Sunday, May 6, 2012

Analysis of nmap program flow.

main() in main.cc

Acts mainly to prepend the arguments in the environmental variable NMAP_ARGS with the command line arguments, creating a new argv and argc that is passed to nmap_main.  The conversion is done by calling arg_parse() in utils.cc.

This technique appears to have grown organically as a way to add environmental variable arguments to the argument list of the nmap command.  The old main function then became nmap_main().  I've been told that there used to be an interactive option here that would give a nmap command line and allow multiple commands to be executed one after the other in terminal mode.

nmap_main() in nmap.cc

Called only by main(), passing in argv and argc.

A fake_argv is created and duplicated from the argv we passed in.  I am not sure why this copy of argv has been created here.

The fake_argv is parsed by parse_options() also in nmap.cc.

parse_options() in nmap.cc

This function does not return a value, instead it parses the options and places the discovered items into a global data structure that the rest of the program uses.

Optimization here is to parse the commands into a data structure and return the data structure and pass the data structure to the rest of the program.   This would allow multiple commands to be ran simultaneously by the same process using different  sets of ports.

Global variable o is defined in NmapOps.cc and externally linked in just about every file in nmap.  Global variables of this type are a little bad. Variable name should reflect their scope, with only local variables having single character names.  It was actually difficult to find where the single definition was located to see what data type the variable was.

Why isn't parse opts in NmapOps.cc?  It could be built into the class.  This would put all the option related items into a single code module. 
The command line options all look like they are listed here.

After the options are parsed the code goes into a set of operations.

Replace argv with faked argv to hide which program is running.

Make sure bounce FTP site, is reachable.

Flush output for stderr and stdout.

XML output.

FakeArgv stuff.

Generate XML.

output_ports_to_machine_parseable_output(&ports);

Handle SigPIPE

Generate error if we cannot get the requested number of ports to run a parallel scan.

Debugging.

Init port class.

Randomize port.

Shortfry???


host scanning.

tcp port scan.

Raw scan (find targets?)
 Target.size stuff.

Something to do with decoy that should be fixed.


Scan by type.

script scanning



Loop through all the targets.
          Generate output xml and plain.
Free targets.

Print results.
Close everything.
Free used memory.

This function is doing a lot and going in many directions, rewriting it to hide some of the complexity such as the ultra_scan() function would make the first main function in nmap much clearer and easier to read and understand what is going on.  Might need to integrate xml generation at a lower level as just part of what our objects do.

ultra_scan() in scan_engine.cc

Sets timeout counters.

This function is very clear and clean.   Very impressive.

 while(!USI->incompleteHostsEmpty()) {
     doAnyPings(USI);
     doAnyOutstandingRetransmits(USI); // Retransmits from probes_outstanding
     /* Retransmits from retry_stack -- goes after OutstandingRetransmits for
        memory consumption reasons */
     doAnyRetryStackRetransmits(USI);
     doAnyNewProbes(USI);
     gettimeofday(&USI->now, NULL);
     // printf("TRACE: Finished doAnyNewProbes() at %.4fs\n", o.TimeSinceStartMS(&USI->now) / 1000.0);
     printAnyStats(USI);
     waitForResponses(USI);
     gettimeofday(&USI->now, NULL);
     // printf("TRACE: Finished waitForResponses() at %.4fs\n", o.TimeSinceStartMS(&USI->now) / 1000.0);
     processData(USI);
}

 

waitForResponses() in scan_engine.cc

Going to start looking here for a couple of hours tomorrow.

Hostgroups

from unnamed source high in the hierarchy of nmap:

Nmap scans hosts in groups (we call them hostgroups) which can contain 1 or more hosts, so sometimes when you scan a network,
the first group may only contain 1 host, which is done so that you can get some results back more quickly, but then the group size may increase so that it is more efficient (can scan more hosts per time period if they are done in parallel). You can see how many hosts it is scanning in the current group by pressing <enter> while Nmap is scanning

and so an ultra_scan run does one type of scan against all target ports against each host in the current group
and it can have multiple outstanding probes for multiple ports against multiple hosts (but all within the same group) in parallel  but it keeps a "congestion window" to decide how many probes it can have outstanding at once, which is based on how fast and reliable the network has shown itself to be if Nmap is getting responses quickly to all probes, Nmap can have a lot of probes outstanding at once, but if it starts seeing packet drops, Nmap slows down and reduces the parallelism
me: Interesting, so it "keeps score" as it runs   
Yes, it uses a bunch of congestion control algorithms to decide that

Scripting execution

is the .nse scripting handled by the ultra_scan function too?   

no, NSE has its own function, let me show you ...
so, first look in nmap.cc...
and you see lines like:
if (!o.noportscan) {
// Ultra_scan sets o.scantype for us so we don't have to worry
if (o.synscan)
ultra_scan(Targets, &ports, SYN_SCAN);

if (o.ackscan)
ultra_scan(Targets, &ports, ACK_SCAN);

if (o.windowscan)
ultra_scan(Targets, &ports, WINDOW_SCAN);

yeah   

so if we didn't request skipping the port scan (-sn), then it looks at the type(s) of scans we requested and
calls ultra_scan for each one. Then later in that same nmap.cc function ...
if (o.servicescan) {
o.current_scantype = SERVICE_SCAN;

service_scan(Targets);
}
so that there is version detection
then later ...
if (o.osscan){
OSScan os_engine;
os_engine.os_scan(Targets);
}
so that's OS detection 05/07/2012 04:54:57 PM

ok, I see that   

and then:
#ifndef NOLUA
if(o.script || o.scriptversion) {
script_scan(Targets, SCRIPT_SCAN);
}
#endif
so first it checks to make sure the user has liblua linked in (because it can't do NSE without LUA) and then

so the different types of scripting, version, os detection, and the like, are handled by each one of those conditionals   

it checks if the user asked for NSE with either o.script (e.g. --script) or by using version detection, which can use NSE for some of its work (o.scriptversion) then it calls script_scan with the list of target hosts in this hostgroup (Targets) to do the NSE scanning


So I could use the built in host scanning of nmap, but with my own custom OS detector script that is called on each found host?   


yeah, you could potentially have an OS detection NSE script it wouldn't be reported in Nmap's normal OS detection place, but  the output would be shown in the script output section

*nods*
that is good to know that scripts output in a different place too


Friday, May 4, 2012

Analyzing nmap using strace and gdb.

Trying to explain my process here with a concrete example.

The other analysis I am doing is following the code through in program execution order.  So I am looking at the code forwards and backwards.    I always like to analyze programs this way because often it points to inefficiencies that could be done in better ways.  I feel comfortable with looking at how a program runs by how it interacts with the system.  Plus I was really interesting in the actual how things happen where the rubber meets the road.  I was wondering if we used

For instance, the packet trace option when running nmap shows me a packet that is being received:

RCVD (0.4640s) TCP 127.0.0.1:8080 > 127.0.0.1:39122 RA ttl=64 id=0 iplen=40  seq=0 win=0

Looking at strace the line that matches up to the output is this:

recvmsg(4, {msg_name(18)={sa_family=AF_PACKET, proto=0x800, if1, pkttype=PACKET_HOST, addr(6)={772, 000000000000}, msg_iov(1)=[{"\0\0\0\0\0\0\0\0\0\0\0\0\10\0E\0\0(\0\0@\0@\6<\316\177\0\0\1\177\0"..., 256}], msg_controllen=32, {cmsg_len=32, cmsg_level=SOL_PACKET, cmsg_type=, ...}, msg_flags=0}, MSG_TRUNC) = 54

And putting a breakpoint in recvmsg() in gdb shows me this:

#0 recvmsg () at ../sysdeps/unix/sysv/linux/i386/socket.S:46
#1 0x0811b729 in pcap_read_packet (handle=0x84eb200, max_packets=1, callback=0x8106a60 <pcap_oneshot>,
user=0xbfffe430 "x\344\377\277<\344\377\277") at ./pcap-linux.c:1502
#2 pcap_read_linux (handle=0x84eb200, max_packets=1, callback=0x8106a60 <pcap_oneshot>, user=0xbfffe430 "x\344\377\277<\344\377\277") at ./pcap-linux.c:1407
#3 0x08106f17 in pcap_dispatch (p=0x84eb200, cnt=1, callback=0x8106a60 <pcap_oneshot>, user=0xbfffe430 "x\344\377\277<\344\377\277") at ./pcap.c:497
#4 0x08106f65 in pcap_next (p=0x84eb200, h=0xbfffe478) at ./pcap.c:180
#5 0x0807d107 in readip_pcap (pd=0x84eb200, len=0xbfffe548, to_usec=999717, rcvdtime=0xbfffe534, linknfo=0xbfffe8dc, validate=true) at tcpip.cc:1660
#6 0x080b8928 in get_pcap_result (USI=0x84ea4a8, stime=0xbfffea04) at scan_engine.cc:4283
#7 0x080be05f in waitForResponses (Targets=..., ports=0x826b9e0, scantype=SYN_SCAN, to=0x0) at scan_engine.cc:5336
#8 ultra_scan (Targets=..., ports=0x826b9e0, scantype=SYN_SCAN, to=0x0) at scan_engine.cc:5645
#9 0x08076874 in nmap_main (argc=7, argv=0xbffff6e4) at nmap.cc:1889
#10 0x0806e9c5 in main (argc=7, argv=0xbffff6e4) at main.cc:198

Which tells me that the pcap library is being used, that it is called from waitForResponses on line 5336 in the ultra_scan function on line 5645.  Even better, because ultra_scan is called a dozen times in nmap_main, I know that ulra_scan() is being called here because 

1888       if (o.synscan)
1889         ultra_scan(Targets, &ports, SYN_SCAN);

Then I look at the code and follow this trail upward and it is very clear why it works this way. 

Now that I am all set up it is only going to take a few minutes to figure out where and give context as to why the program is loading each config file and opening all these ports on startup.



- -

I've added stack traces in main locations to see how the program is structured at these key places using gdb.  Here is a gdb tutorial to see how you load a program and run it.

sudo bash
<enter password to increase permissions>
gdb ./nmap
break <enter name of function to break on>
run -n -p 8080 localhost --reason --packet-trace

At each break point I typed

bt
to get a backtrace  and 
<enter> when requested to complete the backtrace.
Then type the following to get to the next breakpoint.

cont

This is the command I gave to see what system functions were called.

sudo strace -o ../output00001.txt ./nmap -n -p 8080 localhost --reason --packet-trace


Starting Nmap 5.61TEST5 ( http://nmap.org ) at 2012-05-04 18:51 EDT
SENT (0.4583s) TCP 127.0.0.1:39122 > 127.0.0.1:8080 S ttl=54 id=18866 iplen=44  seq=1825058727 win=1024 <mss 1460>
RCVD (0.4616s) TCP 127.0.0.1:39122 > 127.0.0.1:8080 S ttl=54 id=18866 iplen=44  seq=1825058727 win=1024 <mss 1460>
RCVD (0.4640s) TCP 127.0.0.1:8080 > 127.0.0.1:39122 RA ttl=64 id=0 iplen=40  seq=0 win=0
Nmap scan report for localhost (127.0.0.1)
Host is up, received localhost-response (0.0064s latency).
PORT     STATE  SERVICE    REASON
8080/tcp closed http-proxy reset

Nmap done: 1 IP address (1 host up) scanned in 0.50 seconds

Wireshark capture.  The first two are to a closed port, the last 3 are to an open port.





These are all the system calls used by nmap.

