1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 379 380 381 382 383 384 385 386 387 388 389 390 391 392 393 394 395 396 397 398 399 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 418 419 420 421 422 423 424 425 426 427 428 429 430 431 432 433 434 435 436 437 438 439 440 441 442 443 444 445 446 447 448 449 450 451 452 453 454 455 456 457 458 459 460 461 462 463 464 465 466 467 468 469 470 471 472 473 474 475 476 477 478 479 480 481 482 483 484 485 486 487 488 489 490 491 492 493 494 495 496 497 498 499 500 501 502 503 504 505 506 507 508 509 510 511 512 513 514 515 516 517 518 519 520 521 522 523 524 525 526 527 528 529 530 531 532 533 534 535 536 537 538 539 540 541 542 543 544 545 546 547 548 549 550 551 552 553 554 555 556 557 558 559 560 561 562 563 564 565 566 567 568 569 570 571 572 573 574 575 576 577 578 579 580 581 582 583 584 585 586 587 588 589 590 591 592 593 594 595 596 597 598 599 600 601 602 603 604 605 606 607 608 609 610 611 612 613 614 615 616 617 618 619 620 621 622 623 624 625 626 627 628 629 630 631 632 633 634 635 636 637 638 639 640 641 642 643 644 645 646 647 648 649 650 651 652 653 654 655 656 657 658 659 660 661 662 663 664 665 666 667 668 669 670 671 672 673 674 675 676 677 678 679 680 681 682 683 684 685 686 687 688 689 690 691 692 693 694 695 696 697 698 699 700 701 702 703 704 705 706 707 708 709 710 711 712 713 714 715 716 717 718 719 720 721 722 723 724 725 726 727 728 729 730 731 732 733 734 735 736 737 738 739 740 741 742 743 744 745 746 747 748 749 750 751 752 753 754 755 756 757 758 759 760 761 762 763 764 765 766 767 768 769 770 771 772 773 774 775 776 777 778 779 780 781 782 783 784 785 786 787 788 789 790 791 792 793 794 795 796 797 798 799 800 801 802 803 804 805 806 807 808 809 810 811 812 813 814 815 816 817 818 819 820 821 822 823 824 825 826 827 828 829 830 831 832 833 834 835 836 837 838 839 840 841 842 843 844 845 846 847 848 849 850 851 852 853 854 855 856 857 858 859 860 861 862 863 864 865 866 867 868 869 870 871 872 873 874 875 876 877 878 879 880 881 882 883 884 885 886 887 888 889 890 891 892 893 894 895 896 897 898 899 900 901 902 903 904 905 906 907 908 909 910 911 912 913 914 915 916 917 918 919 920 921 922 923 924 925 926 927 928 929 930 931 932 933 934 935 936 937 938 939 940 941 942 943 944 945 946 947 948 949 950 951 952 953 954 955 956 957 958 959 960 961 962 963 964 965 966 967 968 969 970 971 972 973 974 975 976 977 978 979 980 981 982 983 984 985 986 987 988 989 990 991 992 993 994 995 996 997 998 999 1000 1001 1002 1003 1004 1005 1006 1007 1008 1009 1010 1011 1012 1013 1014 1015 1016 1017 1018 1019 1020 1021 1022 1023 1024 1025 1026 1027 1028 1029 1030 1031 1032 1033 1034 1035 1036 1037 1038 1039 1040 1041 1042 1043 1044 1045 1046 1047 1048 1049 1050 1051 1052 1053 1054 1055 1056 1057 1058 1059 1060 1061 1062 1063 1064 1065 1066 1067 1068 1069 1070 1071 1072 1073 1074 1075 1076 1077 1078 1079 1080 1081 1082 1083 1084 1085 1086 1087 1088 1089 1090 1091 1092 1093 1094 1095 1096 1097 1098 1099 1100 1101 1102 1103 1104 1105 1106 1107 1108 1109 1110 1111 1112 1113 1114 1115 1116 1117 1118 1119 1120 1121 1122 1123 1124 1125 1126 1127 1128 1129 1130 1131 1132 1133 1134 1135 1136 1137 1138 1139 1140 1141 1142 1143 1144 1145 1146 1147 1148 1149 1150 1151 1152 1153 1154 1155 1156 1157 1158 1159 1160 1161 1162 1163 1164 1165 1166 1167 1168 1169 1170 1171 1172 1173 1174 1175 1176 1177 1178 1179 1180 1181 1182 1183 1184 1185 1186 1187 1188 1189 1190 1191 1192 1193 1194 1195 1196 1197 1198 1199 1200 1201 1202 1203 1204 1205 1206 1207
|
# Nmap Changelog ($Id: CHANGELOG,v 1.93 2002/02/15 07:03:03 fyodor Exp $)
Nmap 2.54BETA31
o Added ICMP Timestamp and Netmask ping types (-PP and -PM). These
(especially timestamp) can be useful against some hosts that do not
respond to normal ping (-PI) packets.
o Documented the --data_length option and made it work with all the
ICMP ping types (echo request, netmask, and timestamp).
o Added check for strings.h before including it in portlist.c . This
fixes a compilation problem on some versions of Windows. Problem
first noted by "Michael Vorin" <mvorin@hotmail.com>
o Applied patch from Andy Lutomirski (Luto@myrealbox.com) which fixes
a crash on some Windows platforms when timeouts occur.
o Fixed "grepable output" (-oG) so that it prints IPID sequence class
rather than printing the TCP ISN sequence index twice. Problem
noted by Russell Fulton (r.fulton@auckland.ac.nz)
o Added mysterious, undocumented --scanflags option.
o Applied patch from Andy Lutomirski (Luto@myrealbox.com) which fixes
some important Windows bugs. Apparently this can cause a dramatic
speedup in some circumstances. The patch had other misc. changes
too.
o Fix bug noted by Chris V (iselldrugstokidsonline@yahoo.com) in which
Nmap could segmentation fault with the (bogus) command: './nmap -sO
-p 1-65535 hostname' (protocol only can go up to 255). That being
said, Nmap should never segfault just because of bogus options.
o Fixed problem noted by Maximiliano (emax25@arnet.com.ar) where Nmap
would get stuck in a (nearly) infinate loop when you try to "resume"
an random host (-iR) scan.
o Included a number of fingerprint updates, but I still have many more
web submissions to go through. Also made some nmap-services
portlist updates.
o Included a bunch of fixes (mostly to prevent compiler warnings) from
William McVey (wam@cisco.com)
Nmap 2.54BETA30
o Added a Document Type Definition (DTD) for the Nmap XML output
format (-oX) to the docs directory. This allows validating parsers
to check nmap XML output files for correctness. It is also useful
for application programmers to understand the XML output structure.
