Friday, May 4, 2012

Analyzing nmap using strace and gdb.

Trying to explain my process here with a concrete example.

The other analysis I am doing is following the code through in program execution order.  So I am looking at the code forwards and backwards.    I always like to analyze programs this way because often it points to inefficiencies that could be done in better ways.  I feel comfortable with looking at how a program runs by how it interacts with the system.  Plus I was really interesting in the actual how things happen where the rubber meets the road.  I was wondering if we used

For instance, the packet trace option when running nmap shows me a packet that is being received:

RCVD (0.4640s) TCP 127.0.0.1:8080 > 127.0.0.1:39122 RA ttl=64 id=0 iplen=40  seq=0 win=0

Looking at strace the line that matches up to the output is this:

recvmsg(4, {msg_name(18)={sa_family=AF_PACKET, proto=0x800, if1, pkttype=PACKET_HOST, addr(6)={772, 000000000000}, msg_iov(1)=[{"\0\0\0\0\0\0\0\0\0\0\0\0\10\0E\0\0(\0\0@\0@\6<\316\177\0\0\1\177\0"..., 256}], msg_controllen=32, {cmsg_len=32, cmsg_level=SOL_PACKET, cmsg_type=, ...}, msg_flags=0}, MSG_TRUNC) = 54

And putting a breakpoint in recvmsg() in gdb shows me this:

#0 recvmsg () at ../sysdeps/unix/sysv/linux/i386/socket.S:46
#1 0x0811b729 in pcap_read_packet (handle=0x84eb200, max_packets=1, callback=0x8106a60 <pcap_oneshot>,
user=0xbfffe430 "x\344\377\277<\344\377\277") at ./pcap-linux.c:1502
#2 pcap_read_linux (handle=0x84eb200, max_packets=1, callback=0x8106a60 <pcap_oneshot>, user=0xbfffe430 "x\344\377\277<\344\377\277") at ./pcap-linux.c:1407
#3 0x08106f17 in pcap_dispatch (p=0x84eb200, cnt=1, callback=0x8106a60 <pcap_oneshot>, user=0xbfffe430 "x\344\377\277<\344\377\277") at ./pcap.c:497
#4 0x08106f65 in pcap_next (p=0x84eb200, h=0xbfffe478) at ./pcap.c:180
#5 0x0807d107 in readip_pcap (pd=0x84eb200, len=0xbfffe548, to_usec=999717, rcvdtime=0xbfffe534, linknfo=0xbfffe8dc, validate=true) at tcpip.cc:1660
#6 0x080b8928 in get_pcap_result (USI=0x84ea4a8, stime=0xbfffea04) at scan_engine.cc:4283
#7 0x080be05f in waitForResponses (Targets=..., ports=0x826b9e0, scantype=SYN_SCAN, to=0x0) at scan_engine.cc:5336
#8 ultra_scan (Targets=..., ports=0x826b9e0, scantype=SYN_SCAN, to=0x0) at scan_engine.cc:5645
#9 0x08076874 in nmap_main (argc=7, argv=0xbffff6e4) at nmap.cc:1889
#10 0x0806e9c5 in main (argc=7, argv=0xbffff6e4) at main.cc:198

Which tells me that the pcap library is being used, that it is called from waitForResponses on line 5336 in the ultra_scan function on line 5645.  Even better, because ultra_scan is called a dozen times in nmap_main, I know that ulra_scan() is being called here because 

1888       if (o.synscan)
1889         ultra_scan(Targets, &ports, SYN_SCAN);

Then I look at the code and follow this trail upward and it is very clear why it works this way. 

Now that I am all set up it is only going to take a few minutes to figure out where and give context as to why the program is loading each config file and opening all these ports on startup.



- -

I've added stack traces in main locations to see how the program is structured at these key places using gdb.  Here is a gdb tutorial to see how you load a program and run it.

sudo bash
<enter password to increase permissions>
gdb ./nmap
break <enter name of function to break on>
run -n -p 8080 localhost --reason --packet-trace

At each break point I typed

bt
 to get a backtrace  and 
<enter> when requested to complete the backtrace.
Then type the following to get to the next breakpoint.

cont

This is the command I gave to see what system functions were called.

sudo strace -o ../output00001.txt ./nmap -n -p 8080 localhost --reason --packet-trace


Starting Nmap 5.61TEST5 ( http://nmap.org ) at 2012-05-04 18:51 EDT
SENT (0.4583s) TCP 127.0.0.1:39122 > 127.0.0.1:8080 S ttl=54 id=18866 iplen=44  seq=1825058727 win=1024 <mss 1460>
RCVD (0.4616s) TCP 127.0.0.1:39122 > 127.0.0.1:8080 S ttl=54 id=18866 iplen=44  seq=1825058727 win=1024 <mss 1460>
RCVD (0.4640s) TCP 127.0.0.1:8080 > 127.0.0.1:39122 RA ttl=64 id=0 iplen=40  seq=0 win=0
Nmap scan report for localhost (127.0.0.1)
Host is up, received localhost-response (0.0064s latency).
PORT     STATE  SERVICE    REASON
8080/tcp closed http-proxy reset

Nmap done: 1 IP address (1 host up) scanned in 0.50 seconds

Wireshark capture.  The first two are to a closed port, the last 3 are to an open port.





These are all the system calls used by nmap.

The output file has been shortened a bit and the above lines highlighted in the output below:

[Startup removed]

write(1, "Starting Nmap 5.61TEST5 ( http:/"..., 68) = 68


#9  0x080a5275 in vfprintf (logt=1024,
    fmt=0x813e179 "\nStarting %s %s ( %s ) at %s\n",
    ap=0xbfffe928 "y\330\023\bo\330\023\b_\330\023\b\374\352\377\277\350\377\377\377\377\377\377\377\001") at /usr/include/bits/stdio2.h:128
#10 log_vwrite (logt=1024, fmt=0x813e179 "\nStarting %s %s ( %s ) at %s\n",
---Type <return> to continue, or q <return> to quit---
    ap=0xbfffe928 "y\330\023\bo\330\023\b_\330\023\b\374\352\377\277\350\377\377\377\377\377\377\377\001") at output.cc:930
#11 0x080a555b in log_write (logt=1028,
    fmt=0x813e179 "\nStarting %s %s ( %s ) at %s\n") at output.cc:983
#12 0x080747dc in apply_delayed_options () at nmap.cc:1361
#13 0x080750e6 in nmap_main (argc=7, argv=0xbffff6e4) at nmap.cc:1563
#14 0x0806e9c5 in main (argc=7, argv=0xbffff6e4) at main.cc:198

 
getuid32()                              = 0
socket(PF_FILE, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0) = 3
connect(3, {sa_family=AF_FILE, path="/var/run/nscd/socket"}, 110) = -1 ENOENT (No such file or directory)
close(3)                                = 0


#0 connect () at ../sysdeps/unix/sysv/linux/i386/socket.S:46
#1 0x00521c38 in open_socket (type=GETFDPW, key=0x555c06 "passwd", keylen=7)
at nscd_helper.c:207
#2 0x00522171 in get_mapping (type=GETFDPW, key=0x555c06 "passwd",
mappedp=0x57d3c0) at nscd_helper.c:293
#3 0x00522619 in __nscd_get_map_ref (type=GETFDPW, name=0x555c06 "passwd",
mapptr=0x57d3bc, gc_cyclep=0xbfffbc74) at nscd_helper.c:452
#4 0x0051f784 in nscd_getpw_r (key=0xbfffbca6 "0", keylen=2, type=GETPWBYUID,
resultbuf=0x57bc64, buffer=0x827bec8 "", buflen=1024, result=0xbfffbd08)
at nscd_getpw_r.c:97
#5 0x0051fbb2 in __nscd_getpwuid_r (uid=0, resultbuf=0x57bc64,
buffer=0x827bec8 "", buflen=1024, result=0xbfffbd08) at nscd_getpw_r.c:65
#6 0x004b55d9 in __getpwuid_r (uid=0, resbuf=0x57bc64, buffer=0x827bec8 "",
buflen=1024, result=0xbfffbd08) at ../nss/getXXbyYY_r.c:194
#7 0x004b4e2f in getpwuid (uid=0) at ../nss/getXXbyYY.c:117
#8 0x0806ea90 in nmap_fetchfile_userdir_uid (buf=0xbfffe58c "", buflen=512,
file=0xbfffc0ac "updates/5.61TEST4/nmap-services", uid=0) at nmap.cc:2896
#9 0x0806eb7f in nmap_fetchfile_userdir (filename_returned=0xbfffe58c "",
bufferlen=512, file=0xbfffc0ac "updates/5.61TEST4/nmap-services")
at nmap.cc:2910
#10 nmap_fetchfile_sub (filename_returned=0xbfffe58c "", bufferlen=512,
file=0xbfffc0ac "updates/5.61TEST4/nmap-services") at nmap.cc:2946
#11 0x08070bd5 in nmap_fetchfile (filename_returned=0xbfffe58c "",
bufferlen=512, file=0x813dc41 "nmap-services") at nmap.cc:2868
#12 0x080c1d84 in nmap_services_init () at services.cc:166
#13 0x080c2bad in gettoppts (level=-1, portlist=0x827b7e8 "8080",
ports=0x826b9e0) at services.cc:409
---Type <return> to continue, or q <return> to quit---
#14 0x08074c0a in apply_delayed_options () at nmap.cc:1399
#15 0x080750e6 in nmap_main (argc=7, argv=0xbffff6e4) at nmap.cc:1563
#16 0x0806e9c5 in main (argc=7, argv=0xbffff6e4) at main.cc:198

socket(PF_FILE, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0) = 3
connect(3, {sa_family=AF_FILE, path="/var/run/nscd/socket"}, 110) = -1 ENOENT (No such file or directory)
close(3)                                = 0