The output file has been shortened a bit and the above lines highlighted in the output below:

[Startup removed]

write(1, "Starting Nmap 5.61TEST5 ( http:/"..., 68) = 68



#9  0x080a5275 in vfprintf (logt=1024,
    fmt=0x813e179 "\nStarting %s %s ( %s ) at %s\n",
    ap=0xbfffe928 "y\330\023\bo\330\023\b_\330\023\b\374\352\377\277\350\377\377\377\377\377\377\377\001") at /usr/include/bits/stdio2.h:128
#10 log_vwrite (logt=1024, fmt=0x813e179 "\nStarting %s %s ( %s ) at %s\n",
---Type <return> to continue, or q <return> to quit---
    ap=0xbfffe928 "y\330\023\bo\330\023\b_\330\023\b\374\352\377\277\350\377\377\377\377\377\377\377\001") at output.cc:930
#11 0x080a555b in log_write (logt=1028,
    fmt=0x813e179 "\nStarting %s %s ( %s ) at %s\n") at output.cc:983
#12 0x080747dc in apply_delayed_options () at nmap.cc:1361
#13 0x080750e6 in nmap_main (argc=7, argv=0xbffff6e4) at nmap.cc:1563
#14 0x0806e9c5 in main (argc=7, argv=0xbffff6e4) at main.cc:198

 
getuid32()                              = 0
socket(PF_FILE, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0) = 3
connect(3, {sa_family=AF_FILE, path="/var/run/nscd/socket"}, 110) = -1 ENOENT (No such file or directory)
close(3)                                = 0



#0 connect () at ../sysdeps/unix/sysv/linux/i386/socket.S:46
#1 0x00521c38 in open_socket (type=GETFDPW, key=0x555c06 "passwd", keylen=7)
at nscd_helper.c:207
#2 0x00522171 in get_mapping (type=GETFDPW, key=0x555c06 "passwd",
mappedp=0x57d3c0) at nscd_helper.c:293
#3 0x00522619 in __nscd_get_map_ref (type=GETFDPW, name=0x555c06 "passwd",
mapptr=0x57d3bc, gc_cyclep=0xbfffbc74) at nscd_helper.c:452
#4 0x0051f784 in nscd_getpw_r (key=0xbfffbca6 "0", keylen=2, type=GETPWBYUID,
resultbuf=0x57bc64, buffer=0x827bec8 "", buflen=1024, result=0xbfffbd08)
at nscd_getpw_r.c:97
#5 0x0051fbb2 in __nscd_getpwuid_r (uid=0, resultbuf=0x57bc64,
buffer=0x827bec8 "", buflen=1024, result=0xbfffbd08) at nscd_getpw_r.c:65
#6 0x004b55d9 in __getpwuid_r (uid=0, resbuf=0x57bc64, buffer=0x827bec8 "",
buflen=1024, result=0xbfffbd08) at ../nss/getXXbyYY_r.c:194
#7 0x004b4e2f in getpwuid (uid=0) at ../nss/getXXbyYY.c:117
#8 0x0806ea90 in nmap_fetchfile_userdir_uid (buf=0xbfffe58c "", buflen=512,
file=0xbfffc0ac "updates/5.61TEST4/nmap-services", uid=0) at nmap.cc:2896
#9 0x0806eb7f in nmap_fetchfile_userdir (filename_returned=0xbfffe58c "",
bufferlen=512, file=0xbfffc0ac "updates/5.61TEST4/nmap-services")
at nmap.cc:2910
#10 nmap_fetchfile_sub (filename_returned=0xbfffe58c "", bufferlen=512,
file=0xbfffc0ac "updates/5.61TEST4/nmap-services") at nmap.cc:2946
#11 0x08070bd5 in nmap_fetchfile (filename_returned=0xbfffe58c "",
bufferlen=512, file=0x813dc41 "nmap-services") at nmap.cc:2868
#12 0x080c1d84 in nmap_services_init () at services.cc:166
#13 0x080c2bad in gettoppts (level=-1, portlist=0x827b7e8 "8080",
ports=0x826b9e0) at services.cc:409
---Type <return> to continue, or q <return> to quit---
#14 0x08074c0a in apply_delayed_options () at nmap.cc:1399
#15 0x080750e6 in nmap_main (argc=7, argv=0xbffff6e4) at nmap.cc:1563
#16 0x0806e9c5 in main (argc=7, argv=0xbffff6e4) at main.cc:198

socket(PF_FILE, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0) = 3
connect(3, {sa_family=AF_FILE, path="/var/run/nscd/socket"}, 110) = -1 ENOENT (No such file or directory)
close(3)                                = 0



#0 connect () at ../sysdeps/unix/sysv/linux/i386/socket.S:46
#1 0x00521c38 in open_socket (type=GETPWBYUID, key=0xbfffbca6 "0", keylen=2)
at nscd_helper.c:207
#2 0x005227e9 in __nscd_open_socket (key=0xbfffbca6 "0", keylen=2,
type=GETPWBYUID, response=0xbfffbc50, responselen=36) at nscd_helper.c:579
#3 0x0051f7e7 in nscd_getpw_r (key=0xbfffbca6 "0", keylen=2, type=GETPWBYUID,
resultbuf=0x57bc64, buffer=0x827bec8 "", buflen=1024, result=0xbfffbd08)
at nscd_getpw_r.c:127
#4 0x0051fbb2 in __nscd_getpwuid_r (uid=0, resultbuf=0x57bc64,
buffer=0x827bec8 "", buflen=1024, result=0xbfffbd08) at nscd_getpw_r.c:65
#5 0x004b55d9 in __getpwuid_r (uid=0, resbuf=0x57bc64, buffer=0x827bec8 "",
buflen=1024, result=0xbfffbd08) at ../nss/getXXbyYY_r.c:194
#6 0x004b4e2f in getpwuid (uid=0) at ../nss/getXXbyYY.c:117
#7 0x0806ea90 in nmap_fetchfile_userdir_uid (buf=0xbfffe58c "", buflen=512,
file=0xbfffc0ac "updates/5.61TEST4/nmap-services", uid=0) at nmap.cc:2896
#8 0x0806eb7f in nmap_fetchfile_userdir (filename_returned=0xbfffe58c "",
bufferlen=512, file=0xbfffc0ac "updates/5.61TEST4/nmap-services")
at nmap.cc:2910
#9 nmap_fetchfile_sub (filename_returned=0xbfffe58c "", bufferlen=512,
file=0xbfffc0ac "updates/5.61TEST4/nmap-services") at nmap.cc:2946
#10 0x08070bd5 in nmap_fetchfile (filename_returned=0xbfffe58c "",
bufferlen=512, file=0x813dc41 "nmap-services") at nmap.cc:2868
#11 0x080c1d84 in nmap_services_init () at services.cc:166
#12 0x080c2bad in gettoppts (level=-1, portlist=0x827b7e8 "8080",
ports=0x826b9e0) at services.cc:409
#13 0x08074c0a in apply_delayed_options () at nmap.cc:1399
#14 0x080750e6 in nmap_main (argc=7, argv=0xbffff6e4) at nmap.cc:1563
---Type <return> to continue, or q <return> to quit---
#15 0x0806e9c5 in main (argc=7, argv=0xbffff6e4) at main.cc:198



open("/etc/nsswitch.conf", O_RDONLY)    = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=513, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7804000
read(3, "# /etc/nsswitch.conf\n#\n# Example"..., 4096) = 513
read(3, "", 4096)                       = 0
close(3)                                = 0




munmap(0xb7804000, 4096)                = 0
open("/etc/ld.so.cache", O_RDONLY)      = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=94111, ...}) = 0
mmap2(NULL, 94111, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb77d3000
close(3)                                = 0


access("/etc/ld.so.nohwcap", F_OK)      = -1 ENOENT (No such file or directory)
open("/lib/i386-linux-gnu/libnss_compat.so.2", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0000\16\0\0004\0\0\0"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0644, st_size=26400, ...}) = 0
mmap2(NULL, 29268, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb59000
mmap2(0xb5f000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x5) = 0xb5f000
close(3)                                = 0


access("/etc/ld.so.nohwcap", F_OK)      = -1 ENOENT (No such file or directory)
open("/lib/i386-linux-gnu/libnsl.so.1", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\00001\0\0004\0\0\0"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0644, st_size=79672, ...}) = 0
mmap2(NULL, 92104, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xf6b000
mmap2(0xf7e000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x12) = 0xf7e000
mmap2(0xf80000, 6088, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0xf80000
close(3)                                = 0


mprotect(0xf7e000, 4096, PROT_READ)     = 0
mprotect(0xb5f000, 4096, PROT_READ)     = 0
munmap(0xb77d3000, 94111)               = 0
open("/etc/ld.so.cache", O_RDONLY)      = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=94111, ...}) = 0
mmap2(NULL, 94111, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb77d3000
close(3)                                = 0
access("/etc/ld.so.nohwcap", F_OK)      = -1 ENOENT (No such file or directory)
open("/lib/i386-linux-gnu/libnss_nis.so.2", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0000\31\0\0004\0\0\0"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0644, st_size=38500, ...}) = 0
mmap2(NULL, 41532, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x125000
mmap2(0x12e000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x8) = 0x12e000
close(3)                                = 0


access("/etc/ld.so.nohwcap", F_OK)      = -1 ENOENT (No such file or directory)
open("/lib/i386-linux-gnu/libnss_files.so.2", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\220\32\0\0004\0\0\0"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0644, st_size=42580, ...}) = 0
mmap2(NULL, 45780, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x8ec000
mmap2(0x8f6000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x9) = 0x8f6000
close(3)                                = 0


mprotect(0x8f6000, 4096, PROT_READ)     = 0
mprotect(0x12e000, 4096, PROT_READ)     = 0
munmap(0xb77d3000, 94111)               = 0
open("/etc/passwd", O_RDONLY|O_CLOEXEC) = 3


#0 open () at ../sysdeps/unix/syscall-template.S:82
#1 0x0048502f in _IO_file_open (fp=0x827d728,
filename=0x598ad8 "/etc/passwd", posix_mode=524288, prot=438,
read_write=8, is32not64=1) at fileops.c:232
#2 0x004851f8 in _IO_new_file_fopen (fp=0x827d728,
filename=0x598ad8 "/etc/passwd", mode=<value optimized out>, is32not64=1)
at fileops.c:336
#3 0x004795a4 in __fopen_internal (filename=0x598ad8 "/etc/passwd",
mode=0x598a88 "rme", is32=1) at iofopen.c:93
#4 0x0047960c in _IO_new_fopen (filename=0x598ad8 "/etc/passwd",
mode=0x598a88 "rme") at iofopen.c:107
#5 0x00595060 in internal_setpwent (ent=0xbfffbc40, stayopen=0, needent=0)
at nss_compat/compat-pwd.c:239
#6 0x0059699d in _nss_compat_getpwuid_r (uid=0, pwd=0x57bc64,
buffer=0x827bec8 "", buflen=1024, errnop=0xb7fe3688)
at nss_compat/compat-pwd.c:1109
#7 0x004b551b in __getpwuid_r (uid=0, resbuf=0x57bc64, buffer=0x827bec8 "",
buflen=1024, result=0xbfffbd08) at ../nss/getXXbyYY_r.c:256
#8 0x004b4e2f in getpwuid (uid=0) at ../nss/getXXbyYY.c:117
#9 0x0806ea90 in nmap_fetchfile_userdir_uid (buf=0xbfffe58c "", buflen=512,
file=0xbfffc0ac "updates/5.61TEST4/nmap-services", uid=0) at nmap.cc:2896
#10 0x0806eb7f in nmap_fetchfile_userdir (filename_returned=0xbfffe58c "",
bufferlen=512, file=0xbfffc0ac "updates/5.61TEST4/nmap-services")
at nmap.cc:2910
#11 nmap_fetchfile_sub (filename_returned=0xbfffe58c "", bufferlen=512,
file=0xbfffc0ac "updates/5.61TEST4/nmap-services") at nmap.cc:2946
#12 0x08070bd5 in nmap_fetchfile (filename_returned=0xbfffe58c "",
---Type <return> to continue, or q <return> to quit---
bufferlen=512, file=0x813dc41 "nmap-services") at nmap.cc:2868
#13 0x080c1d84 in nmap_services_init () at services.cc:166
#14 0x080c2bad in gettoppts (level=-1, portlist=0x827b7e8 "8080",
ports=0x826b9e0) at services.cc:409
#15 0x08074c0a in apply_delayed_options () at nmap.cc:1399
#16 0x080750e6 in nmap_main (argc=7, argv=0xbffff6e4) at nmap.cc:1563
#17 0x0806e9c5 in main (argc=7, argv=0xbffff6e4) at main.cc:198 