The DTD was written by William McVey (wam@cisco.com) of Cisco Secure
Consulting Services ( http://www.cisco.com/go/securityconsulting ).
o Merged in a number of Windows fixes/updates from Andy Lutomirski
(Luto@myrealbox.com)
o Merged in fixes/updates (mostly to the Windows functionality) from
Matt Hargett (matt@use.net)
o Applied patch by Colin Phipps (cph@netcraft.com) which correctly
encodes special characters in the XML output.
o Applied patch by William McVey (wam@cisco.com) which adds the uptime
information printed with -O to the XML output format.
o Fixed byte-order bug in Windows packet matching code which caused
-PS and -PT to fail. Bug found and patch sent by Tim Adam
(tma@osa.com.au)
o Fixed segfault problem with "-sU -F". Nobody reported this until I
noticed it :(. Anytime you see "Segmentation Fault" in the latest
version of Nmap, it is probably a bug -- please mail me the command
you used, the OS/platform you are running on, and whether it is
reproducable.
o Added a convenience option "-oA (basefilename)". This tells Nmap to
log in ALL the major formats (normal, grepable, and XML). You give
a base for the filename, and the output files will be base.nmap,
base.gnmap, and base.xml.
o Documented the --append_output option which tells Nmap to append
scan results to any output files you have specified rather than
overwriting the files.
o Integrate TIMEVAL_SEC_SUBTRACT() fix by Scott Renfro (scott@renfro.org)
which improves timing accuracy.
** 2.54BETA29
o Integrated William McVey's multi-portlist patch. This allows you to
specify different port numbers when scanning both TCP & UDP. For
example, if you want to UDP for 53,111 and 137 while TCP scanning
for 21-25,80,139,515,6000,8080 you could do: nmap -sSU -p
U:53,111,137,T:21-25,80,139,515,6000,8080 target.com . Prior to
this patch, you had to either use different Nmap executions or scan
both UDP & TCP of each port. See the man page for more usage info.
o Added/updated a bunch of fingerprints, including Windows XP release
candidates #1 & #2, OpenBSD 2.9, various home gateways/cable modem,
MacOS X 10.0.4, Linux 2.4.7, Guantlet Firewall 4.0a, a few Cisco
routers, and, most importantly, the Alcatel Advanced Reflexes IP
Phone :). Many other fingerprints were updated as well.
o Found and fixed some relatively major memory leaks based on reports
sent in by H D Moore (hdm@secureaustin.com), mugz
(mugz@x-mafia.org), and Steven Van Acker (deepstar@ulyssis.org)
o Applied patch from Chad Loder (chad_loder@rapid7.com) which improves
random target host selection (-iR) by excluding more undesirable
addresses.
o Fixed portscan timing bug found by H D Moore (hdm@secureaustin.com).
This bug can occur when you specify a --max_rtt_timeout but not
--initial_rtt_timeout and then scan certain firewalled hosts.
o Fixed port number printing bug found by "Stephen Leavitt"
<stephen_j_leavitt@hotmail.com>
o The Nmap source tarball now extracts with more lenient permissions
(sometimes world-readable or world-executable, but never
world-writable). If you don't want this, set your umask to 077
(which is what I do). Suggested by Line Printer (lps@rahul.net)
** 2.54BETA28
o I hope that I have fixed the Libpcap "Unknown datalink type" problem that
many people reported. If you still receive this error, please send
me the following info:
1) Full output of Nmap including the command you typed
2) What OS/OS version you are using
3) What type of interface is the scan going through (PPP, ISDN, ethernet,
PPPoE, etc)
4) Whether you compiled from source or used the RPM version
o Hopefully fixed Libpcap lex/yacc generated file problem that
plagued a few folks.
o Various minor fixes/changes/updates
** 2.54BETA27
o Fixed bug that caused "adding open port" messages to be printed even
when verbose mode was not specified. (patch sent by Doug Hoyte (
dugely@yahoo.com ).
o Fixed bug in zombie:port option parsing in Idlescan as well a few
other bugs in patch sent by Germano Caronni (gec@acm.org)
o Fixed Windows compilation (I broke it when I added Idlescan).
o Fixed a (Win32 only) port identification bug which would cause some
ports to be listed as "unknown" even when Nmap should know their
name. This was found at patched by David Griffiths
(davidg@intrinsica.co.uk).
o Fixed more nmap-os-fingerprints syntax/grammar violations found by
Raymond Mercier of VIGILANTe
o Fixed a memory leak in Nbase str*casecmp() functions by applying
patch sent by Matt (matt@use.net). I plan to kill this whole
strcasecmp.c file as soon as possible (it is a mess).
** 2.54BETA26
o Added Idlescan (IPID blind scan). The usage syntax is
"-sI <zombie>".
o Fixed a bunch of fingerprints that were corrupt due to violations of
the fingerprint syntax/grammar (problems were found by Raymond
Mercier of VIGILANTe )
o Fixed command-line option parsing bug found
by "m r rao" (mrrao@del3.vsnl.net.in )
o Fixed an OS fingerprinting bug that caused many extra packets to be
sent if you request a lot of decoys.
o Added some debug code to help diagnose the "Unknown datalink type"
error. If Nmap is giving you this error, please send the following
info to fyodor@insecure.org : 1) The full output from Nmap
(including the command arguments) 2) What OS and OS version are you
using 3) What type of adaptor are you using (modem, ethernet, FDDI,
etc)
o Added a bunch of IDS sensor/console/agent port numbers from
Patrick Mueller (pmueller@neohapsis.com)
** 2.54BETA25
o Added a whole bunch of new OS fingerprints (and adjustments) ranging
from big important ones (Linux 2.4.X, OpenBSD 2.9, FreeBSD 4.3,
Cisco 12.2.1, MacOS X, etc) to some that are more obscure ( such as
Apple Color LaserWriter 12/660 PS and VirtualAccess LinxpeedPro 120 )
o Upgraded Libpcap to the latest version (0.6.2) from tcpdump.org. I
modified the build system slightly by shipping pre-generated
scanner.c/grammer.c (instead of using lex/yacc) and I also upgraded
to the newest config.sub/config.guess .
o Fixed some issues with the new Libpcap under Linux (patches will be
sent to the developers).
o Added "All zeros" IP.ID sequence classification to account for the
new Linux 2.4 scheme which seems to use 0 whenever the DF bit is set
(probably a good idea).