#0 connect () at ../sysdeps/unix/sysv/linux/i386/socket.S:46
#1 0x00521c38 in open_socket (type=GETPWBYUID, key=0xbfffbca6 "0", keylen=2)
at nscd_helper.c:207
#2 0x005227e9 in __nscd_open_socket (key=0xbfffbca6 "0", keylen=2,
type=GETPWBYUID, response=0xbfffbc50, responselen=36) at nscd_helper.c:579
#3 0x0051f7e7 in nscd_getpw_r (key=0xbfffbca6 "0", keylen=2, type=GETPWBYUID,
resultbuf=0x57bc64, buffer=0x827bec8 "", buflen=1024, result=0xbfffbd08)
at nscd_getpw_r.c:127
#4 0x0051fbb2 in __nscd_getpwuid_r (uid=0, resultbuf=0x57bc64,
buffer=0x827bec8 "", buflen=1024, result=0xbfffbd08) at nscd_getpw_r.c:65
#5 0x004b55d9 in __getpwuid_r (uid=0, resbuf=0x57bc64, buffer=0x827bec8 "",
buflen=1024, result=0xbfffbd08) at ../nss/getXXbyYY_r.c:194
#6 0x004b4e2f in getpwuid (uid=0) at ../nss/getXXbyYY.c:117
#7 0x0806ea90 in nmap_fetchfile_userdir_uid (buf=0xbfffe58c "", buflen=512,
file=0xbfffc0ac "updates/5.61TEST4/nmap-services", uid=0) at nmap.cc:2896
#8 0x0806eb7f in nmap_fetchfile_userdir (filename_returned=0xbfffe58c "",
bufferlen=512, file=0xbfffc0ac "updates/5.61TEST4/nmap-services")
at nmap.cc:2910
#9 nmap_fetchfile_sub (filename_returned=0xbfffe58c "", bufferlen=512,
file=0xbfffc0ac "updates/5.61TEST4/nmap-services") at nmap.cc:2946
#10 0x08070bd5 in nmap_fetchfile (filename_returned=0xbfffe58c "",
bufferlen=512, file=0x813dc41 "nmap-services") at nmap.cc:2868
#11 0x080c1d84 in nmap_services_init () at services.cc:166
#12 0x080c2bad in gettoppts (level=-1, portlist=0x827b7e8 "8080",
ports=0x826b9e0) at services.cc:409
#13 0x08074c0a in apply_delayed_options () at nmap.cc:1399
#14 0x080750e6 in nmap_main (argc=7, argv=0xbffff6e4) at nmap.cc:1563
---Type <return> to continue, or q <return> to quit---
#15 0x0806e9c5 in main (argc=7, argv=0xbffff6e4) at main.cc:198



open("/etc/nsswitch.conf", O_RDONLY)    = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=513, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7804000
read(3, "# /etc/nsswitch.conf\n#\n# Example"..., 4096) = 513
read(3, "", 4096)                       = 0
close(3)                                = 0



munmap(0xb7804000, 4096)                = 0
open("/etc/ld.so.cache", O_RDONLY)      = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=94111, ...}) = 0
mmap2(NULL, 94111, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb77d3000
close(3)                                = 0

access("/etc/ld.so.nohwcap", F_OK)      = -1 ENOENT (No such file or directory)
open("/lib/i386-linux-gnu/libnss_compat.so.2", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0000\16\0\0004\0\0\0"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0644, st_size=26400, ...}) = 0
mmap2(NULL, 29268, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb59000
mmap2(0xb5f000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x5) = 0xb5f000
close(3)                                = 0

access("/etc/ld.so.nohwcap", F_OK)      = -1 ENOENT (No such file or directory)
open("/lib/i386-linux-gnu/libnsl.so.1", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\00001\0\0004\0\0\0"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0644, st_size=79672, ...}) = 0
mmap2(NULL, 92104, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xf6b000
mmap2(0xf7e000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x12) = 0xf7e000
mmap2(0xf80000, 6088, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0xf80000
close(3)                                = 0

mprotect(0xf7e000, 4096, PROT_READ)     = 0
mprotect(0xb5f000, 4096, PROT_READ)     = 0
munmap(0xb77d3000, 94111)               = 0
open("/etc/ld.so.cache", O_RDONLY)      = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=94111, ...}) = 0
mmap2(NULL, 94111, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb77d3000
close(3)                                = 0
access("/etc/ld.so.nohwcap", F_OK)      = -1 ENOENT (No such file or directory)
open("/lib/i386-linux-gnu/libnss_nis.so.2", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0000\31\0\0004\0\0\0"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0644, st_size=38500, ...}) = 0
mmap2(NULL, 41532, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x125000
mmap2(0x12e000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x8) = 0x12e000
close(3)                                = 0

access("/etc/ld.so.nohwcap", F_OK)      = -1 ENOENT (No such file or directory)
open("/lib/i386-linux-gnu/libnss_files.so.2", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\220\32\0\0004\0\0\0"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0644, st_size=42580, ...}) = 0
mmap2(NULL, 45780, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x8ec000
mmap2(0x8f6000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x9) = 0x8f6000
close(3)                                = 0

mprotect(0x8f6000, 4096, PROT_READ)     = 0
mprotect(0x12e000, 4096, PROT_READ)     = 0
munmap(0xb77d3000, 94111)               = 0
open("/etc/passwd", O_RDONLY|O_CLOEXEC) = 3

#0 open () at ../sysdeps/unix/syscall-template.S:82
#1 0x0048502f in _IO_file_open (fp=0x827d728,
filename=0x598ad8 "/etc/passwd", posix_mode=524288, prot=438,
read_write=8, is32not64=1) at fileops.c:232
#2 0x004851f8 in _IO_new_file_fopen (fp=0x827d728,
filename=0x598ad8 "/etc/passwd", mode=<value optimized out>, is32not64=1)
at fileops.c:336
#3 0x004795a4 in __fopen_internal (filename=0x598ad8 "/etc/passwd",
mode=0x598a88 "rme", is32=1) at iofopen.c:93
#4 0x0047960c in _IO_new_fopen (filename=0x598ad8 "/etc/passwd",
mode=0x598a88 "rme") at iofopen.c:107
#5 0x00595060 in internal_setpwent (ent=0xbfffbc40, stayopen=0, needent=0)
at nss_compat/compat-pwd.c:239
#6 0x0059699d in _nss_compat_getpwuid_r (uid=0, pwd=0x57bc64,
buffer=0x827bec8 "", buflen=1024, errnop=0xb7fe3688)
at nss_compat/compat-pwd.c:1109
#7 0x004b551b in __getpwuid_r (uid=0, resbuf=0x57bc64, buffer=0x827bec8 "",
buflen=1024, result=0xbfffbd08) at ../nss/getXXbyYY_r.c:256
#8 0x004b4e2f in getpwuid (uid=0) at ../nss/getXXbyYY.c:117
#9 0x0806ea90 in nmap_fetchfile_userdir_uid (buf=0xbfffe58c "", buflen=512,
file=0xbfffc0ac "updates/5.61TEST4/nmap-services", uid=0) at nmap.cc:2896
#10 0x0806eb7f in nmap_fetchfile_userdir (filename_returned=0xbfffe58c "",
bufferlen=512, file=0xbfffc0ac "updates/5.61TEST4/nmap-services")
at nmap.cc:2910
#11 nmap_fetchfile_sub (filename_returned=0xbfffe58c "", bufferlen=512,
file=0xbfffc0ac "updates/5.61TEST4/nmap-services") at nmap.cc:2946
#12 0x08070bd5 in nmap_fetchfile (filename_returned=0xbfffe58c "",
---Type <return> to continue, or q <return> to quit---
bufferlen=512, file=0x813dc41 "nmap-services") at nmap.cc:2868
#13 0x080c1d84 in nmap_services_init () at services.cc:166
#14 0x080c2bad in gettoppts (level=-1, portlist=0x827b7e8 "8080",
ports=0x826b9e0) at services.cc:409
#15 0x08074c0a in apply_delayed_options () at nmap.cc:1399
#16 0x080750e6 in nmap_main (argc=7, argv=0xbffff6e4) at nmap.cc:1563
#17 0x0806e9c5 in main (argc=7, argv=0xbffff6e4) at main.cc:198 



fcntl64(3, F_GETFD)                     = 0x1 (flags FD_CLOEXEC)
_llseek(3, 0, [0], SEEK_CUR)            = 0
fstat64(3, {st_mode=S_IFREG|0644, st_size=1704, ...}) = 0
mmap2(NULL, 1704, PROT_READ, MAP_SHARED, 3, 0) = 0xb7804000
_llseek(3, 1704, [1704], SEEK_SET)      = 0
munmap(0xb7804000, 1704)                = 0
close(3)                                = 0

stat64("/root/.nmap/updates/5.61TEST4/nmap-services", 0xbfa1eb7c) = -1 ENOENT (No such file or directory)
getuid32()                              = 0
geteuid32()                             = 0
readlink("/proc/self/exe", "/home/username/Nmap/source/main/nmap", 1024) = 61
stat64("/home/username/Nmap/source/main/updates/5.61TEST4/nmap-services", 0xbfa1eb7c) = -1 ENOENT (No such file or directory)
stat64("/home/username/Nmap/source/main/../share/nmap/updates/5.61TEST4/nmap-services", 0xbfa1eb7c) = -1 ENOENT (No such file or directory)
stat64("/usr/local/share/nmap/updates/5.61TEST4/nmap-services", 0xbfa1eb7c) = -1 ENOENT (No such file or directory)
getuid32()                              = 0
open("/etc/passwd", O_RDONLY|O_CLOEXEC) = 3

#0 open () at ../sysdeps/unix/syscall-template.S:82
#1 0x0048502f in _IO_file_open (fp=0x827d7e0,
filename=0x598ad8 "/etc/passwd", posix_mode=524288, prot=438,
read_write=8, is32not64=1) at fileops.c:232
#2 0x004851f8 in _IO_new_file_fopen (fp=0x827d7e0,
filename=0x598ad8 "/etc/passwd", mode=<value optimized out>, is32not64=1)
at fileops.c:336
#3 0x004795a4 in __fopen_internal (filename=0x598ad8 "/etc/passwd",
mode=0x598a88 "rme", is32=1) at iofopen.c:93
#4 0x0047960c in _IO_new_fopen (filename=0x598ad8 "/etc/passwd",
mode=0x598a88 "rme") at iofopen.c:107
#5 0x00595060 in internal_setpwent (ent=0xbfffbc40, stayopen=0, needent=0)
at nss_compat/compat-pwd.c:239
#6 0x0059699d in _nss_compat_getpwuid_r (uid=0, pwd=0x57bc64,
buffer=0x827bec8 "root", buflen=1024, errnop=0xb7fe3688)
at nss_compat/compat-pwd.c:1109
#7 0x004b551b in __getpwuid_r (uid=0, resbuf=0x57bc64,
buffer=0x827bec8 "root", buflen=1024, result=0xbfffbd08)
at ../nss/getXXbyYY_r.c:256
#8 0x004b4e2f in getpwuid (uid=0) at ../nss/getXXbyYY.c:117
#9 0x0806ea90 in nmap_fetchfile_userdir_uid (
buf=0xbfffe58c "/usr/local/share/nmap/updates/5.61TEST4/nmap-services",
buflen=512, file=0x813dc41 "nmap-services", uid=0) at nmap.cc:2896
#10 0x0806eb7f in nmap_fetchfile_userdir (
filename_returned=0xbfffe58c "/usr/local/share/nmap/updates/5.61TEST4/nmap-services", bufferlen=512, file=0x813dc41 "nmap-services") at nmap.cc:2910
#11 nmap_fetchfile_sub (
---Type <return> to continue, or q <return> to quit---
filename_returned=0xbfffe58c "/usr/local/share/nmap/updates/5.61TEST4/nmap-services", bufferlen=512, file=0x813dc41 "nmap-services") at nmap.cc:2946
#12 0x08070be4 in nmap_fetchfile (
filename_returned=0xbfffe58c "/usr/local/share/nmap/updates/5.61TEST4/nmap-services", bufferlen=512, file=0x813dc41 "nmap-services") at nmap.cc:2871
#13 0x080c1d84 in nmap_services_init () at services.cc:166
#14 0x080c2bad in gettoppts (level=-1, portlist=0x827b7e8 "8080",
ports=0x826b9e0) at services.cc:409
#15 0x08074c0a in apply_delayed_options () at nmap.cc:1399
#16 0x080750e6 in nmap_main (argc=7, argv=0xbffff6e4) at nmap.cc:1563
#17 0x0806e9c5 in main (argc=7, argv=0xbffff6e4) at main.cc:198 





