Mastodon Politics, Power, and Science: Analyzing nmap using strace and gdb.

Friday, May 4, 2012

Analyzing nmap using strace and gdb.

Trying to explain my process here with a concrete example.

The other analysis I am doing is following the code through in program execution order.  So I am looking at the code forwards and backwards.    I always like to analyze programs this way because often it points to inefficiencies that could be done in better ways.  I feel comfortable with looking at how a program runs by how it interacts with the system.  Plus I was really interesting in the actual how things happen where the rubber meets the road.  I was wondering if we used

For instance, the packet trace option when running nmap shows me a packet that is being received:

RCVD (0.4640s) TCP 127.0.0.1:8080 > 127.0.0.1:39122 RA ttl=64 id=0 iplen=40  seq=0 win=0

Looking at strace the line that matches up to the output is this:

recvmsg(4, {msg_name(18)={sa_family=AF_PACKET, proto=0x800, if1, pkttype=PACKET_HOST, addr(6)={772, 000000000000}, msg_iov(1)=[{"\0\0\0\0\0\0\0\0\0\0\0\0\10\0E\0\0(\0\0@\0@\6<\316\177\0\0\1\177\0"..., 256}], msg_controllen=32, {cmsg_len=32, cmsg_level=SOL_PACKET, cmsg_type=, ...}, msg_flags=0}, MSG_TRUNC) = 54

And putting a breakpoint in recvmsg() in gdb shows me this:

#0 recvmsg () at ../sysdeps/unix/sysv/linux/i386/socket.S:46
#1 0x0811b729 in pcap_read_packet (handle=0x84eb200, max_packets=1, callback=0x8106a60 <pcap_oneshot>,
user=0xbfffe430 "x\344\377\277<\344\377\277") at ./pcap-linux.c:1502
#2 pcap_read_linux (handle=0x84eb200, max_packets=1, callback=0x8106a60 <pcap_oneshot>, user=0xbfffe430 "x\344\377\277<\344\377\277") at ./pcap-linux.c:1407
#3 0x08106f17 in pcap_dispatch (p=0x84eb200, cnt=1, callback=0x8106a60 <pcap_oneshot>, user=0xbfffe430 "x\344\377\277<\344\377\277") at ./pcap.c:497
#4 0x08106f65 in pcap_next (p=0x84eb200, h=0xbfffe478) at ./pcap.c:180
#5 0x0807d107 in readip_pcap (pd=0x84eb200, len=0xbfffe548, to_usec=999717, rcvdtime=0xbfffe534, linknfo=0xbfffe8dc, validate=true) at tcpip.cc:1660
#6 0x080b8928 in get_pcap_result (USI=0x84ea4a8, stime=0xbfffea04) at scan_engine.cc:4283
#7 0x080be05f in waitForResponses (Targets=..., ports=0x826b9e0, scantype=SYN_SCAN, to=0x0) at scan_engine.cc:5336
#8 ultra_scan (Targets=..., ports=0x826b9e0, scantype=SYN_SCAN, to=0x0) at scan_engine.cc:5645
#9 0x08076874 in nmap_main (argc=7, argv=0xbffff6e4) at nmap.cc:1889
#10 0x0806e9c5 in main (argc=7, argv=0xbffff6e4) at main.cc:198

Which tells me that the pcap library is being used, that it is called from waitForResponses on line 5336 in the ultra_scan function on line 5645.  Even better, because ultra_scan is called a dozen times in nmap_main, I know that ulra_scan() is being called here because 

1888       if (o.synscan)
1889         ultra_scan(Targets, &ports, SYN_SCAN);

Then I look at the code and follow this trail upward and it is very clear why it works this way. 

Now that I am all set up it is only going to take a few minutes to figure out where and give context as to why the program is loading each config file and opening all these ports on startup.



- -

I've added stack traces in main locations to see how the program is structured at these key places using gdb.  Here is a gdb tutorial to see how you load a program and run it.

sudo bash
<enter password to increase permissions>
gdb ./nmap
break <enter name of function to break on>
run -n -p 8080 localhost --reason --packet-trace

At each break point I typed

bt
 to get a backtrace  and 
<enter> when requested to complete the backtrace.
Then type the following to get to the next breakpoint.

cont

This is the command I gave to see what system functions were called.

sudo strace -o ../output00001.txt ./nmap -n -p 8080 localhost --reason --packet-trace


Starting Nmap 5.61TEST5 ( http://nmap.org ) at 2012-05-04 18:51 EDT
SENT (0.4583s) TCP 127.0.0.1:39122 > 127.0.0.1:8080 S ttl=54 id=18866 iplen=44  seq=1825058727 win=1024 <mss 1460>
RCVD (0.4616s) TCP 127.0.0.1:39122 > 127.0.0.1:8080 S ttl=54 id=18866 iplen=44  seq=1825058727 win=1024 <mss 1460>
RCVD (0.4640s) TCP 127.0.0.1:8080 > 127.0.0.1:39122 RA ttl=64 id=0 iplen=40  seq=0 win=0
Nmap scan report for localhost (127.0.0.1)
Host is up, received localhost-response (0.0064s latency).
PORT     STATE  SERVICE    REASON
8080/tcp closed http-proxy reset

Nmap done: 1 IP address (1 host up) scanned in 0.50 seconds

Wireshark capture.  The first two are to a closed port, the last 3 are to an open port.