o Tweaked TCP Timestamp and IP.ID sequence classification algorithms
** 2.54BETA24
o Fixed compilation problems on MacOS X publis release. Thanks to
Nicolas Dawson (nizcolas@myrealbox.com) for securing an account for
me.
o On the suggestion of the ever-helpful LaMont Jones (lamont@hp.com),
I obtained the newest config.guess/config.sub from
http://subversions.gnu.org/cgi-bin/cvsweb/config and made
libpcap/nbase use symlinks rather than copeis of the file
o Applied patch from LaMont Jones (lamont@hp.com) which makes Nmap
compatable with gcc 3.0 (apparently printf() is a macro in that
version)
o Applied patch from Colin Phipps (cph@netcraft.com) which fixes a
problem that kept UDP RPC scanning from working unless you were also
doing a TCP scan.
o Applied a patch from Chris Eagle (cseagle@redshift.com) which fixes
Windows compilation (I broke it with a recent change).
o Updated Lithuanian translation of man page based on a newer version sent
by Aurimas Mikalauskas (inner@crazy.lt)
o Killed carriage returns in nmap.c and nmapfe.c, which caused
problems for some (SGI) compilers. Problem noted by Artur
Niederstebruch (artur@sgi.com)
o Updated to latest version of rpc program number list, maintained by
Eilon Gishri (eilon@aristo.tau.ac.il)
o Fixed a quoting bug in the Nmap man page found by
Rasmus Andersson <rasmus@pole-position.org>
o Applied RPM spec file changes from "Benjamin Reed"
(ranger@befunk.com) which allows you to avoid building the frontend
by adding "--define frontend 0" to the build command (eg --rebuild,
--ba, etc).
** 2.54BETA22
-- Eliminated usage of u_int32_t (was causing compilation errors on
some Sun and HP boxes). Problem first noted by Nick Munger
(nmunger@Oswego.EDU) and Ralf Hildebrandt
(Ralf.Hildebrandt@innominate.com) and Antonin Sprinzl
(Antonin.Sprinzl@tuwien.ac.at)
-- Defined integer-width typedefs such as u32/s32/u16/etc. in Nbase.
Went through much of the Nmap code and substituted these in where
correct lengths are important (port numbers, IP addresses, etc).
** 2.54BETA21
-- Cleaned up a few build/distribution issues that were reported
by LaMont Jones (lamont@hp.com)
-- Fixed compiler warning noted by Gabor Z. Papp (gzp@papp.hu) )
** 2.54BETA20
-- Added TCP Timestamp sequence checking for OS detection and
Netcraft-style uptime tests.
-- Found and fixed (I hope) byte alignment problem which was causing
bus errors on SPARC64 ( reported by H D Moore (hdm@secureaustin.com)
and Matthew Franz (mfranz@cisco.com) )
-- Apple Darwin (Mac OS X) 1.2 portability patch from
Rob Braun <bbraun@synack.net>
-- Added IPID sequence number predictability report (also now used in
OS detection).
-- Show actual IPID, TCP ISN, and TCP timestamp values in XML format
output rather than just the cooked results.
-- Suppress IPID and TCP ISN predictability report unless you use -v
(you need -O as well).
-- Applied Solaris 8 compilation fixes from Germano Caronni
( gec@acm.org )
-- Applied configure.in variable name typo fixes from Christian
Weisgerber (naddy@openbsd.org)
-- Applied some more changes from Andy Lutomirski (Luto@mailandnews.com)
which provides better detection and reporting from some heinous errors.
-- Added -n and -R (always/never DNS resolve) options to the man page.
** 2.54BETA19
-- I ported NmapFE to Windows so that Win32 users can use the
graphical interface. It generally works, although I haven't tested
much. Patches welcome!
-- Various little fixes and cleanups, especially to the Windows port.
-- Applied patch from Andy Lutomirski (Luto@mailandnews.com) which
enhances some of the Win* error messages and adds the --win_trace
debugging option.
-- Applied some patches from Jay Freeman (saurik@saurik.com)
-- New --data_length option adds indicated number of random data
bytes to send with scan packet and tcp ping packet (does not
currently work with ICMP ping packet). Does not affect OS
detection, RPC, or connect() scan packets.
-- Windows portability fixes
-- Various other little fixes.
-- Renamed rpc.h and error.h because they conflict with Windows
include files. By the way, this was a pain to figure out because
VC++ is such a crappy compiler! It basically just says problem in
"foobar.h" without giving you any idea how foobar.h got included!
gcc gives you a nice message tracing the chain of include files!
** 2.54BETA16
-- Upgraded to latest version of Winpcap ( 2.1-beta )
-- Merged in Windows port code from Ryan Permeh ( ryan@eeye.com) and
Andy Lutomirski ( Luto@mailandnews.com ).
-- Took out C++ compiler test from nbase configure script. It was
inserted accidently, but I found it interesting that only 2 people
complained about this causing them problems. I guess most everyone
already has C++ compilers.
-- Applied patch from Steve Bleazard (steve@bleazard.com) which fixed
bug in internal Smoothed Round Trim Time calculations.
-- Fixed CFLAGS computation error in configure. Problem discovered
and patched by Fredrik Lundholm (exce7@ce.chalmers.se)
-- Added more debugging code for "Unknown datalink type" error -- if
you get this, please send me the full error msg including hex values.
-- Added Portuguese man page translations from Antonio Pires de Castro
Junior (apcastro@ic.unicamp.br).
-- Capitalized all references to God in error messages.
** Version 2.54BETA7
-- Applied patch from Hubert Feyrer
(hubert.feyrer@informatik.fh-regensburg.de) which adds support for
the new NetBSD DLT_PPP_* types.
-- Updated to Eilon Gishri's (eilon@aristo.tau.ac.il) newest version
of nmap-rpc at ftp://ftp.tau.ac.il/pub/users/eilon/rpc/rpc
-- Moved a bunch of the scanning engine related functions to new files
(scan_engine.c and scan_engine.h ). Timing functions were moved to
the new timing.c/timing.h . Other stuff was shifted to
tcpip.c/tcpip.h. At some point, nmap.c will only contain the Nmap
command line UI.
-- Updated Russian version of man page from Alex Volkov (topcat@nm.ru)
** Version 2.54BETA6
-- Added XML output (-oX). Hopefully this will help those of you
writing Nmap front ends and other tools that utilize Nmap. The
"machine-readable" output has been renamed "grepable" (-oG) to
emphasize that XML is now the preferred machine-readable output
format. But don't worry if your tool uses -oM , that format (and
the deprecated -oM flag) won't go away any time soon (if ever).