_llseek(3, 0, [0], SEEK_CUR)            = 0
fstat64(3, {st_mode=S_IFREG|0644, st_size=1704, ...}) = 0
mmap2(NULL, 1704, PROT_READ, MAP_SHARED, 3, 0) = 0xb7804000
_llseek(3, 1704, [1704], SEEK_SET)      = 0
munmap(0xb7804000, 1704)                = 0
close(3)                                = 0

stat64("/root/.nmap/nmap-services", 0xbfa1eb7c) = -1 ENOENT (No such file or directory)
getuid32()                              = 0
geteuid32()                             = 0
readlink("/proc/self/exe", "/home/username/Nmap/source/main/nmap", 1024) = 61
stat64("/home/username/Nmap/source/main/nmap-services", {st_mode=S_IFREG|0644, st_size=621834, ...}) = 0
access("/home/username/Nmap/source/main/nmap-services", R_OK) = 0
stat64("./nmap-services", {st_mode=S_IFREG|0644, st_size=621834, ...}) = 0
access("./nmap-services", R_OK)         = 0
stat64("/home/username/Nmap/source/main/nmap-services", {st_mode=S_IFREG|0644, st_size=621834, ...}) = 0
stat64("./nmap-services", {st_mode=S_IFREG|0644, st_size=621834, ...}) = 0
open("/home/username/Nmap/source/main/nmap-services", O_RDONLY) = 3

#0 open () at ../sysdeps/unix/syscall-template.S:82
#1 0x0048502f in _IO_file_open (fp=0x827d7d0,
filename=0xbfffe58c "/home/username/Nmap/source/main/nmap-services", posix_mode=0, prot=438, read_write=8, is32not64=1)
at fileops.c:232
#2 0x004851f8 in _IO_new_file_fopen (fp=0x827d7d0,
filename=0xbfffe58c "/home/username/Nmap/source/main/nmap-services", mode=<value optimized out>, is32not64=1) at fileops.c:336
#3 0x004795a4 in __fopen_internal (
filename=0xbfffe58c "/home/username/Nmap/source/main/nmap-services", mode=0x81511ef "r", is32=1) at iofopen.c:93
#4 0x0047960c in _IO_new_fopen (
filename=0xbfffe58c "/home/username/Nmap/source/main/nmap-services", mode=0x81511ef "r") at iofopen.c:107
#5 0x080c1dbd in nmap_services_init () at services.cc:190
#6 0x080c2bad in gettoppts (level=-1, portlist=0x827b7e8 "8080",
ports=0x826b9e0) at services.cc:409
#7 0x08074c0a in apply_delayed_options () at nmap.cc:1399
#8 0x080750e6 in nmap_main (argc=7, argv=0xbffff6e4) at nmap.cc:1563
#9 0x0806e9c5 in main (argc=7, argv=0xbffff6e4) at main.cc:198 





fstat64(3, {st_mode=S_IFREG|0644, st_size=621834, ...}) = 0

[snip]

close(3)                                = 0

munmap(0xb7804000, 4096)                = 0
time(NULL)                              = 1336170738
stat64("/etc/localtime", {st_mode=S_IFREG|0644, st_size=3519, ...}) = 0
getuid32()                              = 0
open("/etc/passwd", O_RDONLY|O_CLOEXEC) = 3
_llseek(3, 0, [0], SEEK_CUR)            = 0
fstat64(3, {st_mode=S_IFREG|0644, st_size=1704, ...}) = 0
mmap2(NULL, 1704, PROT_READ, MAP_SHARED, 3, 0) = 0xb7804000
_llseek(3, 1704, [1704], SEEK_SET)      = 0
munmap(0xb7804000, 1704)                = 0
close(3)                                = 0

stat64("/root/.nmap/updates/5.61TEST4/nmap.xsl", 0xbfa1e61c) = -1 ENOENT (No such file or directory)
getuid32()                              = 0
geteuid32()                             = 0
readlink("/proc/self/exe", "/home/username/Nmap/source/main/nmap", 1024) = 61
stat64("/home/username/Nmap/source/main/updates/5.61TEST4/nmap.xsl", 0xbfa1e61c) = -1 ENOENT (No such file or directory)
stat64("/home/username/Nmap/source/main/../share/nmap/updates/5.61TEST4/nmap.xsl", 0xbfa1e61c) = -1 ENOENT (No such file or directory)
stat64("/usr/local/share/nmap/updates/5.61TEST4/nmap.xsl", 0xbfa1e61c) = -1 ENOENT (No such file or directory)
getuid32()                              = 0
open("/etc/passwd", O_RDONLY|O_CLOEXEC) = 3

#0 open () at ../sysdeps/unix/syscall-template.S:82
#1 0x0048502f in _IO_file_open (fp=0x84e0b40,
filename=0x598ad8 "/etc/passwd", posix_mode=524288, prot=438,
read_write=8, is32not64=1) at fileops.c:232
#2 0x004851f8 in _IO_new_file_fopen (fp=0x84e0b40,
filename=0x598ad8 "/etc/passwd", mode=<value optimized out>, is32not64=1)
at fileops.c:336
#3 0x004795a4 in __fopen_internal (filename=0x598ad8 "/etc/passwd",
mode=0x598a88 "rme", is32=1) at iofopen.c:93
#4 0x0047960c in _IO_new_fopen (filename=0x598ad8 "/etc/passwd",
mode=0x598a88 "rme") at iofopen.c:107
#5 0x00595060 in internal_setpwent (ent=0xbfffb6e0, stayopen=0, needent=0)
at nss_compat/compat-pwd.c:239
#6 0x0059699d in _nss_compat_getpwuid_r (uid=0, pwd=0x57bc64,
buffer=0x827bec8 "root", buflen=1024, errnop=0xb7fe3688)
at nss_compat/compat-pwd.c:1109
#7 0x004b551b in __getpwuid_r (uid=0, resbuf=0x57bc64,
buffer=0x827bec8 "root", buflen=1024, result=0xbfffb7a8)
at ../nss/getXXbyYY_r.c:256
#8 0x004b4e2f in getpwuid (uid=0) at ../nss/getXXbyYY.c:117
#9 0x0806ea90 in nmap_fetchfile_userdir_uid (buf=0xbfffdb8c "", buflen=4096,
file=0xbfffbb4c "updates/5.61TEST4/nmap.xsl", uid=0) at nmap.cc:2896
#10 0x0806eb7f in nmap_fetchfile_userdir (filename_returned=0xbfffdb8c "",
bufferlen=4096, file=0xbfffbb4c "updates/5.61TEST4/nmap.xsl")
at nmap.cc:2910
#11 nmap_fetchfile_sub (filename_returned=0xbfffdb8c "", bufferlen=4096,
file=0xbfffbb4c "updates/5.61TEST4/nmap.xsl") at nmap.cc:2946
---Type <return> to continue, or q <return> to quit---
#12 0x08070bd5 in nmap_fetchfile (filename_returned=0xbfffdb8c "",
bufferlen=4096, file=0x814e08f "nmap.xsl") at nmap.cc:2868
#13 0x080c9c66 in NmapOps::XSLStyleSheet (this=0x8275720) at NmapOps.cc:617
#14 0x08075222 in nmap_main (argc=7, argv=0xbffff6e4) at nmap.cc:1602
#15 0x0806e9c5 in main (argc=7, argv=0xbffff6e4) at main.cc:198 







_llseek(3, 0, [0], SEEK_CUR)            = 0
fstat64(3, {st_mode=S_IFREG|0644, st_size=1704, ...}) = 0
mmap2(NULL, 1704, PROT_READ, MAP_SHARED, 3, 0) = 0xb7804000
_llseek(3, 1704, [1704], SEEK_SET)      = 0
munmap(0xb7804000, 1704)                = 0
close(3)                                = 0

stat64("/root/.nmap/nmap.xsl", 0xbfa1e61c) = -1 ENOENT (No such file or directory)
getuid32()                              = 0
geteuid32()                             = 0
readlink("/proc/self/exe", "/home/username/Nmap/source/main/nmap", 1024) = 61
stat64("/home/username/Nmap/source/main/nmap.xsl", 0xbfa1e61c) = -1 ENOENT (No such file or directory)
stat64("/home/username/Nmap/source/main/../share/nmap/nmap.xsl", 0xbfa1e61c) = -1 ENOENT (No such file or directory)
stat64("/usr/local/share/nmap/nmap.xsl", 0xbfa1e61c) = -1 ENOENT (No such file or directory)
rt_sigaction(SIGPIPE, {SIG_IGN, [PIPE], SA_RESTART}, {SIG_DFL, [], 0}, 8) = 0
mmap2(NULL, 135168, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7767000
socket(PF_NETLINK, SOCK_RAW, 0)         = 3
bind(3, {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 0
getsockname(3, {sa_family=AF_NETLINK, pid=12696, groups=00000000}, [12]) = 0
time(NULL)                              = 1336170738
sendto(3, "\24\0\0\0\26\0\1\3\362X\244O\0\0\0\0\0\0\0\0", 20, 0, {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 20

recvmsg(3, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000000}, msg_iov(1)=[{"0\0\0\0\24\0\2\0\362X\244O\2301\0\0\2\10\200\376\1\0\0\0\10\0\1\0\177\0\0\1"..., 4096}], msg_controllen=0, msg_flags=0}, 0) = 108
recvmsg(3, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000000}, msg_iov(1)=[{"@\0\0\0\24\0\2\0\362X\244O\2301\0\0\n\200\200\376\1\0\0\0\24\0\1\0\0\0\0\0"..., 4096}], msg_controllen=0, msg_flags=0}, 0) = 128
recvmsg(3, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000000}, msg_iov(1)=[{"\24\0\0\0\3\0\2\0\362X\244O\2301\0\0\0\0\0\0\1\0\0\0\24\0\1\0\0\0\0\0"..., 4096}], msg_controllen=0, msg_flags=0}, 0) = 20
close(3)                                = 0

open("/etc/resolv.conf", O_RDONLY)      = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=76, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7766000
read(3, "# Generated by NetworkManager\nna"..., 4096) = 76
read(3, "", 4096)                       = 0
close(3)                                = 0

munmap(0xb7766000, 4096)                = 0
uname({sys="Linux", node="username-1015PX", ...}) = 0
socket(PF_FILE, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0) = 3
connect(3, {sa_family=AF_FILE, path="/var/run/nscd/socket"}, 110) = -1 ENOENT (No such file or directory)
close(3)                                = 0