fcntl64(3, F_GETFD)                     = 0x1 (flags FD_CLOEXEC)
_llseek(3, 0, [0], SEEK_CUR)            = 0
fstat64(3, {st_mode=S_IFREG|0644, st_size=1704, ...}) = 0
mmap2(NULL, 1704, PROT_READ, MAP_SHARED, 3, 0) = 0xb7804000
_llseek(3, 1704, [1704], SEEK_SET)      = 0
munmap(0xb7804000, 1704)                = 0
close(3)                                = 0


stat64("/root/.nmap/updates/5.61TEST4/nmap-services", 0xbfa1eb7c) = -1 ENOENT (No such file or directory)
getuid32()                              = 0
geteuid32()                             = 0
readlink("/proc/self/exe", "/home/username/Nmap/source/main/nmap", 1024) = 61
stat64("/home/username/Nmap/source/main/updates/5.61TEST4/nmap-services", 0xbfa1eb7c) = -1 ENOENT (No such file or directory)
stat64("/home/username/Nmap/source/main/../share/nmap/updates/5.61TEST4/nmap-services", 0xbfa1eb7c) = -1 ENOENT (No such file or directory)
stat64("/usr/local/share/nmap/updates/5.61TEST4/nmap-services", 0xbfa1eb7c) = -1 ENOENT (No such file or directory)
getuid32()                              = 0
open("/etc/passwd", O_RDONLY|O_CLOEXEC) = 3


#0 open () at ../sysdeps/unix/syscall-template.S:82
#1 0x0048502f in _IO_file_open (fp=0x827d7e0,
filename=0x598ad8 "/etc/passwd", posix_mode=524288, prot=438,
read_write=8, is32not64=1) at fileops.c:232
#2 0x004851f8 in _IO_new_file_fopen (fp=0x827d7e0,
filename=0x598ad8 "/etc/passwd", mode=<value optimized out>, is32not64=1)
at fileops.c:336
#3 0x004795a4 in __fopen_internal (filename=0x598ad8 "/etc/passwd",
mode=0x598a88 "rme", is32=1) at iofopen.c:93
#4 0x0047960c in _IO_new_fopen (filename=0x598ad8 "/etc/passwd",
mode=0x598a88 "rme") at iofopen.c:107
#5 0x00595060 in internal_setpwent (ent=0xbfffbc40, stayopen=0, needent=0)
at nss_compat/compat-pwd.c:239
#6 0x0059699d in _nss_compat_getpwuid_r (uid=0, pwd=0x57bc64,
buffer=0x827bec8 "root", buflen=1024, errnop=0xb7fe3688)
at nss_compat/compat-pwd.c:1109
#7 0x004b551b in __getpwuid_r (uid=0, resbuf=0x57bc64,
buffer=0x827bec8 "root", buflen=1024, result=0xbfffbd08)
at ../nss/getXXbyYY_r.c:256
#8 0x004b4e2f in getpwuid (uid=0) at ../nss/getXXbyYY.c:117
#9 0x0806ea90 in nmap_fetchfile_userdir_uid (
buf=0xbfffe58c "/usr/local/share/nmap/updates/5.61TEST4/nmap-services",
buflen=512, file=0x813dc41 "nmap-services", uid=0) at nmap.cc:2896
#10 0x0806eb7f in nmap_fetchfile_userdir (
filename_returned=0xbfffe58c "/usr/local/share/nmap/updates/5.61TEST4/nmap-services", bufferlen=512, file=0x813dc41 "nmap-services") at nmap.cc:2910
#11 nmap_fetchfile_sub (
---Type <return> to continue, or q <return> to quit---
filename_returned=0xbfffe58c "/usr/local/share/nmap/updates/5.61TEST4/nmap-services", bufferlen=512, file=0x813dc41 "nmap-services") at nmap.cc:2946
#12 0x08070be4 in nmap_fetchfile (
filename_returned=0xbfffe58c "/usr/local/share/nmap/updates/5.61TEST4/nmap-services", bufferlen=512, file=0x813dc41 "nmap-services") at nmap.cc:2871
#13 0x080c1d84 in nmap_services_init () at services.cc:166
#14 0x080c2bad in gettoppts (level=-1, portlist=0x827b7e8 "8080",
ports=0x826b9e0) at services.cc:409
#15 0x08074c0a in apply_delayed_options () at nmap.cc:1399
#16 0x080750e6 in nmap_main (argc=7, argv=0xbffff6e4) at nmap.cc:1563
#17 0x0806e9c5 in main (argc=7, argv=0xbffff6e4) at main.cc:198 





_llseek(3, 0, [0], SEEK_CUR)            = 0
fstat64(3, {st_mode=S_IFREG|0644, st_size=1704, ...}) = 0
mmap2(NULL, 1704, PROT_READ, MAP_SHARED, 3, 0) = 0xb7804000
_llseek(3, 1704, [1704], SEEK_SET)      = 0
munmap(0xb7804000, 1704)                = 0
close(3)                                = 0


stat64("/root/.nmap/nmap-services", 0xbfa1eb7c) = -1 ENOENT (No such file or directory)
getuid32()                              = 0
geteuid32()                             = 0
readlink("/proc/self/exe", "/home/username/Nmap/source/main/nmap", 1024) = 61
stat64("/home/username/Nmap/source/main/nmap-services", {st_mode=S_IFREG|0644, st_size=621834, ...}) = 0
access("/home/username/Nmap/source/main/nmap-services", R_OK) = 0
stat64("./nmap-services", {st_mode=S_IFREG|0644, st_size=621834, ...}) = 0
access("./nmap-services", R_OK)         = 0
stat64("/home/username/Nmap/source/main/nmap-services", {st_mode=S_IFREG|0644, st_size=621834, ...}) = 0
stat64("./nmap-services", {st_mode=S_IFREG|0644, st_size=621834, ...}) = 0
open("/home/username/Nmap/source/main/nmap-services", O_RDONLY) = 3


#0 open () at ../sysdeps/unix/syscall-template.S:82
#1 0x0048502f in _IO_file_open (fp=0x827d7d0,
filename=0xbfffe58c "/home/username/Nmap/source/main/nmap-services", posix_mode=0, prot=438, read_write=8, is32not64=1)
at fileops.c:232
#2 0x004851f8 in _IO_new_file_fopen (fp=0x827d7d0,
filename=0xbfffe58c "/home/username/Nmap/source/main/nmap-services", mode=<value optimized out>, is32not64=1) at fileops.c:336
#3 0x004795a4 in __fopen_internal (
filename=0xbfffe58c "/home/username/Nmap/source/main/nmap-services", mode=0x81511ef "r", is32=1) at iofopen.c:93
#4 0x0047960c in _IO_new_fopen (
filename=0xbfffe58c "/home/username/Nmap/source/main/nmap-services", mode=0x81511ef "r") at iofopen.c:107
#5 0x080c1dbd in nmap_services_init () at services.cc:190
#6 0x080c2bad in gettoppts (level=-1, portlist=0x827b7e8 "8080",
ports=0x826b9e0) at services.cc:409
#7 0x08074c0a in apply_delayed_options () at nmap.cc:1399
#8 0x080750e6 in nmap_main (argc=7, argv=0xbffff6e4) at nmap.cc:1563
#9 0x0806e9c5 in main (argc=7, argv=0xbffff6e4) at main.cc:198 





fstat64(3, {st_mode=S_IFREG|0644, st_size=621834, ...}) = 0

[snip]

close(3)                                = 0


munmap(0xb7804000, 4096)                = 0
time(NULL)                              = 1336170738
stat64("/etc/localtime", {st_mode=S_IFREG|0644, st_size=3519, ...}) = 0
getuid32()                              = 0
open("/etc/passwd", O_RDONLY|O_CLOEXEC) = 3
_llseek(3, 0, [0], SEEK_CUR)            = 0
fstat64(3, {st_mode=S_IFREG|0644, st_size=1704, ...}) = 0
mmap2(NULL, 1704, PROT_READ, MAP_SHARED, 3, 0) = 0xb7804000
_llseek(3, 1704, [1704], SEEK_SET)      = 0
munmap(0xb7804000, 1704)                = 0
close(3)                                = 0


stat64("/root/.nmap/updates/5.61TEST4/nmap.xsl", 0xbfa1e61c) = -1 ENOENT (No such file or directory)
getuid32()                              = 0
geteuid32()                             = 0
readlink("/proc/self/exe", "/home/username/Nmap/source/main/nmap", 1024) = 61
stat64("/home/username/Nmap/source/main/updates/5.61TEST4/nmap.xsl", 0xbfa1e61c) = -1 ENOENT (No such file or directory)
stat64("/home/username/Nmap/source/main/../share/nmap/updates/5.61TEST4/nmap.xsl", 0xbfa1e61c) = -1 ENOENT (No such file or directory)
stat64("/usr/local/share/nmap/updates/5.61TEST4/nmap.xsl", 0xbfa1e61c) = -1 ENOENT (No such file or directory)
getuid32()                              = 0
open("/etc/passwd", O_RDONLY|O_CLOEXEC) = 3


#0 open () at ../sysdeps/unix/syscall-template.S:82
#1 0x0048502f in _IO_file_open (fp=0x84e0b40,
filename=0x598ad8 "/etc/passwd", posix_mode=524288, prot=438,
read_write=8, is32not64=1) at fileops.c:232
#2 0x004851f8 in _IO_new_file_fopen (fp=0x84e0b40,
filename=0x598ad8 "/etc/passwd", mode=<value optimized out>, is32not64=1)
at fileops.c:336
#3 0x004795a4 in __fopen_internal (filename=0x598ad8 "/etc/passwd",
mode=0x598a88 "rme", is32=1) at iofopen.c:93
#4 0x0047960c in _IO_new_fopen (filename=0x598ad8 "/etc/passwd",
mode=0x598a88 "rme") at iofopen.c:107
#5 0x00595060 in internal_setpwent (ent=0xbfffb6e0, stayopen=0, needent=0)
at nss_compat/compat-pwd.c:239
#6 0x0059699d in _nss_compat_getpwuid_r (uid=0, pwd=0x57bc64,
buffer=0x827bec8 "root", buflen=1024, errnop=0xb7fe3688)
at nss_compat/compat-pwd.c:1109
#7 0x004b551b in __getpwuid_r (uid=0, resbuf=0x57bc64,
buffer=0x827bec8 "root", buflen=1024, result=0xbfffb7a8)
at ../nss/getXXbyYY_r.c:256
#8 0x004b4e2f in getpwuid (uid=0) at ../nss/getXXbyYY.c:117
#9 0x0806ea90 in nmap_fetchfile_userdir_uid (buf=0xbfffdb8c "", buflen=4096,
file=0xbfffbb4c "updates/5.61TEST4/nmap.xsl", uid=0) at nmap.cc:2896
#10 0x0806eb7f in nmap_fetchfile_userdir (filename_returned=0xbfffdb8c "",
bufferlen=4096, file=0xbfffbb4c "updates/5.61TEST4/nmap.xsl")
at nmap.cc:2910
#11 nmap_fetchfile_sub (filename_returned=0xbfffdb8c "", bufferlen=4096,
file=0xbfffbb4c "updates/5.61TEST4/nmap.xsl") at nmap.cc:2946
---Type <return> to continue, or q <return> to quit---
#12 0x08070bd5 in nmap_fetchfile (filename_returned=0xbfffdb8c "",
bufferlen=4096, file=0x814e08f "nmap.xsl") at nmap.cc:2868
#13 0x080c9c66 in NmapOps::XSLStyleSheet (this=0x8275720) at NmapOps.cc:617
#14 0x08075222 in nmap_main (argc=7, argv=0xbffff6e4) at nmap.cc:1602
#15 0x0806e9c5 in main (argc=7, argv=0xbffff6e4) at main.cc:198 