-- Applied patch from Stefan Rapp <s.rapp@hrz.uni-dortmund.de> which fixes
a variable argument integer promotion problem in the new snprintf
compatability file. This is important for Redhat 7 systems.
-- Reorganized output-related routines so that they now reside in
output.c & output.h. Let me know if I accidently screwed up the
behavior of any scan types in the process.
** Version 2.54BETA5
-- Revamped the 'compatability libraries' subsystem. Moved all of
that to a new library called 'libnbase' and changed Nmap and NmapFE
to use that. I included a better version of *snprintf and some
other compatability files. Obviously I cannot test these changes
on every whacked OS that needs this compatability cruft, so please
let me know if you run into compilation problems.
-- Fixed a problem found by Martyn Tovey <martyn@netcraft.com> when
using Nmap on platforms that dislike division by zero.
-- Removed 128.210.*.* addresses from Nmap man page due to complaints
from Purdue security staff.
-- Fixed FreeBSD (some versions) compilation problem found by Martyn
Tovey <martyn@netcraft.com>
** Version 2.54BETA4
-- Upgraded to the very latest Libpcap version ( the 9/3/00 CVS
snapshot ). This version is from the tcpdump.org group rather than
the Lawrence Livermore crew. The most important advantage is Linux
Socket Filter support (so you won't have that annoying syslog
message about Nmap using the obsolete SOCK_PACKET interface).
-- I tried to install Nmap on yet another machine without lex/yacc or
flex/bison. That was the last straw! I am now shipping the
generated C files, which eliminates the lex/yacc requirement.
-- Applied patch by Jay Freeman (saurik) <saurik@saurik.com> to make
Nmap C++-clean (this was lot of tedious work! Thanks!). Note that
Nmap still uses a normal C compiler by default, but Nmap
derivatives may appreciate C++ compatability. Note that this only
applies to "Nmap proper", not libpcap.
-- Added a HACKING file for people who want to help with Nmap
development. It describes preferred patch formats, development
resources, and offers a number of useful changes that would likely
be accepted into the main tree.
-- Fixed a configure.in error found by Vacuum
(vacuum@technotronic.com) which could cause compilation errors.
-- Fingerprint file adjustments for better Win* detection
-- Ensure libpcap is not configured and/or installed if you already
have a "new enough" version (0.4a6+) installed.
-- Included Italian translation of Nmap man page from Giorgio Zoppi
<deneb@supereva.it> .
-- Fixed a SYN scan problem that could cause a major slowdown on some
busy networks.
-- Fixed a crash problem in NmapFE reported by sverre ( sverre@gmx.net )
-- Added an "SInfo" line to most printed fingerprints. It looks
similar to this:
SInfo(V=2.54BETA4%P=i686-pc-linux-gnu%D=9/4%Time=9681031%O=7%C=1)
and contains information useful when fingerprints are reported
(Nmap version/platform, scan date, and open/closed ports used)
-- Fixed RPCGrind (-sR) scan. It has been almost completely broken
since 2.54BETA2 (which has been out for two weeks) and nobody
reported it! I noticed the problem myself during testing of
something else. I am disappointed that nobody bothered to even let
me know that this was broken. Does anyone even use RPC Scan?
-- Various other small fixes/improvements
** Version 2.54BETA3
-- Went through and added/adjusted a bunch of fingerprints. A lot of
people submitted Windows Millenium Edition (WinME) beta
fingerprints, but nobody submitted IPs for them. So please let me
know if this version detects your WinME boxes.
-- Applied NmapFE patch from Michael Fischer v. Mollard <mfvm@gmx.de>
which made did the following:
-- Added delete event so that NmapFE always quits when you kill it
with your window manager
-- added the menubar to the vbox instead to the fixed widget
-- Various small fixes/improvements
** Version 2.54BETA2
-- Added a shortcut which can make single port SYN scans of a network
much faster. For example, if a new sendmail vulnerability is
found, this reduces the time it takes to scan your whole network
for port 25. This shortcut takes effect when you do "-PS<port> -sS
-p<port>". For example 'nmap -n -sS -p25 -PS25 24.0.0.0/8". This
optimization doubled the scan speed in a 30,000 IP test I performed.
-- Added -sL (List scan). Just as ping scan (-sP) allows you to short
circuit the scan right after pinging, -sL allows you to short
circuit the scan right after target selection. This allows you to
see what hosts WOULD be scanned without actually doing it. The
hosts will be resolved unles you use -n. Primary uses:
1) Get all the IPs in a network (like A.B.C.D/16) and take out
machines that are too fragile to be scanned safely before
calling Nmap with the new list (using -iL).
2) Test that a complex spec like 128.4,5,7-9.*.7 does what you
expect before actual scanning.
3) When all you want to do is resolve a bunch of IPs.
4) You just want results of a zone transfer (if it is implemented).
-- Added some new fingerprints and adjusted some others based on
submissions to the DB (I still have a lot more to go through so
don't worry if your submission is still not detected).
-- Added a warning when you scan 0 hosts (eg "nmap -v"). There are
various other output tweaks as well.
-- Insured that 0.0.0.0 can be scanned by nmap (although on some OSs, like
Linux, it won't work due to what seem to be kernel bugs). Oh
well. I'll look into it later.
** Version 2.54BETA1
-- Added an extremely cool scan type by Gerhard Rieger ( rieger at
iue.tuwien.ac.at ) -- IP Protocol scanning. Basically it sends a
bunch of IP headers (no data) with different "protocol" fields to
the host. The host then (usually) sends back a protocol
unreachable for those that it does not support. By exclusion, nmap
can make a list of those that are supported. This is similar in
concept to (and is implemented using most of the same scanning
routines as) UDP scanning. Note that some hosts do not send back
protocol unreachables -- in that case all protocols will appear
"open".
-- Fixed an uninitialized variable problem in NmapFE (found by Alvin
Starr (alvin at iplink.net )
-- Fixed a packaging problem that lead to the Nmap man page being
included twice in the .tgz .
