changelog

Overview是Linux,FreeBSD,UNIX,Windows下的网络扫描和嗅探工 具包,其基本功能有三个,一是探测一组主机是否在线 其次是扫描 主机端口,嗅探所提供的网络服务 还可以推断主机

o Fixed XML output so that the opening [os] tag is printed again.  The
  line which prints this was somehow removed when NSE was integrated.
  Thanks to Joshua Abraham for reporting the problem.

o Fixed a small bug in traceroute progress output which didn't
  properly indicate completion. [Kris]

o Fixed a portability problem related to the new traceroute
  functionality so that it compiles on Mac OS X.  Thanks to Christophe
  Thil for reporting the problem and sending the 1-line fix.

o Updated nmap-mac-prefixes to include the latest MAC prefix (OUI)
  data from the IEEE as of March 20, 2007.

4.21ALPHA3

o Just fixed a packaging problem with the 4.21ALPHA2 release (thanks
  to Alan Jones for reporting it).

4.21ALPHA2

o Performed a huge OS detection submission integration marathon.  More
  than 500 submissions were processed, increasing the 2nd generation
  OS DB size 65% to 381 fingerprints.  And many of the existing ones
  were improved.  We still have a bit more than 500 submissions (sent
  after January 16) to process.  Please keep those submissions coming!

o Integrated all of your Q32006 service fingerprint submissions.  The
  nmap-service-probe DB grew from 3,671 signatures representing 415
  service protocols to 3,877 signatures representing 426 services.  Big
  thanks to version detection czar Doug Hoyte for doing this.  Notable
  changes are described at http://hcsw.org/blog.pl?a=20&b=20 .

o Nmap now has traceroute support, thanks to an excellent patch by
  Eddie Bell. The new system uses Nmap data to determine which sort of
  packets are most likely to slip through the target network and
  produce useful results.  The system is well optimized for speed and
  bandwidth efficiency, and the clever output system avoids repeating
  the same initial hops for each target system.  Enable this
  functionality by specifying --traceroute.

o Nmap now has a public Subversion (SVN) source code repository.  See
  the announcement at http://seclists.org/nmap-dev/2006/q4/0253.html
  and then the updated usage instructions at
  http://seclists.org/nmap-dev/2006/q4/0281.html .

o Fixed a major accuracy bug in gen1 OS detection (some debugging code
  was accidentally left in).  Thanks to Richard van den Berg for finding
  the problem.

o Changed the IP protocol scan so that it sends proper IGMP headers when
  scanning that protocol.  This makes it much more likely that the host
  will respond, proving that it's "open".  [Kris]

o Improved the algorithm for classifying the TCP timestamp frequency
  for OS detection.  The new algorithm is described at
  http://insecure.org/nmap/osdetect/osdetect-methods.html#osdetect-ts .

o Fixed the way Nmap detects whether one of its data files (such as
  nmap-services) exists and has permissions which allow it to be read.

o Added a bunch of nmap-services port listings from Stephanie Wen.

o Update IANA assignment IP list for random IP (-iR) generation.
  Thanks to Kris Katterjohn for the patch.

o Fix nmap.xsl (the transform for rendering Nmap XML results as HTML)
  to fix some bugs related to OS detection output.  Thanks to Tom
  Sellers for the patch.

o Fixed a bug which prevented the --without-liblua compilation option
  from working.  Thanks to Kris Katterjohn for the patch.

o Fixed a bug which caused nmap --iflist to crash (and might have
  caused crashes in other circumstances too).  Thanks to Kris
  Katterjohn for the report and Diman Todorov for the fix.

o Applied a bunch of code cleanup patches from Kris Katterjohn.

o Some scan types were fixed when used against localhost. The UDP Scan
  doesn't find it's own port, the TCP Scan won't print a message (with -d)
  about an unexpected packet (for the same reason), and the IPProto Scan
  won't list every port as "open" when using --data-length >= 8.  [Kris]

o The IPProto Scan should be more accurate when scanning protocol 17 (UDP).
  ICMP Port Unreachables are now checked for, and UDP is listed as "open"
  if it receives one rather than "open|filtered" or "filtered".  [Kris]

o The --scanflags option now also accepts "ECE", "CWR", "ALL" and "NONE" as
  arguments.  [Kris]

o The --packet-trace option was added to NmapFE.  The Ordered Ports (-r)
  option in now available to non-root users on NmapFE as well. [Kris]

4.21ALPHA1

o Integrated the Nmap Scripting Engine (NSE) into mainline Nmap.
  Diman Todorov and I have been working on this for more than six months, and
  we hope it will expand Nmap's capabilities in many cool ways.  We're
  accepting (and writing) general purpose scripts to put into Nmap
  proper, and you can also write personal scripts to deal with issues
  specific to your environment.  The system is documented at
  http://insecure.org/nmap/nse/ .

o Updated nmap-mac-prefixes to reflect the latest OUI DB from the IEEE
  (http://standards.ieee.org/regauth/oui/oui.txt) as of December 7.