These are all the system calls used by nmap.

The output file has been shortened a bit and the above lines highlighted in the output below:

[Startup removed]

write(1, "Starting Nmap 5.61TEST5 ( http:/"..., 68) = 68


#9  0x080a5275 in vfprintf (logt=1024,
    fmt=0x813e179 "\nStarting %s %s ( %s ) at %s\n",
    ap=0xbfffe928 "y\330\023\bo\330\023\b_\330\023\b\374\352\377\277\350\377\377\377\377\377\377\377\001") at /usr/include/bits/stdio2.h:128
#10 log_vwrite (logt=1024, fmt=0x813e179 "\nStarting %s %s ( %s ) at %s\n",
---Type <return> to continue, or q <return> to quit---
    ap=0xbfffe928 "y\330\023\bo\330\023\b_\330\023\b\374\352\377\277\350\377\377\377\377\377\377\377\001") at output.cc:930
#11 0x080a555b in log_write (logt=1028,
    fmt=0x813e179 "\nStarting %s %s ( %s ) at %s\n") at output.cc:983
#12 0x080747dc in apply_delayed_options () at nmap.cc:1361
#13 0x080750e6 in nmap_main (argc=7, argv=0xbffff6e4) at nmap.cc:1563
#14 0x0806e9c5 in main (argc=7, argv=0xbffff6e4) at main.cc:198

 
getuid32()                              = 0
socket(PF_FILE, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0) = 3
connect(3, {sa_family=AF_FILE, path="/var/run/nscd/socket"}, 110) = -1 ENOENT (No such file or directory)
close(3)                                = 0


#0 connect () at ../sysdeps/unix/sysv/linux/i386/socket.S:46
#1 0x00521c38 in open_socket (type=GETFDPW, key=0x555c06 "passwd", keylen=7)
at nscd_helper.c:207
#2 0x00522171 in get_mapping (type=GETFDPW, key=0x555c06 "passwd",
mappedp=0x57d3c0) at nscd_helper.c:293
#3 0x00522619 in __nscd_get_map_ref (type=GETFDPW, name=0x555c06 "passwd",
mapptr=0x57d3bc, gc_cyclep=0xbfffbc74) at nscd_helper.c:452
#4 0x0051f784 in nscd_getpw_r (key=0xbfffbca6 "0", keylen=2, type=GETPWBYUID,
resultbuf=0x57bc64, buffer=0x827bec8 "", buflen=1024, result=0xbfffbd08)
at nscd_getpw_r.c:97
#5 0x0051fbb2 in __nscd_getpwuid_r (uid=0, resultbuf=0x57bc64,
buffer=0x827bec8 "", buflen=1024, result=0xbfffbd08) at nscd_getpw_r.c:65
#6 0x004b55d9 in __getpwuid_r (uid=0, resbuf=0x57bc64, buffer=0x827bec8 "",
buflen=1024, result=0xbfffbd08) at ../nss/getXXbyYY_r.c:194
#7 0x004b4e2f in getpwuid (uid=0) at ../nss/getXXbyYY.c:117
#8 0x0806ea90 in nmap_fetchfile_userdir_uid (buf=0xbfffe58c "", buflen=512,
file=0xbfffc0ac "updates/5.61TEST4/nmap-services", uid=0) at nmap.cc:2896
#9 0x0806eb7f in nmap_fetchfile_userdir (filename_returned=0xbfffe58c "",
bufferlen=512, file=0xbfffc0ac "updates/5.61TEST4/nmap-services")
at nmap.cc:2910
#10 nmap_fetchfile_sub (filename_returned=0xbfffe58c "", bufferlen=512,
file=0xbfffc0ac "updates/5.61TEST4/nmap-services") at nmap.cc:2946
#11 0x08070bd5 in nmap_fetchfile (filename_returned=0xbfffe58c "",
bufferlen=512, file=0x813dc41 "nmap-services") at nmap.cc:2868
#12 0x080c1d84 in nmap_services_init () at services.cc:166
#13 0x080c2bad in gettoppts (level=-1, portlist=0x827b7e8 "8080",
ports=0x826b9e0) at services.cc:409
---Type <return> to continue, or q <return> to quit---
#14 0x08074c0a in apply_delayed_options () at nmap.cc:1399
#15 0x080750e6 in nmap_main (argc=7, argv=0xbffff6e4) at nmap.cc:1563
#16 0x0806e9c5 in main (argc=7, argv=0xbffff6e4) at main.cc:198

socket(PF_FILE, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0) = 3
connect(3, {sa_family=AF_FILE, path="/var/run/nscd/socket"}, 110) = -1 ENOENT (No such file or directory)
close(3)                                = 0