#0 connect () at ../sysdeps/unix/sysv/linux/i386/socket.S:46
#1 0x00521c38 in open_socket (type=GETFDHST, key=0x5560c7 "hosts", keylen=6)
at nscd_helper.c:207
#2 0x00522171 in get_mapping (type=GETFDHST, key=0x5560c7 "hosts",
mappedp=0x57d9f4) at nscd_helper.c:293
#3 0x00522619 in __nscd_get_map_ref (type=GETFDHST, name=0x5560c7 "hosts",
mapptr=0x57d9f0, gc_cyclep=0xbfffe2ac) at nscd_helper.c:452
#4 0x00520284 in nscd_gethst_r (key=0x827d878 "localhost", keylen=10,
type=GETHOSTBYNAME, resultbuf=0xbfffe624, buffer=0xbfffe360 "\002",
buflen=512, result=0xbfffe640, h_errnop=0xbfffe63c) at nscd_gethst_r.c:126
#5 0x00520acf in __nscd_gethostbyname2_r (name=0x827d878 "localhost", af=2,
resultbuf=0xbfffe624, buffer=0xbfffe360 "\002", buflen=512,
result=0xbfffe640, h_errnop=0xbfffe63c) at nscd_gethst_r.c:62
#6 0x00505984 in __gethostbyname2_r (name=0x827d878 "localhost", af=2,
resbuf=0xbfffe624, buffer=0xbfffe360 "\002", buflen=512,
result=0xbfffe640, h_errnop=0xbfffe63c) at ../nss/getXXbyYY_r.c:194
#7 0x004c6359 in gaih_inet (name=0x827d878 "localhost",
service=<value optimized out>, req=0xbfffe7bc, pai=0xbfffe784,
naddrs=0xbfffe774) at ../sysdeps/posix/getaddrinfo.c:531
#8 0x004c6b2b in getaddrinfo (name=0x827d878 "localhost",
service=<value optimized out>, hints=0xbfffe7bc, pai=0xbfffe7dc)
at ../sysdeps/posix/getaddrinfo.c:2161
#9 0x0807b1a6 in resolve_all (hostname=0x827d878 "localhost", pf=2)
at tcpip.cc:449
#10 0x080cb023 in TargetGroup::parse_expr (this=0x84e4d08,
target_expr=0x827d868 "localhost", af=2) at TargetGroup.cc:182
#11 0x080799b9 in nexthost (hs=0x84e4ce8, exclude_group=0xbfffec34,
ports=0x826b9e0, pingtype=122) at targets.cc:403
#12 0x08075b8f in nmap_main (argc=7, argv=0xbffff6e4) at nmap.cc:1788
#13 0x0806e9c5 in main (argc=7, argv=0xbffff6e4) at main.cc:198 

socket(PF_FILE, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0) = 3
connect(3, {sa_family=AF_FILE, path="/var/run/nscd/socket"}, 110) = -1 ENOENT (No such file or directory)
close(3)                                = 0

#0 connect () at ../sysdeps/unix/sysv/linux/i386/socket.S:46
#1 0x00521c38 in open_socket (type=GETHOSTBYNAME, key=0x827d878 "localhost",
keylen=10) at nscd_helper.c:207
#2 0x005227e9 in __nscd_open_socket (key=0x827d878 "localhost", keylen=10,
type=GETHOSTBYNAME, response=0xbfffe28c, responselen=32)
at nscd_helper.c:579
#3 0x005203c4 in nscd_gethst_r (key=0x827d878 "localhost", keylen=10,
type=GETHOSTBYNAME, resultbuf=0xbfffe624, buffer=0xbfffe360 "\002",
buflen=512, result=0xbfffe640, h_errnop=0xbfffe63c) at nscd_gethst_r.c:189
#4 0x00520acf in __nscd_gethostbyname2_r (name=0x827d878 "localhost", af=2,
resultbuf=0xbfffe624, buffer=0xbfffe360 "\002", buflen=512,
result=0xbfffe640, h_errnop=0xbfffe63c) at nscd_gethst_r.c:62
#5 0x00505984 in __gethostbyname2_r (name=0x827d878 "localhost", af=2,
resbuf=0xbfffe624, buffer=0xbfffe360 "\002", buflen=512,
result=0xbfffe640, h_errnop=0xbfffe63c) at ../nss/getXXbyYY_r.c:194
#6 0x004c6359 in gaih_inet (name=0x827d878 "localhost",
service=<value optimized out>, req=0xbfffe7bc, pai=0xbfffe784,
naddrs=0xbfffe774) at ../sysdeps/posix/getaddrinfo.c:531
#7 0x004c6b2b in getaddrinfo (name=0x827d878 "localhost",
service=<value optimized out>, hints=0xbfffe7bc, pai=0xbfffe7dc)
at ../sysdeps/posix/getaddrinfo.c:2161
#8 0x0807b1a6 in resolve_all (hostname=0x827d878 "localhost", pf=2)
at tcpip.cc:449
#9 0x080cb023 in TargetGroup::parse_expr (this=0x84e4d08,
target_expr=0x827d868 "localhost", af=2) at TargetGroup.cc:182
#10 0x080799b9 in nexthost (hs=0x84e4ce8, exclude_group=0xbfffec34,
ports=0x826b9e0, pingtype=122) at targets.cc:403
---Type <return> to continue, or q <return> to quit---
#11 0x08075b8f in nmap_main (argc=7, argv=0xbffff6e4) at nmap.cc:1788
#12 0x0806e9c5 in main (argc=7, argv=0xbffff6e4) at main.cc:198

open("/etc/host.conf", O_RDONLY)        = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=92, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7766000
read(3, "# The \"order\" line is only used "..., 4096) = 92
read(3, "", 4096)                       = 0
close(3)                                = 0



munmap(0xb7766000, 4096)                = 0
open("/etc/hosts", O_RDONLY|O_CLOEXEC)  = 3
fcntl64(3, F_GETFD)                     = 0x1 (flags FD_CLOEXEC)
fstat64(3, {st_mode=S_IFREG|0644, st_size=229, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7766000
read(3, "127.0.0.1\tlocalhost\n127.0.1.1\tjr"..., 4096) = 229
read(3, "", 4096)                       = 0
close(3)                                = 0

munmap(0xb7766000, 4096)                = 0
socket(PF_NETLINK, SOCK_RAW, 0)         = 3
bind(3, {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 0
sendmsg(3, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000000}, msg_iov(1)=[{"$\0\0\0\32\0\1\0\0\0\0\0\0\0\0\0\2 \0\0\0\0\0\0\0\0\0\0\10\0\1\0"..., 36}], msg_controllen=0, msg_flags=0}, 0) = 36
recvmsg(3, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000000}, msg_iov(1)=[{"`\0\0\0\30\0\0\0\0\0\0\0\2301\0\0\2 \0\0\376\0\0\2\0\2\0\200\10\0\17\0"..., 512}], msg_controllen=0, msg_flags=0}, 0) = 96
close(3)                                = 0
access("/proc/net", R_OK)               = 0
access("/proc/net/unix", R_OK)          = 0
socket(PF_FILE, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 3
ioctl(3, SIOCGIFNAME, {ifr_index=1, ifr_name="lo"}) = 0
close(3)                                = 0

socket(PF_INET, SOCK_DGRAM, IPPROTO_IP) = 3
setsockopt(3, SOL_SOCKET, SO_BROADCAST, [1], 4) = 0
open("/proc/net/dev", O_RDONLY)         = 4
ioctl(3, SIOCGIFCONF, {64, {{"lo", {AF_INET, inet_addr("127.0.0.1")}}, {"wlan0", {AF_INET, inet_addr("192.168.1.105")}}}}) = 0
fstat64(4, {st_mode=S_IFREG|0444, st_size=0, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7766000
read(4, "Inter-|   Receive               "..., 1024) = 573
socket(PF_FILE, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 5
ioctl(5, SIOCGIFINDEX, {ifr_name="lo", ifr_index=1}) = 0
close(5)                                = 0

ioctl(3, SIOCGIFFLAGS, {ifr_name="lo", ifr_flags=IFF_UP|IFF_LOOPBACK|IFF_RUNNING}) = 0
ioctl(3, SIOCGIFMTU, {ifr_name="lo", ifr_mtu=16436}) = 0
ioctl(3, SIOCGIFADDR, {ifr_name="lo", ifr_addr={AF_INET, inet_addr("127.0.0.1")}}) = 0
ioctl(3, SIOCGIFNETMASK, {ifr_name="lo", ifr_netmask={AF_INET, inet_addr("255.0.0.0")}}) = 0
open("/proc/net/if_inet6", O_RDONLY)    = 5
fstat64(5, {st_mode=S_IFREG|0444, st_size=0, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7765000
read(5, "fe80000000000000e2b9a5fffe044300"..., 1024) = 108
read(5, "", 1024)                       = 0
close(5)                                = 0
munmap(0xb7765000, 4096)                = 0

socket(PF_NETLINK, SOCK_RAW, 0)         = 5
bind(5, {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 0
getsockname(5, {sa_family=AF_NETLINK, pid=12696, groups=00000000}, [12]) = 0
time(NULL)                              = 1336170738
sendto(5, "\24\0\0\0\26\0\1\3\362X\244O\0\0\0\0\0\0\0\0", 20, 0, {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 20
recvmsg(5, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000000}, msg_iov(1)=[{"0\0\0\0\24\0\2\0\362X\244O\2301\0\0\2\10\200\376\1\0\0\0\10\0\1\0\177\0\0\1"..., 4096}], msg_controllen=0, msg_flags=0}, 0) = 108
 
