Port 0 and NCAT (observation/proposal)

[Zibri]

ncat -lkp 0 works
but ncat hostname 0 does not.

also:
it would be interesting for testing purposes to be able to set port 0 as source port, but for nmap port 0 means "any port".

Can this be change to consider port 0 as a port?!

[dmiller-nmap]

Thanks for this report! You're right, Ncat currently refuses to attempt a connection to port 0. I will remove that restriction, since in my testing it appears to be capable of making a client connection to server port 0.

You said that ncat -lkp 0 works, but if you check the output of netstat, you'll see that Ncat is not actually listening on port 0. While the TCP spec does not specify any special handling for port 0, most socket implementations treat the port value 0 as a request to assign an ephemeral port when calling bind(2).

Nmap does not appear to have any problems using port 0 as a source port with -g0. Did you mean something else?

[Zibri]

Nope I mean that!Maybe I tested it wrongly but with -g0 it gets a random source port apparently.I will recheck now... sudo ncat -vvvlkp 0tcp 0 0 0.0.0.0:41895 0.0.0.0:* LISTEN 24869/ncat $ sudo ncat -g0 127.0.0.1 41895Ncat: Sorry, -g can only currently be used with IPv4. QUITTING. I think you meant -p and not -g sudo ncat -p 0 google.com 80tcp 0 0 192.168.43.99:43147 172.217.171.206:80 so.. I was wrong: for ncat port 0 equals ANY PORT. Would be nice to have it listen and transmit to/from port 0

…

On Thu, 2019-04-18 at 16:17 +0000, Daniel Miller wrote: Thanks for this report! You're right, Ncat currently refuses to attempt a connection to port 0. I will remove that restriction, since in my testing it appears to be capable of making a client connection to server port 0. You said that ncat -lkp 0 works, but if you check the output of netstat, you'll see that Ncat is not actually listening on port 0. While the TCP spec does not specify any special handling for port 0, most socket implementations treat the port value 0 as a request to assign an ephemeral port when calling bind(2). Nmap does not appear to have any problems using port 0 as a source port with -g0. Did you mean something else? — You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub, or mute the thread. {"api_version":"1.0","publisher":{"api_key":"05dde50f1d1a384dd78767c5 5493e4bb","name":"GitHub"},"entity":{"external_key":"github/nmap/nmap ","title":"nmap/nmap","subtitle":"GitHub repository","main_image_url":"https://github.githubassets.com/images/ email/message_cards/header.png","avatar_image_url":"https://github.gi thubassets.com/images/email/message_cards/avatar.png","action":{"name ":"Open in GitHub","url":"https://github.com/nmap/nmap"}},"updates":{ ***@***.*** in #1560: Thanks for this report! You're right, Ncat currently refuses to attempt a connection to port 0. I will remove that restriction, since in my testing it appears to be capable of making a client connection to server port 0.\r\n\r\nYou said that `ncat -lkp 0` works, but if you check the output of `netstat`, you'll see that Ncat is not actually listening on port 0. While the [TCP spec](https://tools.ietf .org/html/rfc793) does not specify any special handling for port 0, most socket implementations treat the port value 0 as a request to assign an ephemeral port when calling `bind(2)`.\r\n\r\nNmap does not appear to have any problems using port 0 as a source port with `-g0`. Did you mean something else?"}],"action":{"name":"View Issue","url":" #1560 (comment)"}}} [ { ***@***.***": "http://schema.org", ***@***.***": "EmailMessage", "potentialAction": { ***@***.***": "ViewAction", "target": "#1560 (comment) 78662", "url": "#1560 (comment) 62", "name": "View Issue" }, "description": "View this Issue on GitHub", "publisher": { ***@***.***": "Organization", "name": "GitHub", "url": "https://github.com" } } ]

[dmiller-nmap]

I see. You had said "nmap" not "ncat" when you mentioned source port, so that is what I was responding to. (-g is the source port option for Nmap).

Using a source port of 0 for either listen or connect mode will not be possible with existing socket implementations. Nmap is only able to do so because it uses raw sockets to build TCP packets directly, which is not something that is available for Ncat.

[Zibri]

Ooops.. yes, I meant ncat.
Well it would be nice to have it in ncat anyways. But I understand what you mean.