-- Fixed dangling nroff include in xnmap man page (noted by Debian
Nmap package maintainer LaMont Jones (lamont@security.hp.com)
-- Give a warning when no targets at all are specified
-- Updated 'make uninstall' so that it deletes all relevant files
-- Included latest nmap-rpc from Eilon Gishri (eilon at aristo.tau.ac.il)
-- Eliminated -I. from Nmap's and NmapFE's makefiles (suggested by
"Jay Freeman (saurik)" (saurik at saurik.com)
-- Added Russian documentation by Alex Volkov
-- Added Lithuanian documentation from Aurimas Mikalauskas (inner at dammit.lt)
** Version 2.53
-- Fixed a commenting issue that could cause trouble for non-GNU compilers
(first found by Jan-Frode Myklebust (janfrode at parallab.uib.no))
-- A few new services to nmap-services
** Version 2.52
-- Added very simple man pages for xnmap/nmapfe (lack of man pages for
these was noticed by LaMont Jones (lamont (at) hp.com), the Debian
Nmap package maintainer, based on bug report by Adrian Bunk (bunk
(at) fs.tum.de ).
-- Fixed a "Status: Down" machine name output problem in machine
parseable logs found by Alek O. Komarnitsky ( alek (at) ast.lmco.com )
-- Took some wierd files out of the doc directory (cd, grep , vi, and
.swp)
-- Fixed some typos found by Thomas Klausner ( wiz (at)
danbala.ifoer.tuwien.ac.at )
-- Updated nmap-rpc with new entries found in the latest version of Eilon
Gishri's rpc list.
** Version 2.51
-- Fixed target parsing bug found by Steve Horsburgh (shorsburgh (at)
horsburgh.com).
-- Changed makefile/rpm to store fingerprint, rpc, and services file
in $prefix/share/nmap rather than $prefix/lib/nmap , since these
files are architecture independent. You should now use
./configure --datadir instead of ./configure --libdir to change
the default location. Suggested by Thomas Klausner ( wiz (at)
danbala.ifoer.tuwien.ac.at ).
-- I am now including Eilon Gishri's (eilon (at) aristo.tau.ac.il) rpc
number list (which he recently merged with the Nmap 2.50 rpc list).
-- Included Spanish and French HTML versions of the Nmap man page (may
not always be up to date).
** Version 2.50
-- Fixed an IP calculation error which could occur in some cases where
you scan machines on different devices (like lo and eth0). This
problem was discoved by Jonathan Fine (jfine@psu.edu).
-- Fixed a problem that could, in rare cases, cause a SYN scan scan to
crash (the error message was "attempt to add port number X with
illegal state 0"). This problem was reported by Erik Benner
(erik@xyzzy.net)
-- Changed the .spec file so that RPM versions create a xnmap link to
nmapfe ( the normal make install has done this for a long time ).
** Version 2.3BETA21
-- A number of people reported problems with nmapfe in various
environments (specifically gdk errors, hangs, and crashes). I
think that is now fixed. Let me know if you still have the problem
(make sure the title bar says BETA21).
-- Added a bunch of OS fingerprints based on all the contributions in
the last month or so.
-- Fixed a bug that completely broke RPC scanning in BETA19.
-- Added list of ports scanned near the top of each machine log WHEN
-v was specified. Here is an example of the format:
# Ports scanned: TCP(13;1-10,22,25) UDP(0;)
The "13" above is the number of TCP ports being scanned.
-- Got rid of a snprintf() from nmapfe sine some systems don't have it
:( and I'm to lazy to integrate in the snprintf that comes with
nmap right now.
-- Fixed important target IP range parsing bug found by Jean-Yves
Simon ( lethalwp@linuxbe.org ).
-- Applied patch by albert chin (china at thewrittenword.com) which
adds --with-libpcap[=DIR] option to configure and and adds an
elegant approach for -lnsl and -lsocket checking to configure .
-- Fixed a bug which could cause Nmap to mark a port filtered based on ICMP
dest. unreachable packets relating to a different host than the one
being scanned.
-- Fixed output problem relating to ident scan noted by Peter
Marschall ( peter.marschall at mayn.de )
-- Applied patch to services.c by Andrew Brown (atatat@atatdot.net)
which prevents some useless debugging (-d) output when reading some
kindss of /etc/services files.
-- Added "Host: [machinename] (ip) Status: Down" to machine logs when
the verbose option is given (just like down hosts are reported to
stdout when verbose is given). Suggested by Alek Komarnitsky.
-- Applied NetBSD compatability patch provided by Mipam (reinoud at
ibbnet.org) which changes an autoconf macro to check for
getopt_long_only instead of getopt_long.
-- Nmap used to print an inaccuracy warning when no open TCP ports
were found on the target machine. Due to a bug, this was not
always being printed. Problem found by Matt (matt at use.net) and
Ajay Gupta2 (Ajay.Gupta2 at ey.com).
-- Added the number of ports in the ignored state right after the
state name in machine parseable logs. It used to looke like:
"Ignored State: closed" whereas now it looks like:
"Ignored State: closed (1508)" Meaning that 1508 ports were closed
and thus are not specifically enumerated.
-- Changed all nmapfe calls to gdk_font_load into gdk_fontset_load .
Bennett Feitell (bfeitell at panix.com) suggested that this fixed
some nmapfe font problems.
** Version 2.3BETA20
-- Applied patch sent in by s.rapp@hrz.uni-dortmund.de which fixes a
memory alignment bug in osscan.c which could cause core dumps on
machines which require aligned access (like SPARC).
-- Fixed a compilation problem on machines that do not have MAP_FAILED
defined (as a return value to mmap). Problem noted by Phil
Stracchino <alaric@babcom.com>.
** Version 2.3BETA19
-- Tweaked the output so that it now tells how many ports are not
shown and what state the ignored ports are in. This info could be
inferred before by people who had studied the manpage, but now the
info is explicitly available. I cleaned up a bunch of stuff
internally to make this happen. I hope I didn't break anything!
-- Changed NmapFE so that it always kills any running Nmap process
when you press exit. Problem noted by Marc Renner
(mrenner (at) ci.marysville.wa.us)
-- Apparently some Linux (glibc) systems now come with a "strcasestr"
function. So I have made autoconf look for this and use the native
version if supported. (problem noted by Sami Farin
(sfarin (at) ratol.fi)).
-- Added a new attribute "Ignored State: xxx" to the machine parseable
logs, where xxx is the state (closed, filtered, or UNfiltered) that
is being ignored. Ports in that state are not listed (they weren't
listed in earlier versions either). Perhaps I should list ALL
ports for machine parseable output. Opinions?
-- Merged in a patch sent in by Mipam (reinoud (at) ibbnet.org) which is
apparently part of the OpenBSD Nmap "port". Although Nmap seems to
work fine for me on my OpenBSD 2.4 box, a couple OpenBSD users have
complained of problems. Hopefully this will help. (it adds
DLT_LOOP and DLT_ENC offset cases when reading from libpcap).
-- A few really minor bugfixes.
