Join GitHub today
Nmap does not respect probe timeout #1339
I'm having trouble with nmap complaining about ping probes getting dropped even though I can see the probe responses. This has the effect of slowing down the scan speed.
Here is an example :
We can see that nmap sends ping probes using tcp port 53.
If we specify
I have tested nmap from the ubuntu repositories (7.60) and from github master (7.70SVN).
I'll be glad to provide more information if you need.
After a big debugging session, I finally got the root cause.
If we follow the trace, we find that the buffer time is specified as the last parameter to my_pcap_open_live() (scan_engine_raw.cc) :
In my case, I get 200ms which is of course too much given that the default rtt timeout is 100ms.
Anyway, I hope this has been useful.
Thanks for this detailed report! Can you please include the output of
Thanks for your answer.
Here is the full version :
I can confirm that using
However, I tried once more with the system-wide version of libpcap to see why it didn't work :
configure gives me this :
config.log tells me more :
Obviously, we see that we miss "-lpcap" in the gcc flags.
The culprit is here :
The default action of AC_CHECK_LIB is to updates $LIBS if the library is found.
As a quick and dirty fix, I added -lpcap to LIBS and I can confirm that it works great with the system-wide version of libpcap !
Oh, I see! Yeah, when using system-provided libpcap, we need to check if immediate mode is available, but for the purposes of the test it's not even linking with libpcap, so that test will always be false. It's not "breaking" our build because it's semi-functional without that, but obviously it's not working properly. I'll get a fix in right away! Thanks!