#0 connect () at ../sysdeps/unix/sysv/linux/i386/socket.S:46
#1 0x00521c38 in open_socket (type=GETPWBYUID, key=0xbfffbca6 "0", keylen=2)
at nscd_helper.c:207
#2 0x005227e9 in __nscd_open_socket (key=0xbfffbca6 "0", keylen=2,
type=GETPWBYUID, response=0xbfffbc50, responselen=36) at nscd_helper.c:579
#3 0x0051f7e7 in nscd_getpw_r (key=0xbfffbca6 "0", keylen=2, type=GETPWBYUID,
resultbuf=0x57bc64, buffer=0x827bec8 "", buflen=1024, result=0xbfffbd08)
at nscd_getpw_r.c:127
#4 0x0051fbb2 in __nscd_getpwuid_r (uid=0, resultbuf=0x57bc64,
buffer=0x827bec8 "", buflen=1024, result=0xbfffbd08) at nscd_getpw_r.c:65
#5 0x004b55d9 in __getpwuid_r (uid=0, resbuf=0x57bc64, buffer=0x827bec8 "",
buflen=1024, result=0xbfffbd08) at ../nss/getXXbyYY_r.c:194
#6 0x004b4e2f in getpwuid (uid=0) at ../nss/getXXbyYY.c:117
#7 0x0806ea90 in nmap_fetchfile_userdir_uid (buf=0xbfffe58c "", buflen=512,
file=0xbfffc0ac "updates/5.61TEST4/nmap-services", uid=0) at nmap.cc:2896
#8 0x0806eb7f in nmap_fetchfile_userdir (filename_returned=0xbfffe58c "",
bufferlen=512, file=0xbfffc0ac "updates/5.61TEST4/nmap-services")
at nmap.cc:2910
#9 nmap_fetchfile_sub (filename_returned=0xbfffe58c "", bufferlen=512,
file=0xbfffc0ac "updates/5.61TEST4/nmap-services") at nmap.cc:2946
#10 0x08070bd5 in nmap_fetchfile (filename_returned=0xbfffe58c "",
bufferlen=512, file=0x813dc41 "nmap-services") at nmap.cc:2868
#11 0x080c1d84 in nmap_services_init () at services.cc:166
#12 0x080c2bad in gettoppts (level=-1, portlist=0x827b7e8 "8080",
ports=0x826b9e0) at services.cc:409
#13 0x08074c0a in apply_delayed_options () at nmap.cc:1399
#14 0x080750e6 in nmap_main (argc=7, argv=0xbffff6e4) at nmap.cc:1563
---Type <return> to continue, or q <return> to quit---
#15 0x0806e9c5 in main (argc=7, argv=0xbffff6e4) at main.cc:198



open("/etc/nsswitch.conf", O_RDONLY)    = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=513, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7804000
read(3, "# /etc/nsswitch.conf\n#\n# Example"..., 4096) = 513
read(3, "", 4096)                       = 0
close(3)                                = 0



munmap(0xb7804000, 4096)                = 0
open("/etc/ld.so.cache", O_RDONLY)      = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=94111, ...}) = 0
mmap2(NULL, 94111, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb77d3000
close(3)                                = 0

access("/etc/ld.so.nohwcap", F_OK)      = -1 ENOENT (No such file or directory)
open("/lib/i386-linux-gnu/libnss_compat.so.2", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0000\16\0\0004\0\0\0"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0644, st_size=26400, ...}) = 0
mmap2(NULL, 29268, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb59000
mmap2(0xb5f000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x5) = 0xb5f000
close(3)                                = 0

access("/etc/ld.so.nohwcap", F_OK)      = -1 ENOENT (No such file or directory)
open("/lib/i386-linux-gnu/libnsl.so.1", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\00001\0\0004\0\0\0"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0644, st_size=79672, ...}) = 0
mmap2(NULL, 92104, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xf6b000
mmap2(0xf7e000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x12) = 0xf7e000
mmap2(0xf80000, 6088, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0xf80000
close(3)                                = 0

mprotect(0xf7e000, 4096, PROT_READ)     = 0
mprotect(0xb5f000, 4096, PROT_READ)     = 0
munmap(0xb77d3000, 94111)               = 0
open("/etc/ld.so.cache", O_RDONLY)      = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=94111, ...}) = 0
mmap2(NULL, 94111, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb77d3000
close(3)                                = 0
access("/etc/ld.so.nohwcap", F_OK)      = -1 ENOENT (No such file or directory)
open("/lib/i386-linux-gnu/libnss_nis.so.2", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0000\31\0\0004\0\0\0"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0644, st_size=38500, ...}) = 0
mmap2(NULL, 41532, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x125000
mmap2(0x12e000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x8) = 0x12e000
close(3)                                = 0