#0 sendto () at ../sysdeps/unix/sysv/linux/i386/socket.S:46
#1 0x0051000b in make_request (fd=6, pid=15825, seen_ipv4=0xbfffe78b, seen_ipv6=0xbfffe78a, in6ai=0xbfffe780, in6ailen=0xbfffe77c)at ../sysdeps/unix/sysv/linux/check_pf.c:99
#2 0x005104f4 in __check_pf (seen_ipv4=0xbfffe78b, seen_ipv6=0xbfffe78a, in6ai=0xbfffe780, in6ailen=0xbfffe77c) at ../sysdeps/unix/sysv/linux/check_pf.c:277
#3 0x004c6abb in getaddrinfo (name=0x827d878 "localhost", service=<value optimized out>, hints=0xbfffe7bc, pai=0xbfffe7dc) at ../sysdeps/posix/getaddrinfo.c:2109
#4 0x0807b1a6 in resolve_all (hostname=0x827d878 "localhost", pf=2) at tcpip.cc:449
#5 0x080cb023 in TargetGroup::parse_expr (this=0x84e4d08,  target_expr=0x827d868 "localhost", af=2) at TargetGroup.cc:182
#6 0x080799b9 in nexthost (hs=0x84e4ce8, exclude_group=0xbfffec34, ports=0x826b9e0, pingtype=122) at targets.cc:403
#7 0x08075b8f in nmap_main (argc=7, argv=0xbffff6e4) at nmap.cc:1788
#8 0x0806e9c5 in main (argc=7, argv=0xbffff6e4) at main.cc:198

recvmsg(5, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000000}, msg_iov(1)=[{"@\0\0\0\24\0\2\0\362X\244O\2301\0\0\n\200\200\376\1\0\0\0\24\0\1\0\0\0\0\0"..., 4096}], msg_controllen=0, msg_flags=0}, 0) = 128
recvmsg(5, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000000}, msg_iov(1)=[{"\24\0\0\0\3\0\2\0\362X\244O\2301\0\0\0\0\0\0\1\0\0\0\24\0\1\0\0\0\0\0"..., 4096}], msg_controllen=0, msg_flags=0}, 0) = 20
close(5)                                = 0

socket(PF_NETLINK, SOCK_RAW, 0)         = 5
bind(5, {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 0
getsockname(5, {sa_family=AF_NETLINK, pid=12696, groups=00000000}, [12]) = 0
time(NULL)                              = 1336170738
sendto(5, "\24\0\0\0\26\0\1\3\362X\244O\0\0\0\0\0\0\0\0", 20, 0, {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 20 

#0  sendto () at ../sysdeps/unix/sysv/linux/i386/socket.S:46
#1  0x0051000b in make_request (fd=8, pid=15825, seen_ipv4=0xbfff9f3b, seen_ipv6=0xbfff9f3a, in6ai=0xbfff9f30, in6ailen=0xbfff9f2c) at ../sysdeps/unix/sysv/linux/check_pf.c:99
#2  0x005104f4 in __check_pf (seen_ipv4=0xbfff9f3b, seen_ipv6=0xbfff9f3a, in6ai=0xbfff9f30, in6ailen=0xbfff9f2c) at ../sysdeps/unix/sysv/linux/check_pf.c:277
#3  0x004c6abb in getaddrinfo (name=0xbfff9f9b "127.0.0.1", service=<value optimized out>, hints=0xbfff9f74, pai=0xbfff9f94) at ../sysdeps/posix/getaddrinfo.c:2109
#4  0x0812255d in canonicalize_address (ss=0xbfffa3ec, output=0x84e98c8) at netutil.cc:1239
#5  0x08122838 in collect_dnet_interfaces (entry=0xbfffa4bc, arg=0xbfffe4fc) at netutil.cc:1272
#6  0x081363f8 in intf_loop (intf=0x84ea470, callback=0x81225d0 <collect_dnet_interfaces(intf_entry const*, void*)>, arg=0xbfffe4fc) at intf.c:884
#7  0x0812416d in getinterfaces_dnet (howmany=0xbfffe55c, errstr=0x0, errstrlen=0) at netutil.cc:1342
#8  getinterfaces (howmany=0xbfffe55c, errstr=0x0, errstrlen=0) at netutil.cc:1365
#9  0x0812435e in getInterfaceByName (iname=0xbfffe7fc "lo", af=2) at netutil.cc:1425
#10 0x0812481f in route_dst_netlink (dst=0xbfffeafc, rnfo=0xbfffe93c, device=0x8275750 "", spoofss=0x0) at netutil.cc:3126
#11 0x0807dd68 in nmap_route_dst (dst=0xbfffeafc, rnfo=0xbfffe93c)at tcpip.cc:2025
#12 0x08079873 in nexthost (hs=0x84e4ce8, exclude_group=0xbfffec34, ports=0x826b9e0, pingtype=122) at targets.cc:361
#13 0x08075b8f in nmap_main (argc=7, argv=0xbffff6e4) at nmap.cc:1788
#14 0x0806e9c5 in main (argc=7, argv=0xbffff6e4) at main.cc:198

recvmsg(5, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000000}, msg_iov(1)=[{"0\0\0\0\24\0\2\0\362X\244O\2301\0\0\2\10\200\376\1\0\0\0\10\0\1\0\177\0\0\1"..., 4096}], msg_controllen=0, msg_flags=0}, 0) = 108
recvmsg(5, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000000}, msg_iov(1)=[{"@\0\0\0\24\0\2\0\362X\244O\2301\0\0\n\200\200\376\1\0\0\0\24\0\1\0\0\0\0\0"..., 4096}], msg_controllen=0, msg_flags=0}, 0) = 128
recvmsg(5, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000000}, msg_iov(1)=[{"\24\0\0\0\3\0\2\0\362X\244O\2301\0\0\0\0\0\0\1\0\0\0\24\0\1\0\0\0\0\0"..., 4096}], msg_controllen=0, msg_flags=0}, 0) = 20
close(5)                                = 0

socket(PF_FILE, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 5
ioctl(5, SIOCGIFINDEX, {ifr_name="eth0", ifr_index=2}) = 0
close(5)                                = 0

ioctl(3, SIOCGIFFLAGS, {ifr_name="eth0", ifr_flags=IFF_UP|IFF_BROADCAST|IFF_MULTICAST}) = 0
ioctl(3, SIOCGIFMTU, {ifr_name="eth0", ifr_mtu=1500}) = 0
ioctl(3, SIOCGIFADDR, {ifr_name="eth0", ???}) = -1 EADDRNOTAVAIL (Cannot assign requested address)
ioctl(3, SIOCGIFHWADDR, {ifr_name="eth0", ifr_hwaddr=f4:6d:04:b8:e3:20}) = 0
open("/proc/net/if_inet6", O_RDONLY)    = 5
fstat64(5, {st_mode=S_IFREG|0444, st_size=0, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7765000
read(5, "fe80000000000000e2b9a5fffe044300"..., 1024) = 108
read(5, "", 1024)                       = 0
close(5)                                = 0

munmap(0xb7765000, 4096)                = 0
socket(PF_FILE, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 5
ioctl(5, SIOCGIFINDEX, {ifr_name="wlan0", ifr_index=3}) = 0
close(5)                                = 0

ioctl(3, SIOCGIFFLAGS, {ifr_name="wlan0", ifr_flags=IFF_UP|IFF_BROADCAST|IFF_RUNNING|IFF_MULTICAST}) = 0
ioctl(3, SIOCGIFMTU, {ifr_name="wlan0", ifr_mtu=1500}) = 0
ioctl(3, SIOCGIFADDR, {ifr_name="wlan0", ifr_addr={AF_INET, inet_addr("192.168.1.105")}}) = 0
ioctl(3, SIOCGIFNETMASK, {ifr_name="wlan0", ifr_netmask={AF_INET, inet_addr("255.255.255.0")}}) = 0
ioctl(3, SIOCGIFHWADDR, {ifr_name="wlan0", ifr_hwaddr=e0:b9:a5:04:43:00}) = 0

open("/proc/net/if_inet6", O_RDONLY)    = 5
fstat64(5, {st_mode=S_IFREG|0444, st_size=0, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7765000
read(5, "fe80000000000000e2b9a5fffe044300"..., 1024) = 108
read(5, "", 1024)                       = 0
close(5)                                = 0

munmap(0xb7765000, 4096)                = 0
socket(PF_NETLINK, SOCK_RAW, 0)         = 5
bind(5, {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 0
getsockname(5, {sa_family=AF_NETLINK, pid=12696, groups=00000000}, [12]) = 0
time(NULL)                              = 1336170738
sendto(5, "\24\0\0\0\26\0\1\3\362X\244O\0\0\0\0\0\0\0\0", 20, 0, {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 20
recvmsg(5, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000000}, msg_iov(1)=[{"0\0\0\0\24\0\2\0\362X\244O\2301\0\0\2\10\200\376\1\0\0\0\10\0\1\0\177\0\0\1"..., 4096}], msg_controllen=0, msg_flags=0}, 0) = 108
#0  sendto () at ../sysdeps/unix/sysv/linux/i386/socket.S:46
#1  0x0051000b in make_request (fd=8, pid=15825, seen_ipv4=0xbfff9f3b, seen_ipv6=0xbfff9f3a, in6ai=0xbfff9f30, in6ailen=0xbfff9f2c) at ../sysdeps/unix/sysv/linux/check_pf.c:99
#2  0x005104f4 in __check_pf (seen_ipv4=0xbfff9f3b, seen_ipv6=0xbfff9f3a, in6ai=0xbfff9f30, in6ailen=0xbfff9f2c) at ../sysdeps/unix/sysv/linux/check_pf.c:277
#3  0x004c6abb in getaddrinfo (name=0xbfff9f9b "::1", service=<value optimized out>, hints=0xbfff9f74, pai=0xbfff9f94) at ../sysdeps/posix/getaddrinfo.c:2109
#4  0x0812255d in canonicalize_address (ss=0xbfffa3ec, output=0x84e9984) at netutil.cc:1239
#5  0x081228b8 in collect_dnet_interfaces (entry=0xbfffa4bc, arg=0xbfffe4fc) at netutil.cc:1281
#6  0x081363f8 in intf_loop (intf=0x84ea470, callback=0x81225d0 <collect_dnet_interfaces(intf_entry const*, void*)>, arg=0xbfffe4fc) at intf.c:884
#7  0x0812416d in getinterfaces_dnet (howmany=0xbfffe55c, errstr=0x0, errstrlen=0) at netutil.cc:1342
#8  getinterfaces (howmany=0xbfffe55c, errstr=0x0, errstrlen=0) at netutil.cc:1365
#9  0x0812435e in getInterfaceByName (iname=0xbfffe7fc "lo", af=2) at netutil.cc:1425
#10 0x0812481f in route_dst_netlink (dst=0xbfffeafc, rnfo=0xbfffe93c, device=0x8275750 "", spoofss=0x0) at netutil.cc:3126
#11 0x0807dd68 in nmap_route_dst (dst=0xbfffeafc, rnfo=0xbfffe93c) at tcpip.cc:2025
#12 0x08079873 in nexthost (hs=0x84e4ce8, exclude_group=0xbfffec34, ports=0x826b9e0, pingtype=122) at targets.cc:361
#13 0x08075b8f in nmap_main (argc=7, argv=0xbffff6e4) at nmap.cc:1788
#14 0x0806e9c5 in main (argc=7, argv=0xbffff6e4) at main.cc:198
recvmsg(5, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000000}, msg_iov(1)=[{"@\0\0\0\24\0\2\0\362X\244O\2301\0\0\n\200\200\376\1\0\0\0\24\0\1\0\0\0\0\0"..., 4096}], msg_controllen=0, msg_flags=0}, 0) = 128
recvmsg(5, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000000}, msg_iov(1)=[{"\24\0\0\0\3\0\2\0\362X\244O\2301\0\0\0\0\0\0\1\0\0\0\24\0\1\0\0\0\0\0"..., 4096}], msg_controllen=0, msg_flags=0}, 0) = 20
close(5)                                = 0

socket(PF_NETLINK, SOCK_RAW, 0)         = 5
bind(5, {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 0
getsockname(5, {sa_family=AF_NETLINK, pid=12696, groups=00000000}, [12]) = 0
time(NULL)                              = 1336170738
sendto(5, "\24\0\0\0\26\0\1\3\362X\244O\0\0\0\0\0\0\0\0", 20, 0, {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 20