4.20

o Integrated the latest OS fingerprint submissions.  The 2nd
  generation DB size has grown to 231 fingerprints.  Please keep them
  coming!  New fingerprints include Mac OS X Server 10.5 pre-release,
  NetBSD 4.99.4, Windows NT, and much more.

o Fixed a segmentation fault in the new OS detection system
  which was reported by Craig Humphrey and Sebastian Garcia.

o Fixed a TCP sequence prediction difficulty indicator bug. The index
  is supposed to go from 0 ("trivial joke") to about 260 (OpenBSD).
  But some systems generated ISNs so insecurely that Nmap went
  berserk and reported a negative difficulty index.  This generally
  only affects some printers, crappy cable modems, and Microsoft
  Windows (old versions).  Thanks to Sebastian Garcia for helping me
  track down the problem.

4.20RC2

o Integrated all of your OS detection submissions since RC1.  The DB
  has increased 13% to 214 fingerprints.  Please keep them coming!
  New fingerprints include versions of z/OS, OpenBSD, Linux, AIX,
  FreeBSD, Cisco CatOS, IPSO firewall, and a slew of printers and
  misc. devices.  We also got our first Windows 95 fingerprint,
  submitted anonymously of course :).

o Fixed (I hope) the "getinterfaces: intf_loop() failed" error which
  was seen on Windows Vista.  The problem was apparently in
  intf-win32.c of libdnet (need to define MIB_IF_TYPE_MAX to
  MAX_IF_TYPE rather than 32).  Thanks to Dan Griffin
  (dan(a)jwsecure.com) for tracking this down!

o Applied a couple minor bug fixes for IP options
  support and packet tracing.  Thanks to Michal Luczaj
  (regenrecht(a)o2.pl) for reporting them.

o Incorporated SLNP (Simple Library Network Protocol) version
  detection support.  Thanks to Tibor Csogor (tibi(a)tiborius.net) for
  the patch.

4.20RC1

o Fixed (I hope) a bug related to Pcap capture on Mac OS X.  Thanks to
  Christophe Thil for reporting the problem and to Kurt Grutzmacher
  and Diman Todorov for helping to track it down.

o Integrated all of your OS detection submissions since ALPHA11.  The
  DB has increased 27% to 189 signatures.  Notable additions include
  the Apple Airport Express, Windows Vista RC1, OpenBSD 4.0, a Sony
  TiVo device, and tons of broadband routers, printers, switches, and
  Linux kernels.  Keep those submissions coming!

o Upgraded the included LibPCRE from version 6.4 to 6.7.  Thanks to
  Jochen Voss (voss(a)seehuhn.de) for the suggestion (he found some bugs
  in 6.4)

4.20ALPHA11

o Integrated all of your OS detection submissions, bringing the
  database up to 149 fingerprints.  This is an increase of 28% from
  ALPHA10.  Notable additions include FreeBSD 6.1, a bunch of HP
  LaserJet printers, and HP-UX 11.11.  We also got a bunch of more
  obscure submissions like Minix 3.1.2a and "Ember InSight Adapter for
  programming EM2XX-family embedded devices".  Who doesn't have a few
  of those laying around?  I'm hoping that all the obscure submissions
  mean that more of the mainstream systems are being detected out of
  the box!  Please keep those submissions (obscure or otherwise)
  coming!

4.20ALPHA10

o Integrated tons of new OS fingerprints.  The DB now contains 116
  fingerprints, which is up 63% since the previous version.  Please keep
  the submissions coming!

4.20ALPHA9

o Integrated the newly submitted OS fingerprints. The DB now contains
  71 fingerprints, up 27% from 56 in ALPHA8.  Please keep them coming!
  We still only have 4.2% as many fingerprints as the gen1 database.

o Added the --open option, which causes Nmap to show only open ports.
  Ports in the states "open|closed" and "unfiltered" might be open, so
  those are shown unless the host has an overwhelming number of them.

o Nmap gen2 OS detection used to always do 2 retries if it fails to
  find a match.  Now it normally does just 1 retry, but does 4 retries
  if conditions are good enough to warrant fingerprint submission.
  This should speed things up on average.  A new --max-os-tries option
  lets you specify a higher lower maximum number of tries.

