Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Port statereason issue #2808

Open
dksslq opened this issue Mar 27, 2024 · 1 comment
Open

Port statereason issue #2808

dksslq opened this issue Mar 27, 2024 · 1 comment
Labels
Nmap

Comments

@dksslq
Copy link

dksslq commented Mar 27, 2024

Keep the oldstate but use new-reason value.

scan_engine_raw.cc#L2111 get_pcap_result

bool get_pcap_result(UltraScanInfo *USI, struct timeval *stime) {
......
      // update port state, may stay old
      ultrascan_port_probe_update(USI, hss, probeI, newstate, &rcvdtime, adjust_timing);
      if (USI->prot_scan)
        hss->target->ports.setStateReason(protocol, IPPROTO_IP,
                                          current_reason, hdr.ttl, &reason_sip);
      else
        hss->target->ports.setStateReason(dport, protocol,
                                          current_reason, hdr.ttl, &reason_sip);
......

scan_engine.cc#L2117 ultrascan_port_probe_update

void ultrascan_port_probe_update(UltraScanInfo *USI, HostScanStats *hss,
                                 std::list<UltraProbe *>::iterator probeI,
                                 int newstate, const struct timeval *rcvdtime,
                                 bool adjust_timing_hint) {
  const UltraProbe *probe = *probeI;
  const probespec *pspec = probe->pspec();

  ultrascan_port_pspec_update(USI, hss, pspec, newstate);

  ultrascan_adjust_timeouts(USI, hss, probe, rcvdtime);
......

scan_engine.cc#L1884 ultrascan_port_pspec_update

static bool ultrascan_port_pspec_update(const UltraScanInfo *USI,
                                        HostScanStats *hss,
                                        const probespec *pspec,
                                        int newstate) {
  u16 portno = 0;
  u8 proto = 0;
  int oldstate = PORT_TESTING;
  /* Whether no response means a port is open */
  bool noresp_open_scan = USI->noresp_open_scan;

  ......
  hss->target->ports.setPortState(portno, proto, newstate, &oldstate);

  if (newstate != oldstate) {
    switch (oldstate) {
      ......
      case PORT_OPEN:
        if (!noresp_open_scan) {
          hss->target->ports.setPortState(portno, proto, oldstate);
        }
        break;
      ......
      default:
        fatal("Unexpected port state: %d\n", oldstate);
        break;
    }
  }

  return oldstate != newstate;
}

In rare cases, initial syn probe response syn-ack, the following probe receives a reset.
This results in port state keep open, but set new statereason `reset` after ultrascan_port_probe_update(...); at scan_engine_raw.cc#L2116
And scan result sample:

......
Discoverd open port 6060 .....
Nmap scan report for x.x.x.x
Host is up, received user-set (0.18s latency).
Not shown: 65504 filtered tcp ports (no-response), 6 filtered tcp ports (admin-prohibited), 14 closed tcp ports (reset)
Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
PORT      STATE SERVICE         REASON
6060/tcp  open  x11             reset ttl 48
......
Read data files from: /root/nmap
Nmap done: 1 IP address (1 host up) scanned in 130.24 seconds

Is this as expected?
@dksslq dksslq added the Nmap label Mar 27, 2024
@dksslq
Copy link
Author

dksslq commented Mar 27, 2024

--max-retries 0 suppress this

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Nmap
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@dksslq