#0  sendto () at ../sysdeps/unix/sysv/linux/i386/socket.S:46
#1  0x0051000b in make_request (fd=8, pid=15825, seen_ipv4=0xbfff9f3b, seen_ipv6=0xbfff9f3a, in6ai=0xbfff9f30, in6ailen=0xbfff9f2c) at ../sysdeps/unix/sysv/linux/check_pf.c:99
#2  0x005104f4 in __check_pf (seen_ipv4=0xbfff9f3b, seen_ipv6=0xbfff9f3a, in6ai=0xbfff9f30, in6ailen=0xbfff9f2c) at ../sysdeps/unix/sysv/linux/check_pf.c:277
#3  0x004c6abb in getaddrinfo (name=0xbfff9f9b "192.168.1.105", service=<value optimized out>, hints=0xbfff9f74, pai=0xbfff9f94) at ../sysdeps/posix/getaddrinfo.c:2109
#4  0x0812255d in canonicalize_address (ss=0xbfffa3ec, output=0x84e9afc) at netutil.cc:1239
#5  0x08122838 in collect_dnet_interfaces (entry=0xbfffa4bc, arg=0xbfffe4fc) at netutil.cc:1272
#6  0x081363f8 in intf_loop (intf=0x84ea470, callback=0x81225d0 <collect_dnet_interfaces(intf_entry const*, void*)>, arg=0xbfffe4fc) at intf.c:884
#7  0x0812416d in getinterfaces_dnet (howmany=0xbfffe55c, errstr=0x0, errstrlen=0) at netutil.cc:1342
#8  getinterfaces (howmany=0xbfffe55c, errstr=0x0, errstrlen=0) at netutil.cc:1365
#9  0x0812435e in getInterfaceByName (iname=0xbfffe7fc "lo", af=2) at netutil.cc:1425
#10 0x0812481f in route_dst_netlink (dst=0xbfffeafc, rnfo=0xbfffe93c, device=0x8275750 "", spoofss=0x0) at netutil.cc:3126
#11 0x0807dd68 in nmap_route_dst (dst=0xbfffeafc, rnfo=0xbfffe93c) at tcpip.cc:2025
#12 0x08079873 in nexthost (hs=0x84e4ce8, exclude_group=0xbfffec34, ports=0x826b9e0, pingtype=122) at targets.cc:361
#13 0x08075b8f in nmap_main (argc=7, argv=0xbffff6e4) at nmap.cc:1788
#14 0x0806e9c5 in main (argc=7, argv=0xbffff6e4) at main.cc:198

recvmsg(5, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000000}, 
msg_iov(1)=[{"0\0\0\0\24\0\2\0\362X\244O\2301\0\0\2\10\200\376\1\0\0\0\10\0\1\0\177\0\0\1"..., 4096}], msg_controllen=0, msg_flags=0}, 0) = 108
recvmsg(5, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000000}, msg_iov(1)=[{"@\0\0\0\24\0\2\0\362X\244O\2301\0\0\n\200\200\376\1\0\0\0\24\0\1\0\0\0\0\0"..., 4096}], msg_controllen=0, msg_flags=0}, 0) = 128
recvmsg(5, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000000}, msg_iov(1)=[{"\24\0\0\0\3\0\2\0\362X\244O\2301\0\0\0\0\0\0\1\0\0\0\24\0\1\0\0\0\0\0"..., 4096}], msg_controllen=0, msg_flags=0}, 0) = 20
close(5)                                = 0

read(4, "", 1024)                       = 0
close(4)                                = 0

munmap(0xb7766000, 4096)                = 0
close(3)                                = 0

gettimeofday({1336170738, 657497}, NULL) = 0
getuid32()                              = 0
open("/etc/passwd", O_RDONLY|O_CLOEXEC) = 3
_llseek(3, 0, [0], SEEK_CUR)            = 0
fstat64(3, {st_mode=S_IFREG|0644, st_size=1704, ...}) = 0
mmap2(NULL, 1704, PROT_READ, MAP_SHARED, 3, 0) = 0xb7766000
_llseek(3, 1704, [1704], SEEK_SET)      = 0
munmap(0xb7766000, 1704)                = 0
close(3)                                = 0

stat64("/root/.nmap/updates/5.61TEST4/nmap-payloads", 0xbfa1f24c) = -1 ENOENT (No such file or directory)
getuid32()                              = 0
geteuid32()                             = 0
readlink("/proc/self/exe", "/home/username/Nmap/source/main/nmap", 1024) = 61
stat64("/home/username/Nmap/source/main/updates/5.61TEST4/nmap-payloads", 0xbfa1f24c) = -1 ENOENT (No such file or directory)
stat64("/home/username/Nmap/source/main/../share/nmap/updates/5.61TEST4/nmap-payloads", 0xbfa1f24c) = -1 ENOENT (No such file or directory)
stat64("/usr/local/share/nmap/updates/5.61TEST4/nmap-payloads", 0xbfa1f24c) = -1 ENOENT (No such file or directory)
getuid32()                              = 0
open("/etc/passwd", O_RDONLY|O_CLOEXEC) = 3
_llseek(3, 0, [0], SEEK_CUR)            = 0
fstat64(3, {st_mode=S_IFREG|0644, st_size=1704, ...}) = 0
mmap2(NULL, 1704, PROT_READ, MAP_SHARED, 3, 0) = 0xb7766000
_llseek(3, 1704, [1704], SEEK_SET)      = 0
munmap(0xb7766000, 1704)                = 0
close(3)                                = 0

stat64("/root/.nmap/nmap-payloads", 0xbfa1f24c) = -1 ENOENT (No such file or directory)
getuid32()                              = 0
geteuid32()                             = 0
readlink("/proc/self/exe", "/home/username/Nmap/source/main/nmap", 1024) = 61
stat64("/home/username/Nmap/source/main/nmap-payloads", {st_mode=S_IFREG|0644, st_size=9981, ...}) = 0
access("/home/username/Nmap/source/main/nmap-payloads", R_OK) = 0
stat64("./nmap-payloads", {st_mode=S_IFREG|0644, st_size=9981, ...}) = 0
access("./nmap-payloads", R_OK)         = 0
stat64("/home/username/Nmap/source/main/nmap-payloads", {st_mode=S_IFREG|0644, st_size=9981, ...}) = 0

stat64("./nmap-payloads", {st_mode=S_IFREG|0644, st_size=9981, ...}) = 0
open("/home/username/Nmap/source/main/nmap-payloads", O_RDONLY) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=9981, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7766000
read(3, "# Nmap nmap payload database -*-"..., 4096) = 4096
read(3, "164, IPSEC, IDENTITY.\n  \"\\x00\\x0"..., 4096) = 4096
read(3, "erver and will be ignored.\nudp 6"..., 4096) = 1789
read(3, "", 4096)                       = 0
close(3)                                = 0

munmap(0xb7766000, 4096)                = 0

gettimeofday({1336170738, 668598}, NULL) = 0
gettimeofday({1336170738, 668758}, NULL) = 0
gettimeofday({1336170738, 668899}, NULL) = 0
gettimeofday({1336170738, 669055}, NULL) = 0

socket(PF_INET, SOCK_RAW, IPPROTO_RAW)  = 3
setsockopt(3, SOL_SOCKET, SO_BROADCAST, [1], 4) = 0
setsockopt(3, SOL_IP, IP_HDRINCL, [1], 4) = 0

socket(PF_PACKET, SOCK_RAW, 768)        = 4
ioctl(4, SIOCGIFINDEX, {ifr_name="lo", ifr_index=1}) = 0
ioctl(4, SIOCGIFHWADDR, {ifr_name="lo", ifr_hwaddr=00:00:00:00:00:00}) = 0
ioctl(4, SIOCGIFINDEX, {ifr_name="lo", ifr_index=1}) = 0
bind(4, {sa_family=AF_PACKET, proto=0x03, if1, pkttype=PACKET_HOST, addr(0)={0, }, 20) = 0
getsockopt(4, SOL_SOCKET, SO_ERROR, [0], [4]) = 0
setsockopt(4, SOL_PACKET, PACKET_AUXDATA, [1], 4) = 0
setsockopt(4, SOL_SOCKET, SO_ATTACH_FILTER, "\1\0\0\0\f\270&\10", 8) = 0
fcntl64(4, F_GETFL)                     = 0x2 (flags O_RDWR)
fcntl64(4, F_SETFL, O_RDWR|O_NONBLOCK)  = 0
recv(4, 0xbfa20baf, 1, MSG_TRUNC)       = -1 EAGAIN (Resource temporarily unavailable)
fcntl64(4, F_SETFL, O_RDWR)             = 0
setsockopt(4, SOL_SOCKET, SO_ATTACH_FILTER, ":\0\0\0`(\25\t", 8) = 0

gettimeofday({1336170738, 709933}, NULL) = 0
gettimeofday({1336170738, 710120}, NULL) = 0
gettimeofday({1336170738, 710323}, NULL) = 0
gettimeofday({1336170738, 710506}, NULL) = 0
gettimeofday({1336170738, 710693}, NULL) = 0
sendto(3, "E\0\0,\237a\0\0004\6\351h\177\0\0\1\177\0\0\1\211\24\37\220\30W|\31\0\0\0\0"..., 44, 0, {sa_family=AF_INET, sin_port=htons(8080), sin_addr=inet_addr("127.0.0.1")}, 16) = 44