** Version 2.3BETA18
-- Fixed a very important bug that occurred when SYN scanning
localhost. Many thanks to Dries Schellekens (
gwyllion (at) ace.ulyssis.student.kuleuven.ac.be ) for first reporting
the problem.
-- Uros Prestor from TurboLinux informed us that the latest
versions of Nmap work with Linux on the upcoming Intel
Merced/Itanium IA-64 processors. He also said that the TurboLinux
distribution includes Nmap. Kudos to them! As well as the other
distros that support Nmap (Debian, Red Hat, Suse, Trinux) and of
course FreeBSD, NetBSD, & OpenBSD. Does anyone know if Nmap ships
with the latest from Mandrake or Corel? The latest Solaris
includes some Free software. If anyone can get them to ship Nmap,
I will buy you a case of beer :).
-- Added a #define to change vsnprintf to vsprintf on machines which
do not support the former (mostly Solaris 2.5.1 and earlier). This
function is less safe. For people who care about security, we
recommend an upgrade to Solaris 8 (or Linux/*BSD).
-- Changed the NmapFE version to 0.<nmap_version> rather than always
leaving it at 0.9.5 (which was confusing). Thanks to J.D.K. Chipps
(jdkc (at) woptura.com) for noticing this.
-- Added support for "-vv" (means the same as "-v -v"). Older
versions of Nmap supported it (noted by George Kurtz).
** Version 2.3BETA17
-- Added ACK scanning. This scan technique (which van Houser and
others have been bugging me to add for years :), is great for
testing firewall rulesets. It can NOT find open ports, but it can
distinguish between filtered/unfilterd by sending an ACK packet to
each port and waiting for a RST to come back. Filtered ports will
not send back a RST (or will send ICMP unreachables). This scan
type is activated with -sA .
-- Documented the Window scan (-sW) which Lamont Granquist added in
September 99.
-- Added a whole bunch of OS fingerprints that people have submitted.
-- "Protocol" field in output eliminated. It is now printed right
next to the number (/etc/services style). Like "22/tcp". I wonder
what I should put in the extra white space this leaves on the
report :).
-- Added --resume option to continue a large network scan where you
left off. This is useful for recovering from errors (modem drops
carrier, network outage, etc). It also allows you to start and
stop for policy reasons (like if a client only wants you to scan on
weekends or at night) or if you want to run the scan on a different
host. Usage is 'nmap --resume logfile' where logfile can be either
normal (-oN) or machine parseable (-oM) logfile from the scan that
was aborted. No other options can be given (the options in the
logfile from the original scan will be used). Nmap will start off
with the host after the last one successfully scanned in the log
file.
-- Added --append_output option which causes -oN/-oM/-oS to APPEND to
the output file you specify rather than overwriting it.
-- Various internal code cleanup, makefile fixes, etc.
-- Changed version number from 2.3BETA* to 2.30BETA* to appease
various packaging systems that thought 2.3BETA was < 2.12 .
-- Nmap output to files now correctly flushes output after scanning
for each host is finished.
-- Fixed compiler -L flags error found by Ralf Hildebrandt
<R.Hildebrandt (at) tu-bs.de>
-- Fixed configure scripts so that options you give to the Nmap
configure (like --prefix ) are also passed to the nmapfe configure
script. This problem was noted by Ralf Hildebrandt
<R.Hildebrandt (at) tu-bs.de>. While I was at it, I added some other
cleanups to the system.
-- Added --noninteractive option for when nmap is called from scripts
(where stuff like prompting users for info is unacceptable). It
does not currently do anything (Nmap never prompts) and script
writers should probably wait until at least May '2000 so their
scripts still work with earlier versions of Nmap.
-- Updated to the latest config.guess and config.sub from Autoconf 2.13
-- Applied patch by Sven <s.carstens (at) gmx.de> which fixes a segmentation
fault problem in Nmapfe colored mode as well as some output niceties.
-- Changed some C++ comments to C-style for portability (noticed by
"Sergei V. Rousakov" <sergei (at) cas.Vanderbilt.Edu> )
** Version 2.3BETA14
-- Peter Kosinar <goober (at) gjh.sk> performed some cleanup of the output
routines and as a bonus he added skript kiddie output mode!!! Try
it out by adding "-oS - " to your nmap command line. Note that
using '-' to represent stdout instead of a filename is something
you can do with any of the output modes.
-- Ensured that Nmap always gives up on ident scan after the first
port attempt finds it to be closed (problem noticed by Matt
<matt (at) use.net>)
-- Changed strsep's in nmapfe to more portable strtok's (should
especially help Nmapfe compiles on Solaris)
-- Changed permutation algorithm to make port order and host order
shuffling more random.
-- Various minor changes and internal code cleanup.
-- Fixed integer overflow that was limiting the max --host_timeout value
to about 2,000,000 milliseconds (~1/2 hour). The limit is now
about 4,000,000,000 milliseconds (~1 month). I really hope you don't
need more than that :).
** Version 2.3BETA13
-- I made Nmap smarter about detecting filtering during UDP, Xmas,
NULL, and FIN scans.
-- Updated Nmapfe to 0.9.5 (+ a patch from NmapFE author Zach Smith)
-- Fixed a problem where NmapFE would fail to honor $PATH (Noticed
by K. Scott Rowe <kscott (at) nmt.edu>)
-- Added a couple ICMP unreachable messages Nmap was missing (found by
Bifrost <bifrost (at) minions.com>).
-- Internal cleanup that improves the way some port lists are stored.
-- Added some more RPC numbers from <mmmorris (at) netscape.net>
-- Relaxed the dependency requirements of nmapfe rpm (now will accept
any version of Nmap).
** Version 2.3BETA12
-- Added interactive mode which adds convenience for managing nmap
sessions and also enhances privacy. Get to it with --interactive
and then type 'h' for help.
-- Added/modified many fingerprints including the latest 2.3.X Linux
releases, the latest Win2000 builds, the Apple Airport Wireless
device, and several dozen more.
-- Migrated to RPM .spec file sent in by Tim Powers
<timp (at) redhat.com>. That is the file they will be using to package
Nmap with the power tools CD in the next Redhat release. The most
important changes are that Nmap (only the RPM version) now installs
in /usr/* instead of /usr/local/* and the frontend is now
dynamically linked with GTK and comes in a separate rpm.
-- The -i (input from list) option has been deprecated. From now on
you should use -iL <filename> to read from a list or -iR to have
Nmap generate random IPs to scan. This -iR option is new.
-- The -o and -m options have been deprecated. From now on, you
should use -oN for normal (human readable) output and -oM for
machine parseable output. At some point I might add -oH (HTML
output) or -oSK (sKr|pt |<iDdi3 0uTPut).