access("/etc/ld.so.nohwcap", F_OK)      = -1 ENOENT (No such file or directory)
open("/lib/i386-linux-gnu/libnss_files.so.2", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\220\32\0\0004\0\0\0"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0644, st_size=42580, ...}) = 0
mmap2(NULL, 45780, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x8ec000
mmap2(0x8f6000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x9) = 0x8f6000
close(3)                                = 0

mprotect(0x8f6000, 4096, PROT_READ)     = 0
mprotect(0x12e000, 4096, PROT_READ)     = 0
munmap(0xb77d3000, 94111)               = 0
open("/etc/passwd", O_RDONLY|O_CLOEXEC) = 3

#0 open () at ../sysdeps/unix/syscall-template.S:82
#1 0x0048502f in _IO_file_open (fp=0x827d728,
filename=0x598ad8 "/etc/passwd", posix_mode=524288, prot=438,
read_write=8, is32not64=1) at fileops.c:232
#2 0x004851f8 in _IO_new_file_fopen (fp=0x827d728,
filename=0x598ad8 "/etc/passwd", mode=<value optimized out>, is32not64=1)
at fileops.c:336
#3 0x004795a4 in __fopen_internal (filename=0x598ad8 "/etc/passwd",
mode=0x598a88 "rme", is32=1) at iofopen.c:93
#4 0x0047960c in _IO_new_fopen (filename=0x598ad8 "/etc/passwd",
mode=0x598a88 "rme") at iofopen.c:107
#5 0x00595060 in internal_setpwent (ent=0xbfffbc40, stayopen=0, needent=0)
at nss_compat/compat-pwd.c:239
#6 0x0059699d in _nss_compat_getpwuid_r (uid=0, pwd=0x57bc64,
buffer=0x827bec8 "", buflen=1024, errnop=0xb7fe3688)
at nss_compat/compat-pwd.c:1109
#7 0x004b551b in __getpwuid_r (uid=0, resbuf=0x57bc64, buffer=0x827bec8 "",
buflen=1024, result=0xbfffbd08) at ../nss/getXXbyYY_r.c:256
#8 0x004b4e2f in getpwuid (uid=0) at ../nss/getXXbyYY.c:117
#9 0x0806ea90 in nmap_fetchfile_userdir_uid (buf=0xbfffe58c "", buflen=512,
file=0xbfffc0ac "updates/5.61TEST4/nmap-services", uid=0) at nmap.cc:2896
#10 0x0806eb7f in nmap_fetchfile_userdir (filename_returned=0xbfffe58c "",
bufferlen=512, file=0xbfffc0ac "updates/5.61TEST4/nmap-services")
at nmap.cc:2910
#11 nmap_fetchfile_sub (filename_returned=0xbfffe58c "", bufferlen=512,
file=0xbfffc0ac "updates/5.61TEST4/nmap-services") at nmap.cc:2946
#12 0x08070bd5 in nmap_fetchfile (filename_returned=0xbfffe58c "",
---Type <return> to continue, or q <return> to quit---
bufferlen=512, file=0x813dc41 "nmap-services") at nmap.cc:2868
#13 0x080c1d84 in nmap_services_init () at services.cc:166
#14 0x080c2bad in gettoppts (level=-1, portlist=0x827b7e8 "8080",
ports=0x826b9e0) at services.cc:409
#15 0x08074c0a in apply_delayed_options () at nmap.cc:1399
#16 0x080750e6 in nmap_main (argc=7, argv=0xbffff6e4) at nmap.cc:1563
#17 0x0806e9c5 in main (argc=7, argv=0xbffff6e4) at main.cc:198 



fcntl64(3, F_GETFD)                     = 0x1 (flags FD_CLOEXEC)
_llseek(3, 0, [0], SEEK_CUR)            = 0
fstat64(3, {st_mode=S_IFREG|0644, st_size=1704, ...}) = 0
mmap2(NULL, 1704, PROT_READ, MAP_SHARED, 3, 0) = 0xb7804000
_llseek(3, 1704, [1704], SEEK_SET)      = 0
munmap(0xb7804000, 1704)                = 0
close(3)                                = 0

stat64("/root/.nmap/updates/5.61TEST4/nmap-services", 0xbfa1eb7c) = -1 ENOENT (No such file or directory)
getuid32()                              = 0
geteuid32()                             = 0
readlink("/proc/self/exe", "/home/username/Nmap/source/main/nmap", 1024) = 61
stat64("/home/username/Nmap/source/main/updates/5.61TEST4/nmap-services", 0xbfa1eb7c) = -1 ENOENT (No such file or directory)
stat64("/home/username/Nmap/source/main/../share/nmap/updates/5.61TEST4/nmap-services", 0xbfa1eb7c) = -1 ENOENT (No such file or directory)
stat64("/usr/local/share/nmap/updates/5.61TEST4/nmap-services", 0xbfa1eb7c) = -1 ENOENT (No such file or directory)
getuid32()                              = 0
open("/etc/passwd", O_RDONLY|O_CLOEXEC) = 3