#0  sendto () at ../sysdeps/unix/sysv/linux/i386/socket.S:46
#1  0x08128bde in Sendto (functionname=0x816c8d1 "send_ip_packet_sd", sd=6,  packet=0x84eac70 "E", len=44, flags=0, to=0xbfffe71c, tolen=16) at netutil.cc:3382
#2  0x08128e87 in send_ip_packet_sd (sd=6, dst=0x84e95a4, packet=0x84eac70 "E", packetlen=44) at netutil.cc:3477
#3  0x0807b2e3 in send_ipv4_packet (sd=6, eth=0x0, dst=0x84e95a4, packet=0x84eac70 "E", packetlen=44) at tcpip.cc:473
#4  send_ip_packet (sd=6, eth=0x0, dst=0x84e95a4, packet=0x84eac70 "E", packetlen=44) at tcpip.cc:504
#5  0x080b1f3b in sendIPScanProbe (USI=0x84ea4a8, hss=0x84eb018, pspec=0xbfffea24, tryno=0 '\000', pingseq=0 '\000') at scan_engine.cc:3335
#6  0x080be1cc in sendNextScanProbe (Targets=..., ports=0x826b9e0, scantype=SYN_SCAN, to=0x0) at scan_engine.cc:3551
#7  doAnyNewProbes (Targets=..., ports=0x826b9e0, scantype=SYN_SCAN, to=0x0) at scan_engine.cc:3588
#8  ultra_scan (Targets=..., ports=0x826b9e0, scantype=SYN_SCAN, to=0x0) at scan_engine.cc:5641
#9  0x08076874 in nmap_main (argc=7, argv=0xbffff6e4) at nmap.cc:1889
#10 0x0806e9c5 in main (argc=7, argv=0xbffff6e4) at main.cc:198






gettimeofday({1336170738, 711404}, NULL) = 0
 
write(1, "SENT (0.4265s) TCP 127.0.0.1:350"..., 114) = 114
  • #9 log_vwrite (logt=1024, fmt=0x8143938 "%s (%.4fs) %s\n", ap=0xbfffe708 "h8\024\b") at output.cc:930
  • #10 0x080a555b in log_write (logt=1025, fmt=0x8143938 "%s (%.4fs) %s\n") at output.cc:983
  • #11 0x0807addc in PacketTrace::trace (pdir=1, packet=0x84eac70 "E", len=44, now=0x0) at tcpip.cc:342
  • #12 0x0807b23e in send_ipv6_packet (sd=6, eth=0x0, dst=0x84e95a4, packet=0x84eac70 "E", packetlen=44) at tcpip.cc:488
  • #13 send_ip_packet (sd=6, eth=0x0, dst=0x84e95a4, packet=0x84eac70 "E", packetlen=44) at tcpip.cc:507
  • #14 0x080b1f3b in sendIPScanProbe (USI=0x84ea4a8, hss=0x84eb018, pspec=0xbfffea24, tryno=0 '\000', pingseq=0 '\000') at scan_engine.cc:3335
  • #15 0x080be1cc in sendNextScanProbe (Targets=..., ports=0x826b9e0, scantype=SYN_SCAN, to=0x0) at scan_engine.cc:3551
  • #16 doAnyNewProbes (Targets=..., ports=0x826b9e0, scantype=SYN_SCAN, to=0x0) at scan_engine.cc:3588
  • #17 ultra_scan (Targets=..., ports=0x826b9e0, scantype=SYN_SCAN, to=0x0) at scan_engine.cc:5641
  • #18 0x08076874 in nmap_main (argc=7, argv=0xbffff6e4) at nmap.cc:1889
  • #19 0x0806e9c5 in main (argc=7, argv=0xbffff6e4) at main.cc:198

  • #9  log_vwrite (logt=1024, fmt=0x8143938 "%s (%.4fs) %s\n", ap=0xbfffe708 "h8\024\b") at output.cc:930
  • #10 0x080a555b in log_write (logt=1025, fmt=0x8143938 "%s (%.4fs) %s\n") at output.cc:983
  • #11 0x0807addc in PacketTrace::trace (pdir=1, packet=0x84eb5c8 "E", len=44, now=0x0) at tcpip.cc:342
  • #12 0x0807b23e in send_ipv6_packet (sd=6, eth=0x0, dst=0x84e95a4, packet=0x84eb5c8 "E", packetlen=44) at tcpip.cc:488
  • #13 send_ip_packet (sd=6, eth=0x0, dst=0x84e95a4, packet=0x84eb5c8 "E", packetlen=44) at tcpip.cc:507
  • #14 0x080b1f3b in sendIPScanProbe (USI=0x84ea4a8, hss=0x84eb018,  pspec=0x84ea5f8, tryno=1 '\001', pingseq=0 '\000') at scan_engine.cc:3335
  • #15 0x080be3e9 in retransmitProbe (Targets=..., ports=0x826b9e0, scantype=SYN_SCAN, to=0x0) at scan_engine.cc:3716
  • #16 doAnyOutstandingRetransmits (Targets=..., ports=0x826b9e0, scantype=SYN_SCAN, to=0x0) at scan_engine.cc:3799
  • #17 ultra_scan (Targets=..., ports=0x826b9e0, scantype=SYN_SCAN, to=0x0) at scan_engine.cc:5637
  • #18 0x08076874 in nmap_main (argc=7, argv=0xbffff6e4) at nmap.cc:1889
  • #19 0x0806e9c5 in main (argc=7, argv=0xbffff6e4) at main.cc:198
gettimeofday({1336170738, 711967}, NULL) = 0
gettimeofday({1336170738, 712154}, NULL) = 0
gettimeofday({1336170738, 712334}, NULL) = 0
gettimeofday({1336170738, 712529}, NULL) = 0
gettimeofday({1336170738, 712720}, NULL) = 0
select(5, [4], NULL, NULL, {0, 998164}) = 1 (in [4], left {0, 998152})
recvmsg(4, {msg_name(18)={sa_family=AF_PACKET, proto=0x800, if1, pkttype=PACKET_OUTGOING, addr(6)={772, 000000000000}, msg_iov(1)=[{"\0\0\0\0\0\0\0\0\0\0\0\0\10\0E\0\0,\237a\0\0004\6\351h\177\0\0\1\177\0"..., 256}], msg_controllen=32, {cmsg_len=32, cmsg_level=SOL_PACKET, cmsg_type=, ...}, msg_flags=0}, MSG_TRUNC) = 58
gettimeofday({1336170738, 715625}, NULL) = 0

select(5, [4], NULL, NULL, {0, 998164}) = 1 (in [4], left {0, 998149})




recvmsg(4, {msg_name(18)={sa_family=AF_PACKET, proto=0x800, if1, pkttype=PACKET_HOST, addr(6)={772, 000000000000}, msg_iov(1)=[{"\0\0\0\0\0\0\0\0\0\0\0\0\10\0E\0\0,\237a\0\0004\6\351h\177\0\0\1\177\0"..., 256}], msg_controllen=32, {cmsg_len=32, cmsg_level=SOL_PACKET, cmsg_type=, ...}, msg_flags=0}, MSG_TRUNC) = 58
ioctl(4, SIOCGSTAMP, 0xbfa212a0)        = 0

write(1, "RCVD (0.4318s) TCP 127.0.0.1:350"..., 114) = 114

  • #10 0x080a555b in log_write (logt=1025, fmt=0x8143938 "%s (%.4fs) %s\n") at output.cc:983
  • #11 0x0807addc in PacketTrace::trace (pdir=2, packet=0x84eac70 "E", len=44, now=0xbfffe534) at tcpip.cc:342
  • #12 0x0807cf7e in readip_pcap (pd=0x84eb200, len=0xbfffe548, to_usec=2000, rcvdtime=0xbfffe534, linknfo=0xbfffe8dc, validate=true) at tcpip.cc:1729
  • #13 0x080b8928 in get_pcap_result (USI=0x84ea4a8, stime=0xbfffea04) at scan_engine.cc:4283
  • #14 0x080be05f in waitForResponses (Targets=..., ports=0x826b9e0, scantype=SYN_SCAN, to=0x0) at scan_engine.cc:5336
  • #15 ultra_scan (Targets=..., ports=0x826b9e0, scantype=SYN_SCAN, to=0x0) at scan_engine.cc:5645
  • #16 0x08076874 in nmap_main (argc=7, argv=0xbffff6e4) at nmap.cc:1889
  • #17 0x0806e9c5 in main (argc=7, argv=0xbffff6e4) at main.cc:198 

  • #9  log_vwrite (logt=1024, fmt=0x8143938 "%s (%.4fs) %s\n", ap=0xbfffe418 "m8\024\b") at output.cc:930
  • #10 0x080a555b in log_write (logt=1025, fmt=0x8143938 "%s (%.4fs) %s\n" at output.cc:983
  • #11 0x0807addc in PacketTrace::trace (pdir=2, packet=0x84eac70 "E", len=40, now=0xbfffe534) at tcpip.cc:342
  • #12 0x0807cf7e in readip_pcap (pd=0x84eb200, len=0xbfffe548, to_usec=2000, rcvdtime=0xbfffe534, linknfo=0xbfffe8dc, validate=true) at tcpip.cc:1729
  • #13 0x080b8928 in get_pcap_result (USI=0x84ea4a8, stime=0xbfffea04) at scan_engine.cc:4283
  • #14 0x080be05f in waitForResponses (Targets=..., ports=0x826b9e0, scantype=SYN_SCAN, to=0x0) at scan_engine.cc:5336
  • #15 ultra_scan (Targets=..., ports=0x826b9e0, scantype=SYN_SCAN, to=0x0) at scan_engine.cc:5645
  • #16 0x08076874 in nmap_main (argc=7, argv=0xbffff6e4) at nmap.cc:1889
  • #17 0x0806e9c5 in main (argc=7, argv=0xbffff6e4) at main.cc:198

gettimeofday({1336170738, 717269}, NULL) = 0
gettimeofday({1336170738, 717850}, NULL) = 0

select(5, [4], NULL, NULL, {0, 993424}) = 1 (in [4], left {0, 993411})

#0 select () at ../sysdeps/unix/syscall-template.S:82
#1 0x081237c4 in pcap_select (p=0x84eb200, timeout=0xbfffe438) at netutil.cc:921
#2 0x0812386c in pcap_select (p=0x84eb200, usecs=999717) at netutil.cc:939
#3 0x0807ce07 in readip_pcap (pd=0x84eb200, len=0xbfffe548, to_usec=999717, rcvdtime=0xbfffe534, linknfo=0xbfffe8dc, validate=true) at tcpip.cc:1657
#4 0x080b8928 in get_pcap_result (USI=0x84ea4a8, stime=0xbfffea04) at scan_engine.cc:4283
#5 0x080be05f in waitForResponses (Targets=..., ports=0x826b9e0, scantype=SYN_SCAN, to=0x0) at scan_engine.cc:5336
#6 ultra_scan (Targets=..., ports=0x826b9e0, scantype=SYN_SCAN, to=0x0) at scan_engine.cc:5645
#7 0x08076874 in nmap_main (argc=7, argv=0xbffff6e4) at nmap.cc:1889
#8 0x0806e9c5 in main (argc=7, argv=0xbffff6e4) at main.cc:198



