Weekly Edition
Return to the Development page
| |||||||||||||
|
| |||||||||||||
Nmap 5.00 released
The 5.00 release of the Nmap security
scanner is out. "Considering all the changes, we consider this the
most important Nmap release since 1997, and we recommend that all current
users upgrade." Those changes include the new ncat and ndiff tools, improved performance, and a new scripting engine.
(Log in to post comments)
Nmap 5.00 released Posted Jul 16, 2009 19:06 UTC (Thu) by fyodor (guest, #3481) [Link] Thanks for mentioning the new release, and I hope my fellow LWN members enjoy it! We've also made major improvements to the Zenmap GUI and results viewer. But if I had to pick one thing, I think I'm most excited about Ncat. I find myself using it every day now for one thing or another.
Nmap 5.00 released Posted Jul 16, 2009 19:09 UTC (Thu) by dankamongmen (subscriber, #35141) [Link]
Thanks for the (as always) excellent work, Fyodor! ncat sounds a lot like socat -- what was socat missing that ncat brings to the table?
Nmap 5.00 released Posted Jul 16, 2009 20:53 UTC (Thu) by nix (subscriber, #2304) [Link]
A short and comprehensible manpage? A set of options short enough that
people learning it don't die of starvation before they're finished?
socat is amazing, but it's pretty much the Emacs of netcats.
Nmap 5.00 released Posted Jul 16, 2009 23:09 UTC (Thu) by drag (subscriber, #31333) [Link]
Ya...
I find quite a large number of what should be very good and high quality open source projects that are just utterly and completely useless do to shitty, out of date, or non-existent documentation.
Just a rant. A side note.
Just a reminder to myself a others.. the quality of your documentation is more important then the quality of your code.
Nmap 5.00 released Posted Jul 17, 2009 10:35 UTC (Fri) by nix (subscriber, #2304) [Link]
Oh, there's nothing wrong with socat's documentation. It's just that if you print the manpage out it's 40 pages long. It has *so many* options that trying to find the one you want is quite painful, even though they're all fairly regular. The options had to be classified along multiple dimensions to make sense of them...
(I picked Emacs for a reason: it too has excellent documentation and is huge.)
Nmap 5.00 released Posted Jul 17, 2009 18:20 UTC (Fri) by quotemstr (subscriber, #45331) [Link]
socat is nice (aside from the massive set of options). The feature of socat I most often use that's lacking in nc(at) is <b>AF_UNIX support</b>.
Nmap 5.00 released Posted Jul 17, 2009 20:40 UTC (Fri) by dankamongmen (subscriber, #35141) [Link]
GOPEN:<filename>
(Generic open) This address type tries to handle any file system entry except directories usefully. <filename> may be a relative or absolute path. If it already exists, its type is checked. In case of a UNIX domain socket, socat connects; if connecting fails, socat assumes a datagram socket and uses sendto() calls. If the entry is not a socket, socat opens it applying the O_APPEND flag. If it does not exist, it is opened with flag O_CREAT as a regular file (example). Option groups: FD,REG,SOCKET,NAMED,OPEN See also: OPEN, CREATE, UNIX-CONNECT
Furthermore, SOCKET-* are fully generic on the socket(2) system call (they accept three params, for a domain, protocol, and local address.
Would someone really have written socat(1) and not taken the time to include PF_UNIX?
Nmap 5.00 released Posted Jul 18, 2009 5:11 UTC (Sat) by speedster1 (subscriber, #8143) [Link] >> The feature of socat I most often use that's lacking in nc(at) is AF_UNIX support.>Would someone really have written socat(1) and not taken the time to include PF_UNIX? I think you read that backwards -- the parent poster was actually applauding AF_UNIX support as a great socat feature.
Nmap 5.00 released Posted Jul 18, 2009 6:54 UTC (Sat) by dankamongmen (subscriber, #35141) [Link]
i think you're right. embarrassing!
Nmap 5.00 released Posted Jul 16, 2009 20:13 UTC (Thu) by chmouel (subscriber, #6335) [Link]
what's the different between this ncat version and the other widely available
versions of netcat?
Nmap 5.00 released Posted Jul 16, 2009 22:10 UTC (Thu) by fyodor (guest, #3481) [Link] Good question. I have always loved Hobbit's original netcat, but it hasn't been maintained in more than a decade and it is missing modern features. Our Ncat is cross-platform (even us Linux devotees need to use or debug something on Windows or Mac once in a while) and offers things like SSL encryption, IPv6, a neat "connection brokering" feature for connecting machines behind NAT gateways, socks/http proxy (and proxy chaining) support, and many other goodies. We wrote a details Ncat Users' Guide detailing common tasks that are easier with Ncat.
Nmap 5.00 released Posted Jul 16, 2009 22:58 UTC (Thu) by foom (subscriber, #14868) [Link] Hm, two things I use that seems to be missing in ncat vs. the nc available on debian:
-q secs quit after EOF on stdin and delay of secs -k set keepalive option on socket The -q argument is somewhat like ncat's --send-only, except that it allows receiving data too, as long as you haven't closed stdin yet. I use that one a fair bit. Generally as -q0. I want the client to be able to send and receive data, but to be in control of closing the connection. The -k option is pretty self-explanatory -- it's useful when you're going through firewalls. Although really, I don't know why SO_KEEPALIVE isn't just on by default in the network stack with a timeout of 8 minutes, these days...
Nmap 5.00 released Posted Jul 17, 2009 8:26 UTC (Fri) by tialaramex (subscriber, #21167) [Link]
On the SO_KEEPALIVE issue, some of us don't have broken networks, and the constant pressure to give in and put every node on the Internet the other side of two layers of amateur hour NAT and have it only ever sort-of work with HTTP and nothing else is exactly the sort of thing that gives us a headache.
One of the things we should have learned from the "browser wars" era web experience is that meekly going along with whatever craziness is currently dominant doesn't get you progress, just more pain. The standard says your TCP connection doesn't need keep alive packets, so there's no reason to send them by default.
More practically, if I have a quiescent connection, and I pull the rug out from under it, then put the rug back before using it, I expect it not to notice. With SO_KEEPALIVE the OS will notice and drop the connection. So forcing SO_KEEPALIVE throws away a feature I use. No thanks.
Nmap 5.00 released Posted Jul 17, 2009 9:08 UTC (Fri) by tzafrir (subscriber, #11501) [Link]
netcat and similar tools are one of those things that should also be usable on broken networks, if possible.
Nmap 5.00 released Posted Jul 21, 2009 9:49 UTC (Tue) by tialaramex (subscriber, #21167) [Link]
and so netcat has a flag to set this socket option. I'm happy with that. What I was reacting adversely to was the suggestion that keepalive should be the default.
Nmap 5.00 released Posted Jul 17, 2009 15:05 UTC (Fri) by foom (subscriber, #14868) [Link] I dearly wish the majority of NAT gateways and firewalls out there didn't drop TCP connections after 10 minutes of inactivity. But they do. It sucks, yes. But that's what's out there...My home NAT (linksys) did this. (until I replaced it with a linux box). And a non-natting firewall (Cisco, I think) at my workplace does this between certain internal networks! I'm sure glad you have a non-broken network, but a great many people don't.
Nmap 5.00 released Posted Jul 17, 2009 17:30 UTC (Fri) by dlang (✭ supporter ✭, #313) [Link]
if firewalls (including NAT devices) didn't drop info about the connection after some period of inactivity you would have the equivalent of a memory leak because a system crash or reboot would leave the device 'tracking' a connection that the endpoint no longer knows about, and will never close.
routers and firewalls don't have infinite resources, so if you never timeout 'idle' connections you will eventually crash instead and take out everything
Nmap 5.00 released Posted Jul 19, 2009 9:21 UTC (Sun) by dankamongmen (subscriber, #35141) [Link]
bounded LRU, buddy
Nmap 5.00 released Posted Jul 16, 2009 20:38 UTC (Thu) by nix (subscriber, #2304) [Link]
Nice to know that the most significant feature of them all got a major
enhancement:
'The compile-time Nmap ASCII dragon is now more ferocious thanks to better
(On a more serious note, the network topology graphing looks seriously
Nmap 5.00 released Posted Jul 17, 2009 7:28 UTC (Fri) by arekm (subscriber, #4846) [Link]
Very incomplete IPv6 support, well.. There always will be 6.00 and others.
Nmap 5.00 released Posted Jul 17, 2009 8:38 UTC (Fri) by fyodor (guest, #3481) [Link]
For IPv6 we support TCP scanning (connect()-style), host discovery (connect) style), version detection, and NSE in Nmap. So you have the basics. Also, pretty much every part of Ncat should support IPv6 (there might be some aspects which don't due to lack of testing, but we'd consider that a bug to be quickly fixed). Ndiff supports IPv6 too.
However, Nmap cannot do the raw packet IPv6 stuff, such as UDP scan or the raw-packet TCP port scans (SYN, FIN, etc.) or raw packet host discovery modes. I agree that it would be great to add that functionality, and we're always looking for volunteers!
|
|
||||||||||||