#0 open () at ../sysdeps/unix/syscall-template.S:82
#1 0x0048502f in _IO_file_open (fp=0x827d7e0,
filename=0x598ad8 "/etc/passwd", posix_mode=524288, prot=438,
read_write=8, is32not64=1) at fileops.c:232
#2 0x004851f8 in _IO_new_file_fopen (fp=0x827d7e0,
filename=0x598ad8 "/etc/passwd", mode=<value optimized out>, is32not64=1)
at fileops.c:336
#3 0x004795a4 in __fopen_internal (filename=0x598ad8 "/etc/passwd",
mode=0x598a88 "rme", is32=1) at iofopen.c:93
#4 0x0047960c in _IO_new_fopen (filename=0x598ad8 "/etc/passwd",
mode=0x598a88 "rme") at iofopen.c:107
#5 0x00595060 in internal_setpwent (ent=0xbfffbc40, stayopen=0, needent=0)
at nss_compat/compat-pwd.c:239
#6 0x0059699d in _nss_compat_getpwuid_r (uid=0, pwd=0x57bc64,
buffer=0x827bec8 "root", buflen=1024, errnop=0xb7fe3688)
at nss_compat/compat-pwd.c:1109
#7 0x004b551b in __getpwuid_r (uid=0, resbuf=0x57bc64,
buffer=0x827bec8 "root", buflen=1024, result=0xbfffbd08)
at ../nss/getXXbyYY_r.c:256
#8 0x004b4e2f in getpwuid (uid=0) at ../nss/getXXbyYY.c:117
#9 0x0806ea90 in nmap_fetchfile_userdir_uid (
buf=0xbfffe58c "/usr/local/share/nmap/updates/5.61TEST4/nmap-services",
buflen=512, file=0x813dc41 "nmap-services", uid=0) at nmap.cc:2896
#10 0x0806eb7f in nmap_fetchfile_userdir (
filename_returned=0xbfffe58c "/usr/local/share/nmap/updates/5.61TEST4/nmap-services", bufferlen=512, file=0x813dc41 "nmap-services") at nmap.cc:2910
#11 nmap_fetchfile_sub (
---Type <return> to continue, or q <return> to quit---
filename_returned=0xbfffe58c "/usr/local/share/nmap/updates/5.61TEST4/nmap-services", bufferlen=512, file=0x813dc41 "nmap-services") at nmap.cc:2946
#12 0x08070be4 in nmap_fetchfile (
filename_returned=0xbfffe58c "/usr/local/share/nmap/updates/5.61TEST4/nmap-services", bufferlen=512, file=0x813dc41 "nmap-services") at nmap.cc:2871
#13 0x080c1d84 in nmap_services_init () at services.cc:166
#14 0x080c2bad in gettoppts (level=-1, portlist=0x827b7e8 "8080",
ports=0x826b9e0) at services.cc:409
#15 0x08074c0a in apply_delayed_options () at nmap.cc:1399
#16 0x080750e6 in nmap_main (argc=7, argv=0xbffff6e4) at nmap.cc:1563
#17 0x0806e9c5 in main (argc=7, argv=0xbffff6e4) at main.cc:198 





_llseek(3, 0, [0], SEEK_CUR)            = 0
fstat64(3, {st_mode=S_IFREG|0644, st_size=1704, ...}) = 0
mmap2(NULL, 1704, PROT_READ, MAP_SHARED, 3, 0) = 0xb7804000
_llseek(3, 1704, [1704], SEEK_SET)      = 0
munmap(0xb7804000, 1704)                = 0
close(3)                                = 0

stat64("/root/.nmap/nmap-services", 0xbfa1eb7c) = -1 ENOENT (No such file or directory)
getuid32()                              = 0
geteuid32()                             = 0
readlink("/proc/self/exe", "/home/username/Nmap/source/main/nmap", 1024) = 61
stat64("/home/username/Nmap/source/main/nmap-services", {st_mode=S_IFREG|0644, st_size=621834, ...}) = 0
access("/home/username/Nmap/source/main/nmap-services", R_OK) = 0
stat64("./nmap-services", {st_mode=S_IFREG|0644, st_size=621834, ...}) = 0
access("./nmap-services", R_OK)         = 0
stat64("/home/username/Nmap/source/main/nmap-services", {st_mode=S_IFREG|0644, st_size=621834, ...}) = 0
stat64("./nmap-services", {st_mode=S_IFREG|0644, st_size=621834, ...}) = 0
open("/home/username/Nmap/source/main/nmap-services", O_RDONLY) = 3

