-
Notifications
You must be signed in to change notification settings - Fork 2.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Nmap does not respect probe timeout #1339
Comments
After a big debugging session, I finally got the root cause. If we follow the trace, we find that the buffer time is specified as the last parameter to my_pcap_open_live() (scan_engine_raw.cc) :
In my case, I get 200ms which is of course too much given that the default rtt timeout is 100ms. Anyway, I hope this has been useful. Regards. |
Thanks for this detailed report! Can you please include the output of |
Thanks for your answer. Here is the full version :
I can confirm that using However, I tried once more with the system-wide version of libpcap to see why it didn't work : configure gives me this :
config.log tells me more :
Obviously, we see that we miss "-lpcap" in the gcc flags. The culprit is here :
The default action of AC_CHECK_LIB is to updates $LIBS if the library is found. As a quick and dirty fix, I added -lpcap to LIBS and I can confirm that it works great with the system-wide version of libpcap ! |
Oh, I see! Yeah, when using system-provided libpcap, we need to check if immediate mode is available, but for the purposes of the test it's not even linking with libpcap, so that test will always be false. It's not "breaking" our build because it's semi-functional without that, but obviously it's not working properly. I'll get a fix in right away! Thanks! |
Fixed in e483615. |
Hi !
I'm having trouble with nmap complaining about ping probes getting dropped even though I can see the probe responses. This has the effect of slowing down the scan speed.
After a little investigation, I think there might be a bug in the way nmap handles ping timeouts.
Here is an example :
We can see that nmap sends ping probes using tcp port 53.
It looks like each probe sent gets a response quite fast (~2ms).
Since the minimum rtt timeout is 100ms, nmap should wait at least this amount of time before declaring that a probe is lost.
But we can see that nmap does not wait, and declares the ping as "DROPPED" before the response comes back.
If we specify
--min-rtt-timeout 1000ms
in the command line, we don't get DROPPED pings anymore.I have tested nmap from the ubuntu repositories (7.60) and from github master (7.70SVN).
I'll be glad to provide more information if you need.
Regards.
The text was updated successfully, but these errors were encountered: