Re: XML output incomplete Owen Mooney (Sep 10)

Ah I see, so this is expected behaviour. Guess I should have read the fine

print! Is this something that might be changed in a future release? It's

not too important for my use case, but it seems a shame to throw away port

scan data that has already been generated at a later point in the scan.



Re: XML output incomplete David Fifield (Sep 10)

Okay, this explains it. Unfortunately, when a host reaches the host

timeout, it discards all partial scan results.



https://nmap.org/book/man-performance.html

A host that times out is skipped. No port table, OS detection,

or version detection results are printed for that host.



The host timeout with -T5 is 900 seconds, which you can see was

exceeded: "1 IP address (1 host up) scanned in 905.65 seconds"....



Re: XML output incomplete Owen Mooney (Sep 10)

Normal output below:



# Nmap 7.80 scan initiated Fri Sep 4 09:49:26 2020 as: nmap -T5 -sU -sS

-PS22,80,443,445,3389,135,139 -PU53,161 -PE --traceroute -sV -oN normal.txt

-oX xml.xml 172.17.0.2

Warning: 172.17.0.2 giving up on port because retransmission cap hit (2).

Nmap scan report for 172.17.0.2

Host is up (0.00017s latency).

Skipping host 172.17.0.2 due to host timeout

Service detection performed. Please report any incorrect results at...



Re: Script phases Gordon Fyodor Lyon (Sep 03)

Hi Mehrin. Host and service script types (which are the vast majority of

scripts) are both run during the "Script scanning" Nmap phase. Nmap has

separate overall phases for prerule and postrule scripts specifically, so

they are split out in the main Nmap scanning phase documentation.



I hope this helps!

-Fyodor



Re: XML output incomplete David Fifield (Sep 03)

Is the port reported as open in normal output? I want to see if the

problem is specifically to do with XML output, or if it's more general.



You can save normal and XML output at the same time with

-oN filename.txt -oX filename.xml



XML output incomplete Owen Mooney (Sep 03)

Hi, I think I have discovered a bug where the XML output is incomplete with

certain combinations of options. The command I am running is:



nmap -T5 -sU -sS -PS22,80,443,445,3389,135,139 -PU53,161 -PE --traceroute

--disable-arp-ping -sV -oX - 172.17.0.2



The target host is a docker container running apache and listening on port

80. The XML output doesn't contain any <port> elements in this case. For

some reason, using T4 or lower fixes...



Script phases Mehrin Saremi via dev (Aug 29)

Hi,

According to nmap documents, there are four types of scripts: prerule, host, service, and postrule scan. The page on

nmap phases (https://nmap.org/book/nmap-phases.html) mentions two of these scans. As I understand, the prerule and

postrule script types are run in the script pre-scanning and script post-scanning phases respectively.

But what the about the other two kinds of scripts? Are they both run in the script-scanning phase?

Thanks



Percentage issue Eitan Caspi (Aug 29)

Hi,



I use zenmap 7.80 on Windows 10 64 bit.



If I scan one IPv4 based FQDN address using "nmap -sT -sV -p 1-65535 -T4 -O

-A -v -Pn" - at one point the scan percentage is lowered "backwards", from

52.05% to 36.15%... see attached screen shot.



Regards,



Eitan Caspi

Israel



Founder and owner of "Vigorous Security", Information Security consulting:

<https://vsec.co.il/> https://vsec.co.il/

LinkedIn: <...



Re: TLS cipher strength diffs between nmap and SSL Labs Daniel Miller (Aug 27)

Jerry,



The version of Nmap you are using (6.40) is 7 years old. The version of the

script it uses only scores the encryption strength of the ciphersuite

itself. The current version also considers the strength of the handshake

key (DH parameters or RSA key) and will warn for some specific problems.



That is only part of the story, however; even the current version lists all

parameters as having an "A" score. Qualys is downgrading some...



Re: Remote Packet Capture Tim Naami (Aug 19)

Okay, I thought it was like WinPCAP. How I worked around this is to use

SysInternals PsExec to run cmd on the target and execute rdcapd.



I'll figure out how to convert rdcapd as a service.



Nmap 7.80 - Assertion failed Lokesh M (Aug 18)

Hi,

I am using Nmap 7.80 in windows. When I am running ping sweep scan with -sn option, the Nmap is crashing with the

following message:

Assertion failed: htn.toclock_running == true, file ..\Target.cc, line 503

The version details of nmap:> nmap.exe --versionNmap version 7.80 ( https://nmap.org )Platform:

i686-pc-windows-windowsCompiled with: nmap-liblua-5.3.5 openssl-1.0.2s nmap-libssh2-1.8.2 nmap-libz-1.2.11

nmap-libpcre-7.6 Npcap-0.9995...



Re: TLS cipher strength diffs between nmap and SSL Labs Matthew.Snyder (Aug 11)

The definition of “Strong” in the instance of NMAP comes from the definitions as provided by OpenSSL via their

configurations. If you enable “strong” ciphers, the list provided below are included in the configured cipher streams.

These are denoted purely by the amount of effort necessary to produce a collision. SSLLabs focuses on the function of

the cipher, and known vulnerabilities and risks. Using this detail, SSLLabs knows that...



Re: TLS cipher strength diffs between nmap and SSL Labs Christoph Gruber (Aug 11)

Hi!



Just my few cents on your question:

Use the tools you mentioned to get the facts and a brief proposal how to categorise them, but please judge on your own

following your needs and policies. There is no hard rule that says, this is secure, and that is not, the really

important question is: Is it secure enough for my needs now?



Re: Remote Packet Capture Gordon Fyodor Lyon (Aug 10)

Hi Tim. Npcap does not currently support rpcapd, but we might in the

future. You are welcome to add any comments to the feature request on our

tracker:



https://github.com/nmap/npcap/issues/74



In the meantime, maybe you could use something like RDP to run tools like

Wireshark on the remote system itself?



Cheers,

Fyodor



Remote Packet Capture Tim Naami (Aug 10)

I need to capture packets with Wireshark from remote computers. I used to

use WinPCAP but now am attempting to use NPCAP. I've installed NPCAP

version 0.9995 on the remote computer. Still no luck. Using NMAP to scan

the remote computer I do not see port 2002 available.



Some questions:



- Does this install as a service that is visible on the Services GUI?

If so, what is the name?

- Short of the GUI, I've gone to the command...