_llseek(3, 0, [0], SEEK_CUR)            = 0
fstat64(3, {st_mode=S_IFREG|0644, st_size=1704, ...}) = 0
mmap2(NULL, 1704, PROT_READ, MAP_SHARED, 3, 0) = 0xb7804000
_llseek(3, 1704, [1704], SEEK_SET)      = 0
munmap(0xb7804000, 1704)                = 0
close(3)                                = 0


stat64("/root/.nmap/nmap.xsl", 0xbfa1e61c) = -1 ENOENT (No such file or directory)
getuid32()                              = 0
geteuid32()                             = 0
readlink("/proc/self/exe", "/home/username/Nmap/source/main/nmap", 1024) = 61
stat64("/home/username/Nmap/source/main/nmap.xsl", 0xbfa1e61c) = -1 ENOENT (No such file or directory)
stat64("/home/username/Nmap/source/main/../share/nmap/nmap.xsl", 0xbfa1e61c) = -1 ENOENT (No such file or directory)
stat64("/usr/local/share/nmap/nmap.xsl", 0xbfa1e61c) = -1 ENOENT (No such file or directory)
rt_sigaction(SIGPIPE, {SIG_IGN, [PIPE], SA_RESTART}, {SIG_DFL, [], 0}, 8) = 0
mmap2(NULL, 135168, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7767000
socket(PF_NETLINK, SOCK_RAW, 0)         = 3
bind(3, {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 0
getsockname(3, {sa_family=AF_NETLINK, pid=12696, groups=00000000}, [12]) = 0
time(NULL)                              = 1336170738
sendto(3, "\24\0\0\0\26\0\1\3\362X\244O\0\0\0\0\0\0\0\0", 20, 0, {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 20


recvmsg(3, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000000}, msg_iov(1)=[{"0\0\0\0\24\0\2\0\362X\244O\2301\0\0\2\10\200\376\1\0\0\0\10\0\1\0\177\0\0\1"..., 4096}], msg_controllen=0, msg_flags=0}, 0) = 108
recvmsg(3, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000000}, msg_iov(1)=[{"@\0\0\0\24\0\2\0\362X\244O\2301\0\0\n\200\200\376\1\0\0\0\24\0\1\0\0\0\0\0"..., 4096}], msg_controllen=0, msg_flags=0}, 0) = 128
recvmsg(3, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000000}, msg_iov(1)=[{"\24\0\0\0\3\0\2\0\362X\244O\2301\0\0\0\0\0\0\1\0\0\0\24\0\1\0\0\0\0\0"..., 4096}], msg_controllen=0, msg_flags=0}, 0) = 20
close(3)                                = 0


open("/etc/resolv.conf", O_RDONLY)      = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=76, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7766000
read(3, "# Generated by NetworkManager\nna"..., 4096) = 76
read(3, "", 4096)                       = 0
close(3)                                = 0


munmap(0xb7766000, 4096)                = 0
uname({sys="Linux", node="username-1015PX", ...}) = 0
socket(PF_FILE, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0) = 3
connect(3, {sa_family=AF_FILE, path="/var/run/nscd/socket"}, 110) = -1 ENOENT (No such file or directory)
close(3)                                = 0


#0 connect () at ../sysdeps/unix/sysv/linux/i386/socket.S:46
#1 0x00521c38 in open_socket (type=GETFDHST, key=0x5560c7 "hosts", keylen=6)
at nscd_helper.c:207
#2 0x00522171 in get_mapping (type=GETFDHST, key=0x5560c7 "hosts",
mappedp=0x57d9f4) at nscd_helper.c:293
#3 0x00522619 in __nscd_get_map_ref (type=GETFDHST, name=0x5560c7 "hosts",
mapptr=0x57d9f0, gc_cyclep=0xbfffe2ac) at nscd_helper.c:452
#4 0x00520284 in nscd_gethst_r (key=0x827d878 "localhost", keylen=10,
type=GETHOSTBYNAME, resultbuf=0xbfffe624, buffer=0xbfffe360 "\002",
buflen=512, result=0xbfffe640, h_errnop=0xbfffe63c) at nscd_gethst_r.c:126
#5 0x00520acf in __nscd_gethostbyname2_r (name=0x827d878 "localhost", af=2,
resultbuf=0xbfffe624, buffer=0xbfffe360 "\002", buflen=512,
result=0xbfffe640, h_errnop=0xbfffe63c) at nscd_gethst_r.c:62
#6 0x00505984 in __gethostbyname2_r (name=0x827d878 "localhost", af=2,
resbuf=0xbfffe624, buffer=0xbfffe360 "\002", buflen=512,
result=0xbfffe640, h_errnop=0xbfffe63c) at ../nss/getXXbyYY_r.c:194
#7 0x004c6359 in gaih_inet (name=0x827d878 "localhost",
service=<value optimized out>, req=0xbfffe7bc, pai=0xbfffe784,
naddrs=0xbfffe774) at ../sysdeps/posix/getaddrinfo.c:531
#8 0x004c6b2b in getaddrinfo (name=0x827d878 "localhost",
service=<value optimized out>, hints=0xbfffe7bc, pai=0xbfffe7dc)
at ../sysdeps/posix/getaddrinfo.c:2161
#9 0x0807b1a6 in resolve_all (hostname=0x827d878 "localhost", pf=2)
at tcpip.cc:449
#10 0x080cb023 in TargetGroup::parse_expr (this=0x84e4d08,
target_expr=0x827d868 "localhost", af=2) at TargetGroup.cc:182
#11 0x080799b9 in nexthost (hs=0x84e4ce8, exclude_group=0xbfffec34,
ports=0x826b9e0, pingtype=122) at targets.cc:403
#12 0x08075b8f in nmap_main (argc=7, argv=0xbffff6e4) at nmap.cc:1788
#13 0x0806e9c5 in main (argc=7, argv=0xbffff6e4) at main.cc:198 

socket(PF_FILE, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0) = 3
connect(3, {sa_family=AF_FILE, path="/var/run/nscd/socket"}, 110) = -1 ENOENT (No such file or directory)
close(3)                                = 0


#0 connect () at ../sysdeps/unix/sysv/linux/i386/socket.S:46
#1 0x00521c38 in open_socket (type=GETHOSTBYNAME, key=0x827d878 "localhost",
keylen=10) at nscd_helper.c:207
#2 0x005227e9 in __nscd_open_socket (key=0x827d878 "localhost", keylen=10,
type=GETHOSTBYNAME, response=0xbfffe28c, responselen=32)
at nscd_helper.c:579
#3 0x005203c4 in nscd_gethst_r (key=0x827d878 "localhost", keylen=10,
type=GETHOSTBYNAME, resultbuf=0xbfffe624, buffer=0xbfffe360 "\002",
buflen=512, result=0xbfffe640, h_errnop=0xbfffe63c) at nscd_gethst_r.c:189
#4 0x00520acf in __nscd_gethostbyname2_r (name=0x827d878 "localhost", af=2,
resultbuf=0xbfffe624, buffer=0xbfffe360 "\002", buflen=512,
result=0xbfffe640, h_errnop=0xbfffe63c) at nscd_gethst_r.c:62
#5 0x00505984 in __gethostbyname2_r (name=0x827d878 "localhost", af=2,
resbuf=0xbfffe624, buffer=0xbfffe360 "\002", buflen=512,
result=0xbfffe640, h_errnop=0xbfffe63c) at ../nss/getXXbyYY_r.c:194
#6 0x004c6359 in gaih_inet (name=0x827d878 "localhost",
service=<value optimized out>, req=0xbfffe7bc, pai=0xbfffe784,
naddrs=0xbfffe774) at ../sysdeps/posix/getaddrinfo.c:531
#7 0x004c6b2b in getaddrinfo (name=0x827d878 "localhost",
service=<value optimized out>, hints=0xbfffe7bc, pai=0xbfffe7dc)
at ../sysdeps/posix/getaddrinfo.c:2161
#8 0x0807b1a6 in resolve_all (hostname=0x827d878 "localhost", pf=2)
at tcpip.cc:449
#9 0x080cb023 in TargetGroup::parse_expr (this=0x84e4d08,
target_expr=0x827d868 "localhost", af=2) at TargetGroup.cc:182
#10 0x080799b9 in nexthost (hs=0x84e4ce8, exclude_group=0xbfffec34,
ports=0x826b9e0, pingtype=122) at targets.cc:403
---Type <return> to continue, or q <return> to quit---
#11 0x08075b8f in nmap_main (argc=7, argv=0xbffff6e4) at nmap.cc:1788
#12 0x0806e9c5 in main (argc=7, argv=0xbffff6e4) at main.cc:198

open("/etc/host.conf", O_RDONLY)        = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=92, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7766000
read(3, "# The \"order\" line is only used "..., 4096) = 92
read(3, "", 4096)                       = 0
close(3)                                = 0




munmap(0xb7766000, 4096)                = 0
open("/etc/hosts", O_RDONLY|O_CLOEXEC)  = 3
fcntl64(3, F_GETFD)                     = 0x1 (flags FD_CLOEXEC)
fstat64(3, {st_mode=S_IFREG|0644, st_size=229, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7766000
read(3, "127.0.0.1\tlocalhost\n127.0.1.1\tjr"..., 4096) = 229
read(3, "", 4096)                       = 0
close(3)                                = 0


munmap(0xb7766000, 4096)                = 0
socket(PF_NETLINK, SOCK_RAW, 0)         = 3
bind(3, {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 0
sendmsg(3, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000000}, msg_iov(1)=[{"$\0\0\0\32\0\1\0\0\0\0\0\0\0\0\0\2 \0\0\0\0\0\0\0\0\0\0\10\0\1\0"..., 36}], msg_controllen=0, msg_flags=0}, 0) = 36
recvmsg(3, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000000}, msg_iov(1)=[{"`\0\0\0\30\0\0\0\0\0\0\0\2301\0\0\2 \0\0\376\0\0\2\0\2\0\200\10\0\17\0"..., 512}], msg_controllen=0, msg_flags=0}, 0) = 96
close(3)                                = 0
access("/proc/net", R_OK)               = 0
access("/proc/net/unix", R_OK)          = 0
socket(PF_FILE, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 3
ioctl(3, SIOCGIFNAME, {ifr_index=1, ifr_name="lo"}) = 0
close(3)                                = 0


socket(PF_INET, SOCK_DGRAM, IPPROTO_IP) = 3
setsockopt(3, SOL_SOCKET, SO_BROADCAST, [1], 4) = 0
open("/proc/net/dev", O_RDONLY)         = 4
ioctl(3, SIOCGIFCONF, {64, {{"lo", {AF_INET, inet_addr("127.0.0.1")}}, {"wlan0", {AF_INET, inet_addr("192.168.1.105")}}}}) = 0
fstat64(4, {st_mode=S_IFREG|0444, st_size=0, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7766000
read(4, "Inter-|   Receive               "..., 1024) = 573
socket(PF_FILE, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 5
ioctl(5, SIOCGIFINDEX, {ifr_name="lo", ifr_index=1}) = 0
close(5)                                = 0


ioctl(3, SIOCGIFFLAGS, {ifr_name="lo", ifr_flags=IFF_UP|IFF_LOOPBACK|IFF_RUNNING}) = 0
ioctl(3, SIOCGIFMTU, {ifr_name="lo", ifr_mtu=16436}) = 0
ioctl(3, SIOCGIFADDR, {ifr_name="lo", ifr_addr={AF_INET, inet_addr("127.0.0.1")}}) = 0
ioctl(3, SIOCGIFNETMASK, {ifr_name="lo", ifr_netmask={AF_INET, inet_addr("255.0.0.0")}}) = 0
open("/proc/net/if_inet6", O_RDONLY)    = 5
fstat64(5, {st_mode=S_IFREG|0444, st_size=0, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7765000
read(5, "fe80000000000000e2b9a5fffe044300"..., 1024) = 108
read(5, "", 1024)                       = 0
close(5)                                = 0
munmap(0xb7765000, 4096)                = 0


socket(PF_NETLINK, SOCK_RAW, 0)         = 5
bind(5, {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 0
getsockname(5, {sa_family=AF_NETLINK, pid=12696, groups=00000000}, [12]) = 0
time(NULL)                              = 1336170738
sendto(5, "\24\0\0\0\26\0\1\3\362X\244O\0\0\0\0\0\0\0\0", 20, 0, {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 20
recvmsg(5, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000000}, msg_iov(1)=[{"0\0\0\0\24\0\2\0\362X\244O\2301\0\0\2\10\200\376\1\0\0\0\10\0\1\0\177\0\0\1"..., 4096}], msg_controllen=0, msg_flags=0}, 0) = 108
 

#0 sendto () at ../sysdeps/unix/sysv/linux/i386/socket.S:46
#1 0x0051000b in make_request (fd=6, pid=15825, seen_ipv4=0xbfffe78b, seen_ipv6=0xbfffe78a, in6ai=0xbfffe780, in6ailen=0xbfffe77c)at ../sysdeps/unix/sysv/linux/check_pf.c:99
#2 0x005104f4 in __check_pf (seen_ipv4=0xbfffe78b, seen_ipv6=0xbfffe78a, in6ai=0xbfffe780, in6ailen=0xbfffe77c) at ../sysdeps/unix/sysv/linux/check_pf.c:277
#3 0x004c6abb in getaddrinfo (name=0x827d878 "localhost", service=<value optimized out>, hints=0xbfffe7bc, pai=0xbfffe7dc) at ../sysdeps/posix/getaddrinfo.c:2109
#4 0x0807b1a6 in resolve_all (hostname=0x827d878 "localhost", pf=2) at tcpip.cc:449
#5 0x080cb023 in TargetGroup::parse_expr (this=0x84e4d08,  target_expr=0x827d868 "localhost", af=2) at TargetGroup.cc:182
#6 0x080799b9 in nexthost (hs=0x84e4ce8, exclude_group=0xbfffec34, ports=0x826b9e0, pingtype=122) at targets.cc:403
#7 0x08075b8f in nmap_main (argc=7, argv=0xbffff6e4) at nmap.cc:1788
#8 0x0806e9c5 in main (argc=7, argv=0xbffff6e4) at main.cc:198

recvmsg(5, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000000}, msg_iov(1)=[{"@\0\0\0\24\0\2\0\362X\244O\2301\0\0\n\200\200\376\1\0\0\0\24\0\1\0\0\0\0\0"..., 4096}], msg_controllen=0, msg_flags=0}, 0) = 128
recvmsg(5, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000000}, msg_iov(1)=[{"\24\0\0\0\3\0\2\0\362X\244O\2301\0\0\0\0\0\0\1\0\0\0\24\0\1\0\0\0\0\0"..., 4096}], msg_controllen=0, msg_flags=0}, 0) = 20
close(5)                                = 0


socket(PF_NETLINK, SOCK_RAW, 0)         = 5
bind(5, {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 0
getsockname(5, {sa_family=AF_NETLINK, pid=12696, groups=00000000}, [12]) = 0
time(NULL)                              = 1336170738
sendto(5, "\24\0\0\0\26\0\1\3\362X\244O\0\0\0\0\0\0\0\0", 20, 0, {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 20 


#0  sendto () at ../sysdeps/unix/sysv/linux/i386/socket.S:46
#1  0x0051000b in make_request (fd=8, pid=15825, seen_ipv4=0xbfff9f3b, seen_ipv6=0xbfff9f3a, in6ai=0xbfff9f30, in6ailen=0xbfff9f2c) at ../sysdeps/unix/sysv/linux/check_pf.c:99
#2  0x005104f4 in __check_pf (seen_ipv4=0xbfff9f3b, seen_ipv6=0xbfff9f3a, in6ai=0xbfff9f30, in6ailen=0xbfff9f2c) at ../sysdeps/unix/sysv/linux/check_pf.c:277
#3  0x004c6abb in getaddrinfo (name=0xbfff9f9b "127.0.0.1", service=<value optimized out>, hints=0xbfff9f74, pai=0xbfff9f94) at ../sysdeps/posix/getaddrinfo.c:2109
#4  0x0812255d in canonicalize_address (ss=0xbfffa3ec, output=0x84e98c8) at netutil.cc:1239
#5  0x08122838 in collect_dnet_interfaces (entry=0xbfffa4bc, arg=0xbfffe4fc) at netutil.cc:1272
#6  0x081363f8 in intf_loop (intf=0x84ea470, callback=0x81225d0 <collect_dnet_interfaces(intf_entry const*, void*)>, arg=0xbfffe4fc) at intf.c:884
#7  0x0812416d in getinterfaces_dnet (howmany=0xbfffe55c, errstr=0x0, errstrlen=0) at netutil.cc:1342
#8  getinterfaces (howmany=0xbfffe55c, errstr=0x0, errstrlen=0) at netutil.cc:1365
#9  0x0812435e in getInterfaceByName (iname=0xbfffe7fc "lo", af=2) at netutil.cc:1425
#10 0x0812481f in route_dst_netlink (dst=0xbfffeafc, rnfo=0xbfffe93c, device=0x8275750 "", spoofss=0x0) at netutil.cc:3126
#11 0x0807dd68 in nmap_route_dst (dst=0xbfffeafc, rnfo=0xbfffe93c)at tcpip.cc:2025
#12 0x08079873 in nexthost (hs=0x84e4ce8, exclude_group=0xbfffec34, ports=0x826b9e0, pingtype=122) at targets.cc:361
#13 0x08075b8f in nmap_main (argc=7, argv=0xbffff6e4) at nmap.cc:1788
#14 0x0806e9c5 in main (argc=7, argv=0xbffff6e4) at main.cc:198

recvmsg(5, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000000}, msg_iov(1)=[{"0\0\0\0\24\0\2\0\362X\244O\2301\0\0\2\10\200\376\1\0\0\0\10\0\1\0\177\0\0\1"..., 4096}], msg_controllen=0, msg_flags=0}, 0) = 108
recvmsg(5, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000000}, msg_iov(1)=[{"@\0\0\0\24\0\2\0\362X\244O\2301\0\0\n\200\200\376\1\0\0\0\24\0\1\0\0\0\0\0"..., 4096}], msg_controllen=0, msg_flags=0}, 0) = 128
recvmsg(5, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000000}, msg_iov(1)=[{"\24\0\0\0\3\0\2\0\362X\244O\2301\0\0\0\0\0\0\1\0\0\0\24\0\1\0\0\0\0\0"..., 4096}], msg_controllen=0, msg_flags=0}, 0) = 20
close(5)                                = 0


socket(PF_FILE, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 5
ioctl(5, SIOCGIFINDEX, {ifr_name="eth0", ifr_index=2}) = 0
close(5)                                = 0


ioctl(3, SIOCGIFFLAGS, {ifr_name="eth0", ifr_flags=IFF_UP|IFF_BROADCAST|IFF_MULTICAST}) = 0
ioctl(3, SIOCGIFMTU, {ifr_name="eth0", ifr_mtu=1500}) = 0
ioctl(3, SIOCGIFADDR, {ifr_name="eth0", ???}) = -1 EADDRNOTAVAIL (Cannot assign requested address)
ioctl(3, SIOCGIFHWADDR, {ifr_name="eth0", ifr_hwaddr=f4:6d:04:b8:e3:20}) = 0
open("/proc/net/if_inet6", O_RDONLY)    = 5
fstat64(5, {st_mode=S_IFREG|0444, st_size=0, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7765000
read(5, "fe80000000000000e2b9a5fffe044300"..., 1024) = 108
read(5, "", 1024)                       = 0
close(5)                                = 0


munmap(0xb7765000, 4096)                = 0
socket(PF_FILE, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 5
ioctl(5, SIOCGIFINDEX, {ifr_name="wlan0", ifr_index=3}) = 0
close(5)                                = 0


ioctl(3, SIOCGIFFLAGS, {ifr_name="wlan0", ifr_flags=IFF_UP|IFF_BROADCAST|IFF_RUNNING|IFF_MULTICAST}) = 0
ioctl(3, SIOCGIFMTU, {ifr_name="wlan0", ifr_mtu=1500}) = 0
ioctl(3, SIOCGIFADDR, {ifr_name="wlan0", ifr_addr={AF_INET, inet_addr("192.168.1.105")}}) = 0
ioctl(3, SIOCGIFNETMASK, {ifr_name="wlan0", ifr_netmask={AF_INET, inet_addr("255.255.255.0")}}) = 0
ioctl(3, SIOCGIFHWADDR, {ifr_name="wlan0", ifr_hwaddr=e0:b9:a5:04:43:00}) = 0


open("/proc/net/if_inet6", O_RDONLY)    = 5
fstat64(5, {st_mode=S_IFREG|0444, st_size=0, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7765000
read(5, "fe80000000000000e2b9a5fffe044300"..., 1024) = 108
read(5, "", 1024)                       = 0
close(5)                                = 0


munmap(0xb7765000, 4096)                = 0
socket(PF_NETLINK, SOCK_RAW, 0)         = 5
bind(5, {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 0
getsockname(5, {sa_family=AF_NETLINK, pid=12696, groups=00000000}, [12]) = 0
time(NULL)                              = 1336170738
sendto(5, "\24\0\0\0\26\0\1\3\362X\244O\0\0\0\0\0\0\0\0", 20, 0, {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 20
recvmsg(5, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000000}, msg_iov(1)=[{"0\0\0\0\24\0\2\0\362X\244O\2301\0\0\2\10\200\376\1\0\0\0\10\0\1\0\177\0\0\1"..., 4096}], msg_controllen=0, msg_flags=0}, 0) = 108

#0  sendto () at ../sysdeps/unix/sysv/linux/i386/socket.S:46
#1  0x0051000b in make_request (fd=8, pid=15825, seen_ipv4=0xbfff9f3b, seen_ipv6=0xbfff9f3a, in6ai=0xbfff9f30, in6ailen=0xbfff9f2c) at ../sysdeps/unix/sysv/linux/check_pf.c:99
#2  0x005104f4 in __check_pf (seen_ipv4=0xbfff9f3b, seen_ipv6=0xbfff9f3a, in6ai=0xbfff9f30, in6ailen=0xbfff9f2c) at ../sysdeps/unix/sysv/linux/check_pf.c:277
#3  0x004c6abb in getaddrinfo (name=0xbfff9f9b "::1", service=<value optimized out>, hints=0xbfff9f74, pai=0xbfff9f94) at ../sysdeps/posix/getaddrinfo.c:2109
#4  0x0812255d in canonicalize_address (ss=0xbfffa3ec, output=0x84e9984) at netutil.cc:1239
#5  0x081228b8 in collect_dnet_interfaces (entry=0xbfffa4bc, arg=0xbfffe4fc) at netutil.cc:1281
#6  0x081363f8 in intf_loop (intf=0x84ea470, callback=0x81225d0 <collect_dnet_interfaces(intf_entry const*, void*)>, arg=0xbfffe4fc) at intf.c:884
#7  0x0812416d in getinterfaces_dnet (howmany=0xbfffe55c, errstr=0x0, errstrlen=0) at netutil.cc:1342
#8  getinterfaces (howmany=0xbfffe55c, errstr=0x0, errstrlen=0) at netutil.cc:1365
#9  0x0812435e in getInterfaceByName (iname=0xbfffe7fc "lo", af=2) at netutil.cc:1425
#10 0x0812481f in route_dst_netlink (dst=0xbfffeafc, rnfo=0xbfffe93c, device=0x8275750 "", spoofss=0x0) at netutil.cc:3126
#11 0x0807dd68 in nmap_route_dst (dst=0xbfffeafc, rnfo=0xbfffe93c) at tcpip.cc:2025
#12 0x08079873 in nexthost (hs=0x84e4ce8, exclude_group=0xbfffec34, ports=0x826b9e0, pingtype=122) at targets.cc:361
#13 0x08075b8f in nmap_main (argc=7, argv=0xbffff6e4) at nmap.cc:1788
#14 0x0806e9c5 in main (argc=7, argv=0xbffff6e4) at main.cc:198
recvmsg(5, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000000}, msg_iov(1)=[{"@\0\0\0\24\0\2\0\362X\244O\2301\0\0\n\200\200\376\1\0\0\0\24\0\1\0\0\0\0\0"..., 4096}], msg_controllen=0, msg_flags=0}, 0) = 128
recvmsg(5, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000000}, msg_iov(1)=[{"\24\0\0\0\3\0\2\0\362X\244O\2301\0\0\0\0\0\0\1\0\0\0\24\0\1\0\0\0\0\0"..., 4096}], msg_controllen=0, msg_flags=0}, 0) = 20
close(5)                                = 0


socket(PF_NETLINK, SOCK_RAW, 0)         = 5
bind(5, {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 0
getsockname(5, {sa_family=AF_NETLINK, pid=12696, groups=00000000}, [12]) = 0
time(NULL)                              = 1336170738
sendto(5, "\24\0\0\0\26\0\1\3\362X\244O\0\0\0\0\0\0\0\0", 20, 0, {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 20

#0  sendto () at ../sysdeps/unix/sysv/linux/i386/socket.S:46
#1  0x0051000b in make_request (fd=8, pid=15825, seen_ipv4=0xbfff9f3b, seen_ipv6=0xbfff9f3a, in6ai=0xbfff9f30, in6ailen=0xbfff9f2c) at ../sysdeps/unix/sysv/linux/check_pf.c:99
#2  0x005104f4 in __check_pf (seen_ipv4=0xbfff9f3b, seen_ipv6=0xbfff9f3a, in6ai=0xbfff9f30, in6ailen=0xbfff9f2c) at ../sysdeps/unix/sysv/linux/check_pf.c:277
#3  0x004c6abb in getaddrinfo (name=0xbfff9f9b "192.168.1.105", service=<value optimized out>, hints=0xbfff9f74, pai=0xbfff9f94) at ../sysdeps/posix/getaddrinfo.c:2109
#4  0x0812255d in canonicalize_address (ss=0xbfffa3ec, output=0x84e9afc) at netutil.cc:1239
#5  0x08122838 in collect_dnet_interfaces (entry=0xbfffa4bc, arg=0xbfffe4fc) at netutil.cc:1272
#6  0x081363f8 in intf_loop (intf=0x84ea470, callback=0x81225d0 <collect_dnet_interfaces(intf_entry const*, void*)>, arg=0xbfffe4fc) at intf.c:884
#7  0x0812416d in getinterfaces_dnet (howmany=0xbfffe55c, errstr=0x0, errstrlen=0) at netutil.cc:1342
#8  getinterfaces (howmany=0xbfffe55c, errstr=0x0, errstrlen=0) at netutil.cc:1365
#9  0x0812435e in getInterfaceByName (iname=0xbfffe7fc "lo", af=2) at netutil.cc:1425
#10 0x0812481f in route_dst_netlink (dst=0xbfffeafc, rnfo=0xbfffe93c, device=0x8275750 "", spoofss=0x0) at netutil.cc:3126
#11 0x0807dd68 in nmap_route_dst (dst=0xbfffeafc, rnfo=0xbfffe93c) at tcpip.cc:2025
#12 0x08079873 in nexthost (hs=0x84e4ce8, exclude_group=0xbfffec34, ports=0x826b9e0, pingtype=122) at targets.cc:361
#13 0x08075b8f in nmap_main (argc=7, argv=0xbffff6e4) at nmap.cc:1788
#14 0x0806e9c5 in main (argc=7, argv=0xbffff6e4) at main.cc:198

recvmsg(5, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000000}, 
msg_iov(1)=[{"0\0\0\0\24\0\2\0\362X\244O\2301\0\0\2\10\200\376\1\0\0\0\10\0\1\0\177\0\0\1"..., 4096}], msg_controllen=0, msg_flags=0}, 0) = 108
recvmsg(5, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000000}, msg_iov(1)=[{"@\0\0\0\24\0\2\0\362X\244O\2301\0\0\n\200\200\376\1\0\0\0\24\0\1\0\0\0\0\0"..., 4096}], msg_controllen=0, msg_flags=0}, 0) = 128
recvmsg(5, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000000}, msg_iov(1)=[{"\24\0\0\0\3\0\2\0\362X\244O\2301\0\0\0\0\0\0\1\0\0\0\24\0\1\0\0\0\0\0"..., 4096}], msg_controllen=0, msg_flags=0}, 0) = 20
close(5)                                = 0


read(4, "", 1024)                       = 0
close(4)                                = 0


munmap(0xb7766000, 4096)                = 0
close(3)                                = 0


gettimeofday({1336170738, 657497}, NULL) = 0
getuid32()                              = 0
open("/etc/passwd", O_RDONLY|O_CLOEXEC) = 3
_llseek(3, 0, [0], SEEK_CUR)            = 0
fstat64(3, {st_mode=S_IFREG|0644, st_size=1704, ...}) = 0
mmap2(NULL, 1704, PROT_READ, MAP_SHARED, 3, 0) = 0xb7766000
_llseek(3, 1704, [1704], SEEK_SET)      = 0
munmap(0xb7766000, 1704)                = 0
close(3)                                = 0


stat64("/root/.nmap/updates/5.61TEST4/nmap-payloads", 0xbfa1f24c) = -1 ENOENT (No such file or directory)
getuid32()                              = 0
geteuid32()                             = 0
readlink("/proc/self/exe", "/home/username/Nmap/source/main/nmap", 1024) = 61
stat64("/home/username/Nmap/source/main/updates/5.61TEST4/nmap-payloads", 0xbfa1f24c) = -1 ENOENT (No such file or directory)
stat64("/home/username/Nmap/source/main/../share/nmap/updates/5.61TEST4/nmap-payloads", 0xbfa1f24c) = -1 ENOENT (No such file or directory)
stat64("/usr/local/share/nmap/updates/5.61TEST4/nmap-payloads", 0xbfa1f24c) = -1 ENOENT (No such file or directory)
getuid32()                              = 0
open("/etc/passwd", O_RDONLY|O_CLOEXEC) = 3
_llseek(3, 0, [0], SEEK_CUR)            = 0
fstat64(3, {st_mode=S_IFREG|0644, st_size=1704, ...}) = 0
mmap2(NULL, 1704, PROT_READ, MAP_SHARED, 3, 0) = 0xb7766000
_llseek(3, 1704, [1704], SEEK_SET)      = 0
munmap(0xb7766000, 1704)                = 0
close(3)                                = 0


stat64("/root/.nmap/nmap-payloads", 0xbfa1f24c) = -1 ENOENT (No such file or directory)
getuid32()                              = 0
geteuid32()                             = 0
readlink("/proc/self/exe", "/home/username/Nmap/source/main/nmap", 1024) = 61
stat64("/home/username/Nmap/source/main/nmap-payloads", {st_mode=S_IFREG|0644, st_size=9981, ...}) = 0
access("/home/username/Nmap/source/main/nmap-payloads", R_OK) = 0
stat64("./nmap-payloads", {st_mode=S_IFREG|0644, st_size=9981, ...}) = 0
access("./nmap-payloads", R_OK)         = 0
stat64("/home/username/Nmap/source/main/nmap-payloads", {st_mode=S_IFREG|0644, st_size=9981, ...}) = 0


stat64("./nmap-payloads", {st_mode=S_IFREG|0644, st_size=9981, ...}) = 0
open("/home/username/Nmap/source/main/nmap-payloads", O_RDONLY) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=9981, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7766000
read(3, "# Nmap nmap payload database -*-"..., 4096) = 4096
read(3, "164, IPSEC, IDENTITY.\n  \"\\x00\\x0"..., 4096) = 4096
read(3, "erver and will be ignored.\nudp 6"..., 4096) = 1789
read(3, "", 4096)                       = 0
close(3)                                = 0


munmap(0xb7766000, 4096)                = 0


gettimeofday({1336170738, 668598}, NULL) = 0
gettimeofday({1336170738, 668758}, NULL) = 0
gettimeofday({1336170738, 668899}, NULL) = 0
gettimeofday({1336170738, 669055}, NULL) = 0


socket(PF_INET, SOCK_RAW, IPPROTO_RAW)  = 3
setsockopt(3, SOL_SOCKET, SO_BROADCAST, [1], 4) = 0
setsockopt(3, SOL_IP, IP_HDRINCL, [1], 4) = 0


socket(PF_PACKET, SOCK_RAW, 768)        = 4
ioctl(4, SIOCGIFINDEX, {ifr_name="lo", ifr_index=1}) = 0
ioctl(4, SIOCGIFHWADDR, {ifr_name="lo", ifr_hwaddr=00:00:00:00:00:00}) = 0
ioctl(4, SIOCGIFINDEX, {ifr_name="lo", ifr_index=1}) = 0
bind(4, {sa_family=AF_PACKET, proto=0x03, if1, pkttype=PACKET_HOST, addr(0)={0, }, 20) = 0
getsockopt(4, SOL_SOCKET, SO_ERROR, [0], [4]) = 0
setsockopt(4, SOL_PACKET, PACKET_AUXDATA, [1], 4) = 0
setsockopt(4, SOL_SOCKET, SO_ATTACH_FILTER, "\1\0\0\0\f\270&\10", 8) = 0
fcntl64(4, F_GETFL)                     = 0x2 (flags O_RDWR)
fcntl64(4, F_SETFL, O_RDWR|O_NONBLOCK)  = 0
recv(4, 0xbfa20baf, 1, MSG_TRUNC)       = -1 EAGAIN (Resource temporarily unavailable)
fcntl64(4, F_SETFL, O_RDWR)             = 0
setsockopt(4, SOL_SOCKET, SO_ATTACH_FILTER, ":\0\0\0`(\25\t", 8) = 0


gettimeofday({1336170738, 709933}, NULL) = 0
gettimeofday({1336170738, 710120}, NULL) = 0
gettimeofday({1336170738, 710323}, NULL) = 0
gettimeofday({1336170738, 710506}, NULL) = 0
gettimeofday({1336170738, 710693}, NULL) = 0
sendto(3, "E\0\0,\237a\0\0004\6\351h\177\0\0\1\177\0\0\1\211\24\37\220\30W|\31\0\0\0\0"..., 44, 0, {sa_family=AF_INET, sin_port=htons(8080), sin_addr=inet_addr("127.0.0.1")}, 16) = 44


