It also now prints out the DLL version you are
  using when run with -d.  I would recommend upgrading to 3.1Beta4 if
  you have an older Winpcap installed.

o Nmap now prints a warning message on Windows if Winpcap is not found
  (it then reverts to raw sockets mode if available, as usual).

o Added an NTP probe and matches to the version detection database
  (nmap-service-probes) thanks to a submission from Martin
  Macok (martin.macok@underground.cz).

o Applied several Nmap service detection database updates sent in by
  Martin Macok (martin.macok(a)underground.cz).

o The XML nmaprun element now has a startstr attribute which gives the
  human readable calendar time format that a scan started.  Similarly
  the finished element now has a timestr attribute describing when the
  scan finished.  These are in addition to the existing nmaprun/start
  and finished/time attributes that provided the start and finish time
  in UNIX time_t notation.  This should help in development of
  XSLT stylesheets for Nmap XML output.

o Fixed a memory leak that would generally consume several hundred
  bytes per down host scanned.  While the effect for most scans is
  negligible, it was overwhelming when Scott Carlson
  (Scott.Carlson(a)schwab.com) tried to scan 24 million IPs
  (10.0.0.0/8).  Thanks to him for reporting the problem.  Also thanks
  to Valgrind ( http://valgrind.kde.org ) for making it easy to debug.

o Fixed a crash on Windows systems that don't include the iphlpapi
  DLL.  This affects Win95 and perhaps other variants.  Thanks to Ganga
  Bhavani (GBhavani(a)everdreamcorp.com) for reporting the problem and
  sending the patch.

o Ensured that the device type, os vendor, and os family OS
  fingerprinting classification values are scrubbed for XML compliance
  in the XML output.  Thanks to Matthieu Verbert
  (mve(a)zurich.ibm.com) for reporting the problem and sending a patch.

o Rewrote the host IP (target specification) parser for easier
  maintenance and to fix a bug found by Netris (netris(a)ok.kz)

o Changed to Nmap XML DTD to use the same xmloutputversion (1.01) as
  newer versions of Nmap.  Thanks to Laurent Estieux
  (laurent.estieux(a)free.fr) for reporting the problem.

o Fixed compilation on some HP-UX 11 boxes thanks to a patch by Petter
  Reinholdtsen (pere(a)hungry.com).

o Fixed a portability problem on some OpenBSD and FreeBSD machines
  thanks to a patch by Okan Demirmen (okan(a)demirmen.com).

o Applied Martin Macok's (martin.macok(a)underground.cz) "cosmetics
  patch", which fixes a few typos and minor problems.

Nmap 3.75

o Implemented a huge OS fingerprint database update.  The number of
  fingerprints increased more than 20% to 1,353 and many of the
  existing ones are much improved.  Notable updates include the fourth
  edition of Bell Lab's Plan9, Grandstream's BugeTone 101 IP Phone,
  and Bart's Network Boot Disk 2.7 (which runs MS-DOS).  Oh, and Linux
  kernels up to 2.6.8, dozens of new Windows fingerprints including XP
  SP2, the latest Longhorn warez, and many modified Xboxes, OpenBSD
  3.6, NetBSD up to 2.0RC4, Apple's AirPort Express WAP and OS X
  10.3.3 (Panther) release, Novell Netware 6.5, FreeBSD 5.3-BETA, a
  bunch of Linksys and D-Link consumer junk, the latest Cisco IOS 12.2
  releases, a ton of miscellaneous broadband routers and printers, and
  much more.

o Updated nmap-mac-prefixes with the latest OUIs from the IEEE.
  [ http://standards.ieee.org/regauth/oui/oui.txt ]

o Updated nmap-protocols with the latest IP protocols from IANA 
  [ http://www.iana.org/assignments/protocol-numbers ]

o Added a few new Nmap version detection signatures thanks to a patch
  from Martin Macok (martin.macok(a)underground.cz).

o Fixed a crash problem in the Windows version of Nmap, thanks to a
  patch from Ganga Bhavani GBhavani(a)everdreamcorp.com).

o Fixed Windows service scan crashes that occur with the error message
  "Unexpected nsock_loop error. Error code 10022 (Unknown error)".  It
  turns out that Windows does not allow select() calls with all three
  FD sets empty.  Lame.  The Linux select() man page even suggests
  calling "select with all three sets empty, n zero, and a non-null
  timeout as a fairly portable way to sleep with subsecond precision."
  Thanks to Gisle Vanem (giva(a)bgnett.no) for debugging help.

o Added --max_scan_delay parameter.  Nmap will sometimes increase the
  delay itself when it detects many dropped packets.  For example,
  Solaris systems tend to respond with only one ICMP port unreachable
  packet per second during a UDP scan.  So Nmap will try to detect
  this and lower its rate of UDP probes to one per second.  This can
  provide more accurate results while reducing network congestion, but
  it can slow the scans down substantially.  By default (with no -T
  options specified), Nmap allows this delay to grow to one second per
  probe.  This option allows you to set a lower or higher maximum.
  The -T4 and -T5 scan modes now limit the maximum scan delay for TCP
  scans to 10 and 5 ms, respectively.

o Fixed a bug that prevented RPC scan (-sR) from working for UDP ports
  unless service detection (-sV) was used.  -sV is still usually a
  better approach than -sR, as the latter ONLY handles RPC.  Thanks to
  Stephen Bishop (sbishop(a)idsec.co.uk) for reporting the problem and
  sending a patch.

o Fixed nmap_fetchfile() to better find custom versions of data files
  such as nmap-services.  Note that the implicitly read directory
  should be ~/.nmap rather than ~/nmap .  So you may have to move any
  customized files you now have in ~/nmap .  Thanks to nnposter
  (nnposter(a)users.sourceforge.net) for reporting the problem and
  sending a patch.

o Changed XML output so that the MAC address [address] element comes
  right after the IPv4/IPv6 [address] element.  Apparently this is
  needed to comply with the DTD (
  http://www.insecure.org/nmap/data/nmap.dtd ).  Thanks to Adam Morgan
  (adam.morgan(a)Q1Labs.com) and Florian Ebner
  (Florian.Ebner(a)e-bros.de) for the problem reports.

o Fixed an error in the Nmap RPM spec file reported by Pascal Trouvin
  (pascal.trouvin(a)wanadoo.fr)

o Fixed a timing problem in which a specified large --send_delay would
  sometimes be reduced to 1 second during a scan.  Thanks to Martin
  Macok (martin.macok(a)underground.cz) for reporting the problem.

o Fixed a timing problem with sneaky and paranoid modes (-T1 and -T0)
  which would cause Nmap to continually scan the same port and never
  hit other ports when scanning certain firewalled hosts.  Thanks to
  Curtis Doty (Curtis(a)GreenKey.net) for reporting the problem.

o Fixed a bug in the build system that caused most Nmap subdirectories
  to be configured twice.  Changing the variable holding the name of
  subdirs from $subdirs to $nmap_cfg_subdirs resolved the problem --
  configure must have been using that variable name for its own internal
  operations.  Anyway, this should reduce compile time significantly.

o Made a trivial change to nsock/src/nsock_event.c to work around a "a
  bug in GCC 3.3.1 on FreeBSD/sparc64".  I found the patch by digging
  around the FreeBSD ports tree repository.  It would be nice if the
  FreeBSD Nmap port maintainers would report such things to me, rather