#0 open () at ../sysdeps/unix/syscall-template.S:82
#1 0x0048502f in _IO_file_open (fp=0x827d7d0,
filename=0xbfffe58c "/home/username/Nmap/source/main/nmap-services", posix_mode=0, prot=438, read_write=8, is32not64=1)
at fileops.c:232
#2 0x004851f8 in _IO_new_file_fopen (fp=0x827d7d0,
filename=0xbfffe58c "/home/username/Nmap/source/main/nmap-services", mode=<value optimized out>, is32not64=1) at fileops.c:336
#3 0x004795a4 in __fopen_internal (
filename=0xbfffe58c "/home/username/Nmap/source/main/nmap-services", mode=0x81511ef "r", is32=1) at iofopen.c:93
#4 0x0047960c in _IO_new_fopen (
filename=0xbfffe58c "/home/username/Nmap/source/main/nmap-services", mode=0x81511ef "r") at iofopen.c:107
#5 0x080c1dbd in nmap_services_init () at services.cc:190
#6 0x080c2bad in gettoppts (level=-1, portlist=0x827b7e8 "8080",
ports=0x826b9e0) at services.cc:409
#7 0x08074c0a in apply_delayed_options () at nmap.cc:1399
#8 0x080750e6 in nmap_main (argc=7, argv=0xbffff6e4) at nmap.cc:1563
#9 0x0806e9c5 in main (argc=7, argv=0xbffff6e4) at main.cc:198 





fstat64(3, {st_mode=S_IFREG|0644, st_size=621834, ...}) = 0

[snip]

close(3)                                = 0

munmap(0xb7804000, 4096)                = 0
time(NULL)                              = 1336170738
stat64("/etc/localtime", {st_mode=S_IFREG|0644, st_size=3519, ...}) = 0
getuid32()                              = 0
open("/etc/passwd", O_RDONLY|O_CLOEXEC) = 3
_llseek(3, 0, [0], SEEK_CUR)            = 0
fstat64(3, {st_mode=S_IFREG|0644, st_size=1704, ...}) = 0
mmap2(NULL, 1704, PROT_READ, MAP_SHARED, 3, 0) = 0xb7804000
_llseek(3, 1704, [1704], SEEK_SET)      = 0
munmap(0xb7804000, 1704)                = 0
close(3)                                = 0

stat64("/root/.nmap/updates/5.61TEST4/nmap.xsl", 0xbfa1e61c) = -1 ENOENT (No such file or directory)
getuid32()                              = 0
geteuid32()                             = 0
readlink("/proc/self/exe", "/home/username/Nmap/source/main/nmap", 1024) = 61
stat64("/home/username/Nmap/source/main/updates/5.61TEST4/nmap.xsl", 0xbfa1e61c) = -1 ENOENT (No such file or directory)
stat64("/home/username/Nmap/source/main/../share/nmap/updates/5.61TEST4/nmap.xsl", 0xbfa1e61c) = -1 ENOENT (No such file or directory)
stat64("/usr/local/share/nmap/updates/5.61TEST4/nmap.xsl", 0xbfa1e61c) = -1 ENOENT (No such file or directory)
getuid32()                              = 0
open("/etc/passwd", O_RDONLY|O_CLOEXEC) = 3

#0 open () at ../sysdeps/unix/syscall-template.S:82
#1 0x0048502f in _IO_file_open (fp=0x84e0b40,
filename=0x598ad8 "/etc/passwd", posix_mode=524288, prot=438,
read_write=8, is32not64=1) at fileops.c:232
#2 0x004851f8 in _IO_new_file_fopen (fp=0x84e0b40,
filename=0x598ad8 "/etc/passwd", mode=<value optimized out>, is32not64=1)
at fileops.c:336
#3 0x004795a4 in __fopen_internal (filename=0x598ad8 "/etc/passwd",
mode=0x598a88 "rme", is32=1) at iofopen.c:93
#4 0x0047960c in _IO_new_fopen (filename=0x598ad8 "/etc/passwd",
mode=0x598a88 "rme") at iofopen.c:107
#5 0x00595060 in internal_setpwent (ent=0xbfffb6e0, stayopen=0, needent=0)
at nss_compat/compat-pwd.c:239
#6 0x0059699d in _nss_compat_getpwuid_r (uid=0, pwd=0x57bc64,
buffer=0x827bec8 "root", buflen=1024, errnop=0xb7fe3688)
at nss_compat/compat-pwd.c:1109
#7 0x004b551b in __getpwuid_r (uid=0, resbuf=0x57bc64,
buffer=0x827bec8 "root", buflen=1024, result=0xbfffb7a8)
at ../nss/getXXbyYY_r.c:256
#8 0x004b4e2f in getpwuid (uid=0) at ../nss/getXXbyYY.c:117
#9 0x0806ea90 in nmap_fetchfile_userdir_uid (buf=0xbfffdb8c "", buflen=4096,
file=0xbfffbb4c "updates/5.61TEST4/nmap.xsl", uid=0) at nmap.cc:2896
#10 0x0806eb7f in nmap_fetchfile_userdir (filename_returned=0xbfffdb8c "",
bufferlen=4096, file=0xbfffbb4c "updates/5.61TEST4/nmap.xsl")
at nmap.cc:2910
#11 nmap_fetchfile_sub (filename_returned=0xbfffdb8c "", bufferlen=4096,
file=0xbfffbb4c "updates/5.61TEST4/nmap.xsl") at nmap.cc:2946
---Type <return> to continue, or q <return> to quit---
#12 0x08070bd5 in nmap_fetchfile (filename_returned=0xbfffdb8c "",
bufferlen=4096, file=0x814e08f "nmap.xsl") at nmap.cc:2868
#13 0x080c9c66 in NmapOps::XSLStyleSheet (this=0x8275720) at NmapOps.cc:617
#14 0x08075222 in nmap_main (argc=7, argv=0xbffff6e4) at nmap.cc:1602
#15 0x0806e9c5 in main (argc=7, argv=0xbffff6e4) at main.cc:198 