#0  sendto () at ../sysdeps/unix/sysv/linux/i386/socket.S:46
#1  0x08128bde in Sendto (functionname=0x816c8d1 "send_ip_packet_sd", sd=6,  packet=0x84eac70 "E", len=44, flags=0, to=0xbfffe71c, tolen=16) at netutil.cc:3382
#2  0x08128e87 in send_ip_packet_sd (sd=6, dst=0x84e95a4, packet=0x84eac70 "E", packetlen=44) at netutil.cc:3477
#3  0x0807b2e3 in send_ipv4_packet (sd=6, eth=0x0, dst=0x84e95a4, packet=0x84eac70 "E", packetlen=44) at tcpip.cc:473
#4  send_ip_packet (sd=6, eth=0x0, dst=0x84e95a4, packet=0x84eac70 "E", packetlen=44) at tcpip.cc:504
#5  0x080b1f3b in sendIPScanProbe (USI=0x84ea4a8, hss=0x84eb018, pspec=0xbfffea24, tryno=0 '\000', pingseq=0 '\000') at scan_engine.cc:3335
#6  0x080be1cc in sendNextScanProbe (Targets=..., ports=0x826b9e0, scantype=SYN_SCAN, to=0x0) at scan_engine.cc:3551
#7  doAnyNewProbes (Targets=..., ports=0x826b9e0, scantype=SYN_SCAN, to=0x0) at scan_engine.cc:3588
#8  ultra_scan (Targets=..., ports=0x826b9e0, scantype=SYN_SCAN, to=0x0) at scan_engine.cc:5641
#9  0x08076874 in nmap_main (argc=7, argv=0xbffff6e4) at nmap.cc:1889
#10 0x0806e9c5 in main (argc=7, argv=0xbffff6e4) at main.cc:198






gettimeofday({1336170738, 711404}, NULL) = 0
 

write(1, "SENT (0.4265s) TCP 127.0.0.1:350"..., 114) = 114
  • #9 log_vwrite (logt=1024, fmt=0x8143938 "%s (%.4fs) %s\n", ap=0xbfffe708 "h8\024\b") at output.cc:930
  • #10 0x080a555b in log_write (logt=1025, fmt=0x8143938 "%s (%.4fs) %s\n") at output.cc:983
  • #11 0x0807addc in PacketTrace::trace (pdir=1, packet=0x84eac70 "E", len=44, now=0x0) at tcpip.cc:342
  • #12 0x0807b23e in send_ipv6_packet (sd=6, eth=0x0, dst=0x84e95a4, packet=0x84eac70 "E", packetlen=44) at tcpip.cc:488
  • #13 send_ip_packet (sd=6, eth=0x0, dst=0x84e95a4, packet=0x84eac70 "E", packetlen=44) at tcpip.cc:507
  • #14 0x080b1f3b in sendIPScanProbe (USI=0x84ea4a8, hss=0x84eb018, pspec=0xbfffea24, tryno=0 '\000', pingseq=0 '\000') at scan_engine.cc:3335
  • #15 0x080be1cc in sendNextScanProbe (Targets=..., ports=0x826b9e0, scantype=SYN_SCAN, to=0x0) at scan_engine.cc:3551
  • #16 doAnyNewProbes (Targets=..., ports=0x826b9e0, scantype=SYN_SCAN, to=0x0) at scan_engine.cc:3588
  • #17 ultra_scan (Targets=..., ports=0x826b9e0, scantype=SYN_SCAN, to=0x0) at scan_engine.cc:5641
  • #18 0x08076874 in nmap_main (argc=7, argv=0xbffff6e4) at nmap.cc:1889
  • #19 0x0806e9c5 in main (argc=7, argv=0xbffff6e4) at main.cc:198

  • #9  log_vwrite (logt=1024, fmt=0x8143938 "%s (%.4fs) %s\n", ap=0xbfffe708 "h8\024\b") at output.cc:930
  • #10 0x080a555b in log_write (logt=1025, fmt=0x8143938 "%s (%.4fs) %s\n") at output.cc:983
  • #11 0x0807addc in PacketTrace::trace (pdir=1, packet=0x84eb5c8 "E", len=44, now=0x0) at tcpip.cc:342
  • #12 0x0807b23e in send_ipv6_packet (sd=6, eth=0x0, dst=0x84e95a4, packet=0x84eb5c8 "E", packetlen=44) at tcpip.cc:488
  • #13 send_ip_packet (sd=6, eth=0x0, dst=0x84e95a4, packet=0x84eb5c8 "E", packetlen=44) at tcpip.cc:507
  • #14 0x080b1f3b in sendIPScanProbe (USI=0x84ea4a8, hss=0x84eb018,  pspec=0x84ea5f8, tryno=1 '\001', pingseq=0 '\000') at scan_engine.cc:3335
  • #15 0x080be3e9 in retransmitProbe (Targets=..., ports=0x826b9e0, scantype=SYN_SCAN, to=0x0) at scan_engine.cc:3716
  • #16 doAnyOutstandingRetransmits (Targets=..., ports=0x826b9e0, scantype=SYN_SCAN, to=0x0) at scan_engine.cc:3799
  • #17 ultra_scan (Targets=..., ports=0x826b9e0, scantype=SYN_SCAN, to=0x0) at scan_engine.cc:5637
  • #18 0x08076874 in nmap_main (argc=7, argv=0xbffff6e4) at nmap.cc:1889
  • #19 0x0806e9c5 in main (argc=7, argv=0xbffff6e4) at main.cc:198
gettimeofday({1336170738, 711967}, NULL) = 0
gettimeofday({1336170738, 712154}, NULL) = 0
gettimeofday({1336170738, 712334}, NULL) = 0
gettimeofday({1336170738, 712529}, NULL) = 0
gettimeofday({1336170738, 712720}, NULL) = 0
select(5, [4], NULL, NULL, {0, 998164}) = 1 (in [4], left {0, 998152})
recvmsg(4, {msg_name(18)={sa_family=AF_PACKET, proto=0x800, if1, pkttype=PACKET_OUTGOING, addr(6)={772, 000000000000}, msg_iov(1)=[{"\0\0\0\0\0\0\0\0\0\0\0\0\10\0E\0\0,\237a\0\0004\6\351h\177\0\0\1\177\0"..., 256}], msg_controllen=32, {cmsg_len=32, cmsg_level=SOL_PACKET, cmsg_type=, ...}, msg_flags=0}, MSG_TRUNC) = 58
gettimeofday({1336170738, 715625}, NULL) = 0


select(5, [4], NULL, NULL, {0, 998164}) = 1 (in [4], left {0, 998149})





recvmsg(4, {msg_name(18)={sa_family=AF_PACKET, proto=0x800, if1, pkttype=PACKET_HOST, addr(6)={772, 000000000000}, msg_iov(1)=[{"\0\0\0\0\0\0\0\0\0\0\0\0\10\0E\0\0,\237a\0\0004\6\351h\177\0\0\1\177\0"..., 256}], msg_controllen=32, {cmsg_len=32, cmsg_level=SOL_PACKET, cmsg_type=, ...}, msg_flags=0}, MSG_TRUNC) = 58
ioctl(4, SIOCGSTAMP, 0xbfa212a0)        = 0


write(1, "RCVD (0.4318s) TCP 127.0.0.1:350"..., 114) = 114


  • #10 0x080a555b in log_write (logt=1025, fmt=0x8143938 "%s (%.4fs) %s\n") at output.cc:983
  • #11 0x0807addc in PacketTrace::trace (pdir=2, packet=0x84eac70 "E", len=44, now=0xbfffe534) at tcpip.cc:342
  • #12 0x0807cf7e in readip_pcap (pd=0x84eb200, len=0xbfffe548, to_usec=2000, rcvdtime=0xbfffe534, linknfo=0xbfffe8dc, validate=true) at tcpip.cc:1729
  • #13 0x080b8928 in get_pcap_result (USI=0x84ea4a8, stime=0xbfffea04) at scan_engine.cc:4283
  • #14 0x080be05f in waitForResponses (Targets=..., ports=0x826b9e0, scantype=SYN_SCAN, to=0x0) at scan_engine.cc:5336
  • #15 ultra_scan (Targets=..., ports=0x826b9e0, scantype=SYN_SCAN, to=0x0) at scan_engine.cc:5645
  • #16 0x08076874 in nmap_main (argc=7, argv=0xbffff6e4) at nmap.cc:1889
  • #17 0x0806e9c5 in main (argc=7, argv=0xbffff6e4) at main.cc:198 

  • #9  log_vwrite (logt=1024, fmt=0x8143938 "%s (%.4fs) %s\n", ap=0xbfffe418 "m8\024\b") at output.cc:930
  • #10 0x080a555b in log_write (logt=1025, fmt=0x8143938 "%s (%.4fs) %s\n" at output.cc:983
  • #11 0x0807addc in PacketTrace::trace (pdir=2, packet=0x84eac70 "E", len=40, now=0xbfffe534) at tcpip.cc:342
  • #12 0x0807cf7e in readip_pcap (pd=0x84eb200, len=0xbfffe548, to_usec=2000, rcvdtime=0xbfffe534, linknfo=0xbfffe8dc, validate=true) at tcpip.cc:1729
  • #13 0x080b8928 in get_pcap_result (USI=0x84ea4a8, stime=0xbfffea04) at scan_engine.cc:4283
  • #14 0x080be05f in waitForResponses (Targets=..., ports=0x826b9e0, scantype=SYN_SCAN, to=0x0) at scan_engine.cc:5336
  • #15 ultra_scan (Targets=..., ports=0x826b9e0, scantype=SYN_SCAN, to=0x0) at scan_engine.cc:5645
  • #16 0x08076874 in nmap_main (argc=7, argv=0xbffff6e4) at nmap.cc:1889
  • #17 0x0806e9c5 in main (argc=7, argv=0xbffff6e4) at main.cc:198

gettimeofday({1336170738, 717269}, NULL) = 0
gettimeofday({1336170738, 717850}, NULL) = 0


select(5, [4], NULL, NULL, {0, 993424}) = 1 (in [4], left {0, 993411})


#0 select () at ../sysdeps/unix/syscall-template.S:82
#1 0x081237c4 in pcap_select (p=0x84eb200, timeout=0xbfffe438) at netutil.cc:921
#2 0x0812386c in pcap_select (p=0x84eb200, usecs=999717) at netutil.cc:939
#3 0x0807ce07 in readip_pcap (pd=0x84eb200, len=0xbfffe548, to_usec=999717, rcvdtime=0xbfffe534, linknfo=0xbfffe8dc, validate=true) at tcpip.cc:1657
#4 0x080b8928 in get_pcap_result (USI=0x84ea4a8, stime=0xbfffea04) at scan_engine.cc:4283
#5 0x080be05f in waitForResponses (Targets=..., ports=0x826b9e0, scantype=SYN_SCAN, to=0x0) at scan_engine.cc:5336
#6 ultra_scan (Targets=..., ports=0x826b9e0, scantype=SYN_SCAN, to=0x0) at scan_engine.cc:5645
#7 0x08076874 in nmap_main (argc=7, argv=0xbffff6e4) at nmap.cc:1889
#8 0x0806e9c5 in main (argc=7, argv=0xbffff6e4) at main.cc:198



recvmsg(4, {msg_name(18)={sa_family=AF_PACKET, proto=0x800, if1, pkttype=PACKET_OUTGOING, addr(6)={772, 000000000000}, msg_iov(1)=[{"\0\0\0\0\0\0\0\0\0\0\0\0\10\0E\0\0(\0\0@\0@\6<\316\177\0\0\1\177\0"..., 256}], msg_controllen=32, {cmsg_len=32, cmsg_level=SOL_PACKET, cmsg_type=, ...}, msg_flags=0}, MSG_TRUNC) = 54