o Added --unprivileged option, which is the opposite of --privileged.
  It tells Nmap to treat the user as lacking network raw socket and
  sniffing privileges.  This is useful for testing, debugging, or when
  the raw network functionality of your operating system is somehow
  broken.

o Fixed a confusing error message which occured when you specified a
  ping scan or list scan, but also specified -p (which is only used for
  port scans).  Thanks to Thomas Buchanan for the patch.

o Applied some small cleanup patches from Kris Katterjohn

4.20ALPHA8

o Integrated the newly submitted OS fingerprints.  The DB now contains
  56, up 33% from 42 in ALPHA7.  Please keep them coming!  We still only
  have 3.33% as many signatures as the gen1 database.

o Nmap 2nd generation OS detection now has a more sophisticated
  mechanism for guessing a target OS when there is no exact match in the
  database (see http://insecure.org/nmap/osdetect/osdetect-guess.html )

o Rewrote mswin32/nmap.rc to remove cruft and hopefully reduce some
  MFC-related compilation problems we've seen.  Thanks to KX
  (kxmail(a)gmail.com) for doing this.

o NmapFE now uses a spin button for verbosity and debugging options so
  that you can specify whatever verbosity (-v) or debugging (-d) level
  you desire.  The --randomize-hosts option was also added to NmapFE.
  Thanks to Kris Katterjohn for the patches.

o A dozen or so small patches to Nmap and NmapFE by Kris Katterjohn.

o Removed libpcap/Win32 and libpcap/msdos as Nmap doesn't use them.
  This reduces the Nmap tar.bz2 by about 50K.  Thanks to Kris Katterjohn
  for the suggestion.

4.20ALPHA7

o Did a bunch of Nmap 2nd generation fingerprint integration work.
  Thanks to everyone who sent some in, though we still need a lot more.
  Also thanks to Zhao for a bunch of help with the integration tools.
  4.20ALPHA6 had 12 fingerprints, this new version has 42.  The old DB
  (still included) has 1,684.

o Updated nmap-mac-prefixes to reflect the latest OUI DB from the IEEE
  (http://standards.ieee.org/regauth/oui/oui.txt) as of September 6, 2006.
  Also added the unregistered PearPC virtual NIC prefix, as suggested
  by Robert Millan (rmh(a)aybabtu.com).

o Applied some small internal cleanup patches by Kris Katterjohn.

4.20ALPHA6

o Fixed a bug in 2nd generation OS detection which would (usually) prevent
  fingerprints from being printed when systems don't respond to the 1st
  ICMP echo probe (the one with bogus code value of 9).  Thanks to
  Brandon Enright for reporting and helping me debug the problem.

o Fixed some problematic Nmap version detection signatures which could
  cause warning messages. Thanks to Brandon Enright for the initial patch.

4.20ALPHA5

o Worked with Zhao to improve the new OS detection system with
  better algorithms, probe changes, and bug fixes.  We're
  now ready to start growing the new database!  If Nmap gives you
  fingerprints, please submit them at the given URL.  The DB is still
  extremely small.  The new system is extensively documented at
  http://insecure.org/nmap/osdetect/ .

o Nmap now supports IP options with the new --ip-options flag.  You
  can specify any options in hex, or use "R" (record route), "T"
  (record timestamp), "U") (record route & timestamp), "S [route]"
  (strict source route), or "L [route]" (loose source route).  Specify
  --packet-trace to display IP options of responses.  For further
  information and examples, see http://insecure.org/nmap/man/ and
  http://seclists.org/nmap-dev/2006/q3/0052.html .  Thanks to Marek
  Majkowski for writing and sending the patch.

o Integrated all 2nd quarter service detection fingerprint
  submissions.  Please keep them coming!  We now have 3,671 signatures
  representing 415 protocols.   Thanks to version detection czar Doug
  Hoyte for doing this.

o Nmap now uses the (relatively) new libpcap pcap_get_selectable_fd
  API on systems which support it.  This means that we no longer need
  to hack the included Pcap to better support Linux.  So Nmap will now
  link with an existing system libpcap by default on that platform if
  one is detected.  Thanks to Doug Hoyte for the patch.

o Updated the included libpcap from 0.9.3 to 0.9.4.  The changes I
  made are in libpcap/NMAP_MODIFICATIONS .  By default, Nmap will now
  use the included libpcap unless version 0.9.4 or greater is already
  installed on the system.

o Applied some nsock bugfixes from Diman Todorov.  These don't affect
  the current version of Nmap, but are important for his Nmap
  Scripting Engine, which I hope to integrate into mainline Nmap in