_llseek(3, 0, [0], SEEK_CUR)            = 0
fstat64(3, {st_mode=S_IFREG|0644, st_size=1704, ...}) = 0
mmap2(NULL, 1704, PROT_READ, MAP_SHARED, 3, 0) = 0xb7804000
_llseek(3, 1704, [1704], SEEK_SET)      = 0
munmap(0xb7804000, 1704)                = 0
close(3)                                = 0

stat64("/root/.nmap/nmap.xsl", 0xbfa1e61c) = -1 ENOENT (No such file or directory)
getuid32()                              = 0
geteuid32()                             = 0
readlink("/proc/self/exe", "/home/username/Nmap/source/main/nmap", 1024) = 61
stat64("/home/username/Nmap/source/main/nmap.xsl", 0xbfa1e61c) = -1 ENOENT (No such file or directory)
stat64("/home/username/Nmap/source/main/../share/nmap/nmap.xsl", 0xbfa1e61c) = -1 ENOENT (No such file or directory)
stat64("/usr/local/share/nmap/nmap.xsl", 0xbfa1e61c) = -1 ENOENT (No such file or directory)
rt_sigaction(SIGPIPE, {SIG_IGN, [PIPE], SA_RESTART}, {SIG_DFL, [], 0}, 8) = 0
mmap2(NULL, 135168, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7767000
socket(PF_NETLINK, SOCK_RAW, 0)         = 3
bind(3, {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 0
getsockname(3, {sa_family=AF_NETLINK, pid=12696, groups=00000000}, [12]) = 0
time(NULL)                              = 1336170738
sendto(3, "\24\0\0\0\26\0\1\3\362X\244O\0\0\0\0\0\0\0\0", 20, 0, {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 20

recvmsg(3, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000000}, msg_iov(1)=[{"0\0\0\0\24\0\2\0\362X\244O\2301\0\0\2\10\200\376\1\0\0\0\10\0\1\0\177\0\0\1"..., 4096}], msg_controllen=0, msg_flags=0}, 0) = 108
recvmsg(3, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000000}, msg_iov(1)=[{"@\0\0\0\24\0\2\0\362X\244O\2301\0\0\n\200\200\376\1\0\0\0\24\0\1\0\0\0\0\0"..., 4096}], msg_controllen=0, msg_flags=0}, 0) = 128
recvmsg(3, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000000}, msg_iov(1)=[{"\24\0\0\0\3\0\2\0\362X\244O\2301\0\0\0\0\0\0\1\0\0\0\24\0\1\0\0\0\0\0"..., 4096}], msg_controllen=0, msg_flags=0}, 0) = 20
close(3)                                = 0

open("/etc/resolv.conf", O_RDONLY)      = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=76, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7766000
read(3, "# Generated by NetworkManager\nna"..., 4096) = 76
read(3, "", 4096)                       = 0
close(3)                                = 0

munmap(0xb7766000, 4096)                = 0
uname({sys="Linux", node="username-1015PX", ...}) = 0
socket(PF_FILE, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0) = 3
connect(3, {sa_family=AF_FILE, path="/var/run/nscd/socket"}, 110) = -1 ENOENT (No such file or directory)
close(3)                                = 0