-- Added --randomize_hosts option, which causes hosts be be scanned in
non-sequential order. This makes scans less conspicuous. For
efficiency reasons, the hosts are chopped into groups of 2048 and
then each group is internally shuffled (the groups still go in
order).
-- Rearranged the help ('nmap -h' or 'nmap' or 'nmap --help') screen
to be shorter (37 -> 23 lines!) and include some of the new
features of this release. The man page was updated as well.
-- Fixed longstanding bug where nmap -sS mylocalnetwork/24 would not
successfully scan the host running nmap.
-- Internal improvements to make scanning faster with -i (input list)
or when you specify multiple machines on the command line.
-- Uses faster GCD algorithm and fixed several typos (sent in by Peter
Kosinar).
-- Provide more information in machine/human readable output files
(start time, end time, RPC program name, Nmap version number)
-- Killed the -A option (if you don't know what that is then you won't
miss it. In fact, even if you do know what it is you won't miss
it.)
** Version 2.3BETA10
-- Added about 70 new OS fingerprints so that Nmap can detect more
systems. The most important new fingerprints are probably:
* The new SP5+ NT boxes -- After all these years MS FINALLY made
sequence prediction harder (on NT anyway).
* Solaris 8 Pre-Release
* Sega Dreamcast (Hack that!)
* Latest Windows 2000 builds
* OpenBSD 2.6
** Version 2.3BETA9
-- Applied patch by Mark Abene (Phiber Optik) to fix several type
length issues so that it works on Linux/Alpha.
-- Applied patch by Matthieu Verbert <mve (at) zurich.ibm.com> to speed up OSScan
** Version 2.3Beta8
-- Added "firewall mode" timing optimizations which can decrease the
ammount of time neccessary to SYN or connect scan some heavily
filtered hosts.
-- Added min_rtt_timeout timing option (see man page for details)
-- Changed "TCP Ping" to use a random ACK value rather than 0 (an IDS
called Snort was using this to detect Nmap TCP Pings).
-- Some changes for better Alpha/Linux support based on investigation
by Bill Beers <wbeers (at) carolina.rr.com>
-- Applied changes for FDDI support by Tobias J. Nijweide <tobias (at) mesa.nl
-- Applied a socket binding patch from LaMont Jones <lamont (at) security.hp.com>
which can be useful when using -S to specify one of multiple interfaces
on a machine.
-- Made OS detection smart enough to first check scan results for a known
closed port instead of immediately resorting to a random one. This
improves OS detection against some machines behind packet
filters. (suggested by van Hauser)
-- Applied a shortcut suggestion by Thomas Reinke which can lead to
a tremendous speedup against some firewalled hosts.
-- Added some ports commonly used for RPC to nmap-services
-- Fixed a problem with the timing of an RPC scan (could come before
the UDP scans they rely on)
-- Added a number of new ports to nmap-services
** Version 2.3Beta6 **
-- Added sophisticated timing controls to give the user much more
control over Nmap's speed. This allows you to make Nmap much more
aggressive to scan hosts faster, or you can make Nmap more "polite"
-- slower but less likely to wreak havoc on your Network. You can
even enforce large delays between sending packets to sneak under
IDS thresholds and prevent detection. See the new "Timing Options"
section of the Nmap man page for more information on using this.
-- Applied Lamont Granquist's <lamontg (at) u.washington.edu> Window
scan patch (I changed the name from ACK scan to Window scan since I
may add another scan that uses ACK packets and I don't want them to
be confused). -sW activates this scan type. It is mostly
effective against BSD, AIX, Digital UNIX, and various older HP/UX,
SunOS, and VAX. (See nmap-hackers mailing list archives for an
extensive list).
-- Added various long options people expect to see like --version ,
--help , --usage , etc. Some of the new timing options are also
long. I had to add getopt_long C files since most non-Linux boxes
don't support getopt_long in libc.
-- Human readable (-o) output changed to include the time/date of the
scan. Suggested by van Hauser.
** Version 2.3-Beta5 ***
-- Changed RPC output based on suggestions by David O'Brien
<obrien (at) NUXI.com> and Lance Spitzner <lance (at) spitzner.net>. I got
rid of the "(Non-RPC)" unnecessary clutter which appeared after
each non RPC port and the "(untested)" that appeard after each
"filtered" port.
-- Added a ton of new OS fingerprints people submitted. I had about
400 in my inbox. Of course, almost 100 of them were submissions for
www.windows2000test.com :).
-- Changed the machine parseable output of RPC information to include
the version information. If we figured out the RPC info, it is now
provided as "program-num*lowversion-highversion". If we didn't get
the number, but we think the port is RPC, the field simply contains
"R". If we believe the port is NOT RPC, then the field contains
"N". If the field is empty, we did not RPC scan the port. Thanks
to H D Moore <nlog (at) ings.com> for making me aware how much the
earlier machine parseable RPC logging sucked :).
*** Version 2.3-Beta4 ***
-- Added direct (non-portmapper) RPC scanning to determine what RPC
program is listening on a particular port. This works for UDP and
TCP ports and is currently implemented using sockets (which means
you can't use decoys, but on the other hand you don't have to be
root). Thanks go to ga <ga (at) capyork.com> for writing sample code to
demonstrate the technique. The RPC services list included with
nmap was compiled by Vik Bajaj <vbajaj (at) sas.upenn.edu> with help
from various members of the nmap-hackers list.
-- Fixed a problem that could cause freezes when you
scan machines on at least two different types of interfaces as part
of the same command.
-- Identified and found workaround for Linux kernel bug which allows
connect() to sometimes succeed inapropriately when scanning closed
ports on localhost.
-- Fixed problems relating to people who specify the same port more
than once on the command line. While the right answer is "well,
don't do that!", I decided to fix nmap to handle this gracefully.
-- Tweaked UDP scanning to be more effective against Solaris ICMP
error limiting.
-- Fixed strtol() integer overflow problem found by Renaud
Deraison <deraison (at) cvs.nessus.org>
-- The HTML translation of the Man page at
http://www.insecure.org/nmap/nmap_manpage.html should now be
complete (man2html was dropping lines before).
-- Added a note in the man page that Nmap 2.0+ is believed to be
COMPLETELY Y2K COMPLIANT! I've been getting a lot of letters from
laywers about that recently. You should still be able to port scan on
Jan 1st (well ... as long as you have electricity and gangs of looting
thugs haven't stolen your computers :)
*** Version 2.2-Beta4 ***
-- Integrated nmapfe code from Zach Smith to allow
the nmapfe output window to resize when you resize the nmapfe window.