recvmsg(4, {msg_name(18)={sa_family=AF_PACKET, proto=0x800, if1, pkttype=PACKET_OUTGOING, addr(6)={772, 000000000000}, msg_iov(1)=[{"\0\0\0\0\0\0\0\0\0\0\0\0\10\0E\0\0(\0\0@\0@\6<\316\177\0\0\1\177\0"..., 256}], msg_controllen=32, {cmsg_len=32, cmsg_level=SOL_PACKET, cmsg_type=, ...}, msg_flags=0}, MSG_TRUNC) = 54
#0 recvmsg () at ../sysdeps/unix/sysv/linux/i386/socket.S:46
#1 0x0811b729 in pcap_read_packet (handle=0x84eb200, max_packets=1, callback=0x8106a60 <pcap_oneshot>,
user=0xbfffe430 "x\344\377\277<\344\377\277") at ./pcap-linux.c:1502
#2 pcap_read_linux (handle=0x84eb200, max_packets=1, callback=0x8106a60 <pcap_oneshot>, user=0xbfffe430 "x\344\377\277<\344\377\277") at ./pcap-linux.c:1407
#3 0x08106f17 in pcap_dispatch (p=0x84eb200, cnt=1, callback=0x8106a60 <pcap_oneshot>, user=0xbfffe430 "x\344\377\277<\344\377\277") at ./pcap.c:497
#4 0x08106f65 in pcap_next (p=0x84eb200, h=0xbfffe478) at ./pcap.c:180
#5 0x0807d107 in readip_pcap (pd=0x84eb200, len=0xbfffe548, to_usec=999717, rcvdtime=0xbfffe534, linknfo=0xbfffe8dc, validate=true) at tcpip.cc:1660
#6 0x080b8928 in get_pcap_result (USI=0x84ea4a8, stime=0xbfffea04) at scan_engine.cc:4283
#7 0x080be05f in waitForResponses (Targets=..., ports=0x826b9e0, scantype=SYN_SCAN, to=0x0) at scan_engine.cc:5336
#8 ultra_scan (Targets=..., ports=0x826b9e0, scantype=SYN_SCAN, to=0x0) at scan_engine.cc:5645
#9 0x08076874 in nmap_main (argc=7, argv=0xbffff6e4) at nmap.cc:1889
#10 0x0806e9c5 in main (argc=7, argv=0xbffff6e4) at main.cc:198


gettimeofday({1336170738, 718693}, NULL) = 0

select(5, [4], NULL, NULL, {0, 993424}) = 1 (in [4], left {0, 993414})
recvmsg(4, {msg_name(18)={sa_family=AF_PACKET, proto=0x800, if1, pkttype=PACKET_HOST, addr(6)={772, 000000000000}, msg_iov(1)=[{"\0\0\0\0\0\0\0\0\0\0\0\0\10\0E\0\0(\0\0@\0@\6<\316\177\0\0\1\177\0"..., 256}], msg_controllen=32, {cmsg_len=32, cmsg_level=SOL_PACKET, cmsg_type=, ...}, msg_flags=0}, MSG_TRUNC) = 54
ioctl(4, SIOCGSTAMP, 0xbfa212a0)        = 0

write(1, "RCVD (0.4347s) TCP 127.0.0.1:808"..., 90) = 90


  • #9 log_vwrite (logt=1024, fmt=0x8143938 "%s (%.4fs) %s\n", ap=0xbfffe418 "m8\024\b") at output.cc:930
  • #10 0x080a555b in log_write (logt=1025, fmt=0x8143938 "%s (%.4fs) %s\n") at output.cc:983
  • #11 0x0807addc in PacketTrace::trace (pdir=2, packet=0x84eac70 "E", len=44, now=0xbfffe534) at tcpip.cc:342
  • #12 0x0807cf7e in readip_pcap (pd=0x84eb200, len=0xbfffe548, to_usec=2000, rcvdtime=0xbfffe534, linknfo=0xbfffe8dc, validate=true) at tcpip.cc:1729
  • #13 0x080b8928 in get_pcap_result (USI=0x84ea4a8, stime=0xbfffea04) at scan_engine.cc:4283
  • #14 0x080be05f in waitForResponses (Targets=..., ports=0x826b9e0, scantype=SYN_SCAN, to=0x0) at scan_engine.cc:5336
  • #15 ultra_scan (Targets=..., ports=0x826b9e0, scantype=SYN_SCAN, to=0x0) at scan_engine.cc:5645
  • #16 0x08076874 in nmap_main (argc=7, argv=0xbffff6e4) at nmap.cc:1889
  • #17 0x0806e9c5 in main (argc=7, argv=0xbffff6e4) at main.cc:198

  • #10 0x080a555b in log_write (logt=1025, fmt=0x8143938 "%s (%.4fs) %s\n")  at output.cc:983
  • #11 0x0807addc in PacketTrace::trace (pdir=2, packet=0x84eac70 "E", len=40, now=0xbfffe534) at tcpip.cc:342
  • #12 0x0807cf7e in readip_pcap (pd=0x84eb200, len=0xbfffe548, to_usec=2000, rcvdtime=0xbfffe534, linknfo=0xbfffe8dc, validate=true) at tcpip.cc:1729
  • #13 0x080b8928 in get_pcap_result (USI=0x84ea4a8, stime=0xbfffea04) at scan_engine.cc:4283
  • #14 0x080be05f in waitForResponses (Targets=..., ports=0x826b9e0, scantype=SYN_SCAN, to=0x0) at scan_engine.cc:5336
  • #15 ultra_scan (Targets=..., ports=0x826b9e0, scantype=SYN_SCAN, to=0x0) at scan_engine.cc:5645
  • #16 0x08076874 in nmap_main (argc=7, argv=0xbffff6e4) at nmap.cc:1889
  • #17 0x0806e9c5 in main (argc=7, argv=0xbffff6e4) at main.cc:198

  •  #8  log_vwrite (logt=2048, fmt=0x814ce08 "RTTVAR has grown to over 2.3 seconds, decreasing to 2.0", ap=0xbfffe394 "127.\\") at output.cc:935
  • #9  0x0807e306 in error (fmt=0x814ce08 "RTTVAR has grown to over 2.3 seconds, decreasing to 2.0") at nmap_error.cc:164
  • #10 0x080c1742 in adjust_timeouts2 (sent=0x84eb630, received=0xbfffe534, to=0x84e94dc) at timing.cc:175
  • #11 0x080b094b in ultrascan_adjust_timeouts (probe=0x84eb628, rcvdtime=0xbfffe534, USI=<value optimized out>, hss=<value optimized out>)  at scan_engine.cc:2174
  • #12 0x080b73dc in ultrascan_port_probe_update (USI=0x84ea4a8, hss=0x84eb018, probeI=..., newstate=1, rcvdtime=0xbfffe534, adjust_timing_hint=true) at scan_engine.cc:2818
  • #13 0x080b8d46 in get_pcap_result (USI=0x84ea4a8, stime=0xbfffea01) at scan_engine.cc:4787
  • #14 0x080be05f in waitForResponses (Targets=..., ports=0x826b9e0, scantype=SYN_SCAN, to=0x0) at scan_engine.cc:5336
  • #15 ultra_scan (Targets=..., ports=0x826b9e0, scantype=SYN_SCAN, to=0x0) at scan_engine.cc:5645
  • #16 0x08076874 in nmap_main (argc=7, argv=0xbffff6e4) at nmap.cc:1889
  • #17 0x0806e9c5 in main (argc=7, argv=0xbffff6e4) at main.cc:198


gettimeofday({1336170738, 720190}, NULL) = 0
gettimeofday({1336170738, 720427}, NULL) = 0
gettimeofday({1336170738, 720605}, NULL) = 0
gettimeofday({1336170738, 720783}, NULL) = 0
ioctl(3, TIOCGPGRP, [3922393])          = -1 EINVAL (Invalid argument)
close(3)                                = 0
close(4)                                = 0
 
write(1, "Nmap scan report for localhost ("..., 43) = 43

  • #8 log_vwrite (logt=2048, fmt=0x814ce08 "RTTVAR has grown to over 2.3 seconds, decreasing to 2.0",
  • ap=0xbfffe394 "127.\\") at output.cc:935
  • #9 0x0807e306 in error (fmt=0x814ce08 "RTTVAR has grown to over 2.3 seconds, decreasing to 2.0") at nmap_error.cc:164
  • #10 0x080c1742 in adjust_timeouts2 (sent=0x84eb630, received=0xbfffe534, to=0x84e94dc) at timing.cc:175
  • #11 0x080b094b in ultrascan_adjust_timeouts (probe=0x84eb628, rcvdtime=0xbfffe534, USI=<value optimized out>, hss=<value optimized out>) at scan_engine.cc:2174
  • #12 0x080b73dc in ultrascan_port_probe_update (USI=0x84ea4a8, hss=0x84eb018, probeI=..., newstate=1, rcvdtime=0xbfffe534, adjust_timing_hint=true) at scan_engine.cc:2818
  • #13 0x080b8d46 in get_pcap_result (USI=0x84ea4a8, stime=0xbfffea01) at scan_engine.cc:4787
  • #14 0x080be05f in waitForResponses (Targets=..., ports=0x826b9e0, scantype=SYN_SCAN, to=0x0) at scan_engine.cc:5336
  • #15 ultra_scan (Targets=..., ports=0x826b9e0, scantype=SYN_SCAN, to=0x0) at scan_engine.cc:5645
  • #16 0x08076874 in nmap_main (argc=7, argv=0xbffff6e4) at nmap.cc:1889
  • #17 0x0806e9c5 in main (argc=7, argv=0xbffff6e4) at main.cc:198

write(1, "Host is up, received localhost-r"..., 59) = 59
write(1, "PORT     STATE  SERVICE    REASO"..., 67) = 67

#9 log_vwrite (logt=1024, fmt=0x8146e6e "\n", ap=0xbfffeba8 "\026\275\246O") at output.cc:930
#10 0x080a555b in log_write (logt=1031, fmt=0x8146e6e "\n") at output.cc:983
#11 0x080761ac in nmap_main (argc=7, argv=0xbffff6e4) at nmap.cc:2008
#12 0x0806e9c5 in main (argc=7, argv=0xbffff6e4) at main.cc:198

write(1, "\n", 1)                       = 1
gettimeofday({1336170738, 757261}, NULL) = 0
time(NULL)                              = 1336170738
write(1, "Nmap done: 1 IP address (1 host "..., 60) = 60

  • #9 log_vwrite (logt=1024, fmt=0x814a138 "Nmap done: %d %s (%d %s up) scanned in %.2f seconds\n", ap=0xbfffea48 "\001") at output.cc:930
  • #10 0x080a555b in log_write (logt=1028, fmt=0x814a138 "Nmap done: %d %s (%d %s up) scanned in %.2f seconds\n")at output.cc:983
  • #11 0x080a94c4 in printfinaloutput () at output.cc:2466
  • #12 0x08076497 in nmap_main (argc=7, argv=0xbffff6e4) at nmap.cc:2052
  • #13 0x0806e9c5 in main (argc=7, argv=0xbffff6e4) at main.cc:198




stat64("/etc/localtime", {st_mode=S_IFREG|0644, st_size=3519, ...}) = 0
stat64("/etc/localtime", {st_mode=S_IFREG|0644, st_size=3519, ...}) = 0
exit_group(0)                           = ?
Posted by at

1 comment:

  1. rkingApril 11, 2013 at 5:18 AM

    Thanks!

    Really nice to see people diving in with details like this.

    ReplyDelete

Subscribe to: Post Comments (Atom)