#0 recvmsg () at ../sysdeps/unix/sysv/linux/i386/socket.S:46
#1 0x0811b729 in pcap_read_packet (handle=0x84eb200, max_packets=1, callback=0x8106a60 <pcap_oneshot>,
user=0xbfffe430 "x\344\377\277<\344\377\277") at ./pcap-linux.c:1502
#2 pcap_read_linux (handle=0x84eb200, max_packets=1, callback=0x8106a60 <pcap_oneshot>, user=0xbfffe430 "x\344\377\277<\344\377\277") at ./pcap-linux.c:1407
#3 0x08106f17 in pcap_dispatch (p=0x84eb200, cnt=1, callback=0x8106a60 <pcap_oneshot>, user=0xbfffe430 "x\344\377\277<\344\377\277") at ./pcap.c:497
#4 0x08106f65 in pcap_next (p=0x84eb200, h=0xbfffe478) at ./pcap.c:180
#5 0x0807d107 in readip_pcap (pd=0x84eb200, len=0xbfffe548, to_usec=999717, rcvdtime=0xbfffe534, linknfo=0xbfffe8dc, validate=true) at tcpip.cc:1660
#6 0x080b8928 in get_pcap_result (USI=0x84ea4a8, stime=0xbfffea04) at scan_engine.cc:4283
#7 0x080be05f in waitForResponses (Targets=..., ports=0x826b9e0, scantype=SYN_SCAN, to=0x0) at scan_engine.cc:5336
#8 ultra_scan (Targets=..., ports=0x826b9e0, scantype=SYN_SCAN, to=0x0) at scan_engine.cc:5645
#9 0x08076874 in nmap_main (argc=7, argv=0xbffff6e4) at nmap.cc:1889
#10 0x0806e9c5 in main (argc=7, argv=0xbffff6e4) at main.cc:198


gettimeofday({1336170738, 718693}, NULL) = 0


select(5, [4], NULL, NULL, {0, 993424}) = 1 (in [4], left {0, 993414})
recvmsg(4, {msg_name(18)={sa_family=AF_PACKET, proto=0x800, if1, pkttype=PACKET_HOST, addr(6)={772, 000000000000}, msg_iov(1)=[{"\0\0\0\0\0\0\0\0\0\0\0\0\10\0E\0\0(\0\0@\0@\6<\316\177\0\0\1\177\0"..., 256}], msg_controllen=32, {cmsg_len=32, cmsg_level=SOL_PACKET, cmsg_type=, ...}, msg_flags=0}, MSG_TRUNC) = 54
ioctl(4, SIOCGSTAMP, 0xbfa212a0)        = 0


write(1, "RCVD (0.4347s) TCP 127.0.0.1:808"..., 90) = 90



  • #9 log_vwrite (logt=1024, fmt=0x8143938 "%s (%.4fs) %s\n", ap=0xbfffe418 "m8\024\b") at output.cc:930
  • #10 0x080a555b in log_write (logt=1025, fmt=0x8143938 "%s (%.4fs) %s\n") at output.cc:983
  • #11 0x0807addc in PacketTrace::trace (pdir=2, packet=0x84eac70 "E", len=44, now=0xbfffe534) at tcpip.cc:342
  • #12 0x0807cf7e in readip_pcap (pd=0x84eb200, len=0xbfffe548, to_usec=2000, rcvdtime=0xbfffe534, linknfo=0xbfffe8dc, validate=true) at tcpip.cc:1729
  • #13 0x080b8928 in get_pcap_result (USI=0x84ea4a8, stime=0xbfffea04) at scan_engine.cc:4283
  • #14 0x080be05f in waitForResponses (Targets=..., ports=0x826b9e0, scantype=SYN_SCAN, to=0x0) at scan_engine.cc:5336
  • #15 ultra_scan (Targets=..., ports=0x826b9e0, scantype=SYN_SCAN, to=0x0) at scan_engine.cc:5645
  • #16 0x08076874 in nmap_main (argc=7, argv=0xbffff6e4) at nmap.cc:1889
  • #17 0x0806e9c5 in main (argc=7, argv=0xbffff6e4) at main.cc:198

  • #10 0x080a555b in log_write (logt=1025, fmt=0x8143938 "%s (%.4fs) %s\n")  at output.cc:983
  • #11 0x0807addc in PacketTrace::trace (pdir=2, packet=0x84eac70 "E", len=40, now=0xbfffe534) at tcpip.cc:342
  • #12 0x0807cf7e in readip_pcap (pd=0x84eb200, len=0xbfffe548, to_usec=2000, rcvdtime=0xbfffe534, linknfo=0xbfffe8dc, validate=true) at tcpip.cc:1729
  • #13 0x080b8928 in get_pcap_result (USI=0x84ea4a8, stime=0xbfffea04) at scan_engine.cc:4283
  • #14 0x080be05f in waitForResponses (Targets=..., ports=0x826b9e0, scantype=SYN_SCAN, to=0x0) at scan_engine.cc:5336
  • #15 ultra_scan (Targets=..., ports=0x826b9e0, scantype=SYN_SCAN, to=0x0) at scan_engine.cc:5645
  • #16 0x08076874 in nmap_main (argc=7, argv=0xbffff6e4) at nmap.cc:1889
  • #17 0x0806e9c5 in main (argc=7, argv=0xbffff6e4) at main.cc:198

  •  #8  log_vwrite (logt=2048, fmt=0x814ce08 "RTTVAR has grown to over 2.3 seconds, decreasing to 2.0", ap=0xbfffe394 "127.\\") at output.cc:935
  • #9  0x0807e306 in error (fmt=0x814ce08 "RTTVAR has grown to over 2.3 seconds, decreasing to 2.0") at nmap_error.cc:164
  • #10 0x080c1742 in adjust_timeouts2 (sent=0x84eb630, received=0xbfffe534, to=0x84e94dc) at timing.cc:175
  • #11 0x080b094b in ultrascan_adjust_timeouts (probe=0x84eb628, rcvdtime=0xbfffe534, USI=<value optimized out>, hss=<value optimized out>)  at scan_engine.cc:2174
  • #12 0x080b73dc in ultrascan_port_probe_update (USI=0x84ea4a8, hss=0x84eb018, probeI=..., newstate=1, rcvdtime=0xbfffe534, adjust_timing_hint=true) at scan_engine.cc:2818
  • #13 0x080b8d46 in get_pcap_result (USI=0x84ea4a8, stime=0xbfffea01) at scan_engine.cc:4787
  • #14 0x080be05f in waitForResponses (Targets=..., ports=0x826b9e0, scantype=SYN_SCAN, to=0x0) at scan_engine.cc:5336
  • #15 ultra_scan (Targets=..., ports=0x826b9e0, scantype=SYN_SCAN, to=0x0) at scan_engine.cc:5645
  • #16 0x08076874 in nmap_main (argc=7, argv=0xbffff6e4) at nmap.cc:1889
  • #17 0x0806e9c5 in main (argc=7, argv=0xbffff6e4) at main.cc:198


gettimeofday({1336170738, 720190}, NULL) = 0
gettimeofday({1336170738, 720427}, NULL) = 0
gettimeofday({1336170738, 720605}, NULL) = 0
gettimeofday({1336170738, 720783}, NULL) = 0
ioctl(3, TIOCGPGRP, [3922393])          = -1 EINVAL (Invalid argument)
close(3)                                = 0
close(4)                                = 0
 

write(1, "Nmap scan report for localhost ("..., 43) = 43

  • #8 log_vwrite (logt=2048, fmt=0x814ce08 "RTTVAR has grown to over 2.3 seconds, decreasing to 2.0",
  • ap=0xbfffe394 "127.\\") at output.cc:935
  • #9 0x0807e306 in error (fmt=0x814ce08 "RTTVAR has grown to over 2.3 seconds, decreasing to 2.0") at nmap_error.cc:164
  • #10 0x080c1742 in adjust_timeouts2 (sent=0x84eb630, received=0xbfffe534, to=0x84e94dc) at timing.cc:175
  • #11 0x080b094b in ultrascan_adjust_timeouts (probe=0x84eb628, rcvdtime=0xbfffe534, USI=<value optimized out>, hss=<value optimized out>) at scan_engine.cc:2174
  • #12 0x080b73dc in ultrascan_port_probe_update (USI=0x84ea4a8, hss=0x84eb018, probeI=..., newstate=1, rcvdtime=0xbfffe534, adjust_timing_hint=true) at scan_engine.cc:2818
  • #13 0x080b8d46 in get_pcap_result (USI=0x84ea4a8, stime=0xbfffea01) at scan_engine.cc:4787
  • #14 0x080be05f in waitForResponses (Targets=..., ports=0x826b9e0, scantype=SYN_SCAN, to=0x0) at scan_engine.cc:5336
  • #15 ultra_scan (Targets=..., ports=0x826b9e0, scantype=SYN_SCAN, to=0x0) at scan_engine.cc:5645
  • #16 0x08076874 in nmap_main (argc=7, argv=0xbffff6e4) at nmap.cc:1889
  • #17 0x0806e9c5 in main (argc=7, argv=0xbffff6e4) at main.cc:198

write(1, "Host is up, received localhost-r"..., 59) = 59
write(1, "PORT     STATE  SERVICE    REASO"..., 67) = 67

#9 log_vwrite (logt=1024, fmt=0x8146e6e "\n", ap=0xbfffeba8 "\026\275\246O") at output.cc:930
#10 0x080a555b in log_write (logt=1031, fmt=0x8146e6e "\n") at output.cc:983
#11 0x080761ac in nmap_main (argc=7, argv=0xbffff6e4) at nmap.cc:2008
#12 0x0806e9c5 in main (argc=7, argv=0xbffff6e4) at main.cc:198

write(1, "\n", 1)                       = 1
gettimeofday({1336170738, 757261}, NULL) = 0
time(NULL)                              = 1336170738
write(1, "Nmap done: 1 IP address (1 host "..., 60) = 60


  • #9 log_vwrite (logt=1024, fmt=0x814a138 "Nmap done: %d %s (%d %s up) scanned in %.2f seconds\n", ap=0xbfffea48 "\001") at output.cc:930
  • #10 0x080a555b in log_write (logt=1028, fmt=0x814a138 "Nmap done: %d %s (%d %s up) scanned in %.2f seconds\n")at output.cc:983
  • #11 0x080a94c4 in printfinaloutput () at output.cc:2466
  • #12 0x08076497 in nmap_main (argc=7, argv=0xbffff6e4) at nmap.cc:2052
  • #13 0x0806e9c5 in main (argc=7, argv=0xbffff6e4) at main.cc:198




stat64("/etc/localtime", {st_mode=S_IFREG|0644, st_size=3519, ...}) = 0
stat64("/etc/localtime", {st_mode=S_IFREG|0644, st_size=3519, ...}) = 0
exit_group(0)                           = ?