-- Integrated patch sent in by Stefan Erben <stefan (at) erben.com> which
allows nmap to recognize and ignore null interfaces. If you were
getting a bogus error like "eth0 not found in /proc/net/route" then
this should solve your problem.
-- Applied patch from Alexander Savelyev <fano (at) ham.kiev.ua> which
gives nmap the parameters necessary to support SLIP and PPP on BSDI
systems.
-- Upgraded to a new version of shtool (1.2.3)
*** Version 2.2-Beta3 ***
-- Adopted Ralf S. Engelschall's excellent shtool script
for simplifying the nmap makefile and making it more portable
-- Various other minor changes to nmapfe.
*** Version 2.2-Beta2 ***
-- Cleaned up build environment more, fixed up RPM and Makefile.in,
eliminated the automake stuff.
-- Added nmapfe feature to show nmap command as you change options
-- Changed nmapfe to use a global MyWidgets struct rather than
tons of global vars all over the place.
-- Made nmapfe much smarter about rejecting stupid option attempts.
It now tries to correct things when you specify illegal options.
-- GTK+ 1.0 compatibility fixes
-- Integrated nmapfe changes from Zach
*** Version 2.2-BETA1 Changes ***
-- Integrated in nmapfe -- a cool front end wrottem by Zach Smith <matrxweb (at) hotmail.com>
*** Version 2.12 Changes ***
-- Changed the way tcp connect() scan determines the results of a
connect() call. Hopefully this will make nmap a little more
portable.
-- Got rid of the security warning message for people who are missing
/dev/random and /dev/urandom due to complaints about the warning.
This only silences the warnings -- it still uses relatively weak
random number generation under Solaris and other systems that lack
this functionality.
-- Eliminated pow() calls on Linux boxes. I think some sort of glibc
bug was causing nmap to sigsegv in some cases inside of pow().
Most people weren't affected, but those who were would almost
always SIGSEGV with -O.
-- Fixed an rpm problem noted by Mark Smith <marks (at) senet.com.au>
*** Version 2.11 Changes ***
-- Many new fingerprints added. I received more than 300 submissions
between this release and the last one.
-- Fixed IRIX problems which prevented OS scanning from working on
that platform. The problem was researched and solution found by
Lamont Granquist <lamontg (at) u.washington.edu>. You can also thank
him for porting nmap to almost every UNIX around.
-- Added support for '-m -' to redirect machine readable logs to
stdout for shell pipelining, etc. I also changed machine readable
output to show service names now that we use a nmap specific
services file rather than /etc/services. These features were
suggested by Dan Farmer. You can also thank him for SATAN (the
auditing tool).
-- Fixed a link-list bug that could cause hangs in UDP,FIN,NULL, and
XMAS scans. Also fixed a ptr problem that could cause SIGSEGV.
These problem were discovered and tracked down by Ben Laurie
<ben (at) algroup.co.uk>. You can also thank him for Apache, OpenSSL,
and Apache-SSL.
-- Fixed installation problem for people without a /usr/local/man/man1
directory. Found by Jeffrey Robertson <a-jeffro (at) microsoft.com>.
I guess you can thank him for Win98 ;).
-- Several other little fixes to the installation script and minor
scanner tweaks.
*** Version 2.10 Changes ***
-- Private test release
*** Version 2.09 Changes ***
-- Private test release
*** Version 2.08 Changes ***
-- Bugfix for problem that can cause nmap to appear to "freeze up" for long
periods of time when run on some busy networks. (found by Lamont Granquist)
*** Version 2.07 Changes ***
-- Fixed a lockup on Solaris (and perhaps other proprietary UNIX
systems) caused by a lack of /dev/random & /dev/urandom and a
rand() that only returns values up to 65535. Users of Free
operating systems like Linux, FreeBSD, or OpenBSD probably
shouldn't bother upgrading.
***Version 2.06 Changes***
-- Fixed compile problems on machines which lack snprintf() (found by Ken
Williams <jkwilli2 (at) unity.ncsu.edu>)
-- Added the squid proxy to nmap-services (suggested by Holger Heimann)
-- Fixed a problem where the new memory allocation system was handing out
misaligned pointers.
-- Fixed another memory allocation bug which probably doesn't cause any
real-life problems.
-- Made nmap look in more places for nmap-os-fingerprints
***Version 2.05 Changes***
-- Tons of new fingerprints. The number has grown by more than 25%.
In particular, Charles M. Hannum <root (at) ihack.net> fixed several
problems with NetBSD that made it easy to fingerprint and he sent me
a huge new batch of fingerprints for various NetBSD releases down to
1.2. Other people sent NetBSD fingerprints down to 1.0. I finally
got some early Linux fingerprints in (down to 1.09).
-- Nmap now comes with its own nmap-services which I created by
merging the /etc/services from a bunch of OS' and then adding
Netbus, Back Orifice, etc.
-- Random number generation now takes advantage of the /dev/urandom or
/dev/random that most Free operating systems offer.
-- Increased the maximum number of OS guesses nmap will make, told
nmap never to give you two matches where the OS names are
byte-to-byte equivalent. Fixed nmap to differentiate between "no
OS matches found" and "too many OS matches to list".
-- Fixed an information leak in the packet TTL values (found by
HD Moore <hdmoore (at) usa.net>)
-- Fixed the problem noted by Savva Uspensky about offsets used for
various operating systems' PPP/SLIP headers. Due to lack of
responses regarding other operating systems, I have made
assumptions about what works for BSDI, NetBSD, and SOLARIS. If
this version no longer works on your modem, please let me know (and
tell me whether you are using SLIP/PPP and what OS you are
running).
-- Machine parseable logs are now more machine parseable (I now use a
tab to seperate test result fields rather than the more ambiguous
spaces. This may break a few things which rely on the old format.
Sorry. They should be easy to fix.
-- Added my nmap-fingerprintinting-article.txt to the distribution in
the docs directory.
-- Fixed problem where nmap -sS <my_ethernet_or_ppp_ip_address> would
not correctly scan localhost (due to the kernel rerouting the
traffic through localhost). Nmap should now detect and work around
this behavior.
-- Applied patch sent to my by Bill Fenner <fenner (at) parc.xerox.com>
which fixes various SunOS compatibility problems.
-- Changed the makefile 'all' target to use install-sh rather than
mkdir -p (doesn't work on some systems)
-- Documentation updated and clarified slightly.
-- Added this CHANGELOG file to the distribution.
|