#0 connect () at ../sysdeps/unix/sysv/linux/i386/socket.S:46
#1 0x00521c38 in open_socket (type=GETFDHST, key=0x5560c7 "hosts", keylen=6)
at nscd_helper.c:207
#2 0x00522171 in get_mapping (type=GETFDHST, key=0x5560c7 "hosts",
mappedp=0x57d9f4) at nscd_helper.c:293
#3 0x00522619 in __nscd_get_map_ref (type=GETFDHST, name=0x5560c7 "hosts",
mapptr=0x57d9f0, gc_cyclep=0xbfffe2ac) at nscd_helper.c:452
#4 0x00520284 in nscd_gethst_r (key=0x827d878 "localhost", keylen=10,
type=GETHOSTBYNAME, resultbuf=0xbfffe624, buffer=0xbfffe360 "\002",
buflen=512, result=0xbfffe640, h_errnop=0xbfffe63c) at nscd_gethst_r.c:126
#5 0x00520acf in __nscd_gethostbyname2_r (name=0x827d878 "localhost", af=2,
resultbuf=0xbfffe624, buffer=0xbfffe360 "\002", buflen=512,
result=0xbfffe640, h_errnop=0xbfffe63c) at nscd_gethst_r.c:62
#6 0x00505984 in __gethostbyname2_r (name=0x827d878 "localhost", af=2,
resbuf=0xbfffe624, buffer=0xbfffe360 "\002", buflen=512,
result=0xbfffe640, h_errnop=0xbfffe63c) at ../nss/getXXbyYY_r.c:194
#7 0x004c6359 in gaih_inet (name=0x827d878 "localhost",
service=<value optimized out>, req=0xbfffe7bc, pai=0xbfffe784,
naddrs=0xbfffe774) at ../sysdeps/posix/getaddrinfo.c:531
#8 0x004c6b2b in getaddrinfo (name=0x827d878 "localhost",
service=<value optimized out>, hints=0xbfffe7bc, pai=0xbfffe7dc)
at ../sysdeps/posix/getaddrinfo.c:2161
#9 0x0807b1a6 in resolve_all (hostname=0x827d878 "localhost", pf=2)
at tcpip.cc:449
#10 0x080cb023 in TargetGroup::parse_expr (this=0x84e4d08,
target_expr=0x827d868 "localhost", af=2) at TargetGroup.cc:182
#11 0x080799b9 in nexthost (hs=0x84e4ce8, exclude_group=0xbfffec34,
ports=0x826b9e0, pingtype=122) at targets.cc:403
#12 0x08075b8f in nmap_main (argc=7, argv=0xbffff6e4) at nmap.cc:1788
#13 0x0806e9c5 in main (argc=7, argv=0xbffff6e4) at main.cc:198 

socket(PF_FILE, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0) = 3
connect(3, {sa_family=AF_FILE, path="/var/run/nscd/socket"}, 110) = -1 ENOENT (No such file or directory)
close(3)                                = 0

#0 connect () at ../sysdeps/unix/sysv/linux/i386/socket.S:46
#1 0x00521c38 in open_socket (type=GETHOSTBYNAME, key=0x827d878 "localhost",
keylen=10) at nscd_helper.c:207
#2 0x005227e9 in __nscd_open_socket (key=0x827d878 "localhost", keylen=10,
type=GETHOSTBYNAME, response=0xbfffe28c, responselen=32)
at nscd_helper.c:579
#3 0x005203c4 in nscd_gethst_r (key=0x827d878 "localhost", keylen=10,
type=GETHOSTBYNAME, resultbuf=0xbfffe624, buffer=0xbfffe360 "\002",
buflen=512, result=0xbfffe640, h_errnop=0xbfffe63c) at nscd_gethst_r.c:189
#4 0x00520acf in __nscd_gethostbyname2_r (name=0x827d878 "localhost", af=2,
resultbuf=0xbfffe624, buffer=0xbfffe360 "\002", buflen=512,
result=0xbfffe640, h_errnop=0xbfffe63c) at nscd_gethst_r.c:62
#5 0x00505984 in __gethostbyname2_r (name=0x827d878 "localhost", af=2,
resbuf=0xbfffe624, buffer=0xbfffe360 "\002", buflen=512,
result=0xbfffe640, h_errnop=0xbfffe63c) at ../nss/getXXbyYY_r.c:194
#6 0x004c6359 in gaih_inet (name=0x827d878 "localhost",
service=<value optimized out>, req=0xbfffe7bc, pai=0xbfffe784,
naddrs=0xbfffe774) at ../sysdeps/posix/getaddrinfo.c:531
#7 0x004c6b2b in getaddrinfo (name=0x827d878 "localhost",
service=<value optimized out>, hints=0xbfffe7bc, pai=0xbfffe7dc)
at ../sysdeps/posix/getaddrinfo.c:2161
#8 0x0807b1a6 in resolve_all (hostname=0x827d878 "localhost", pf=2)
at tcpip.cc:449
#9 0x080cb023 in TargetGroup::parse_expr (this=0x84e4d08,
target_expr=0x827d868 "localhost", af=2) at TargetGroup.cc:182
#10 0x080799b9 in nexthost (hs=0x84e4ce8, exclude_group=0xbfffec34,
ports=0x826b9e0, pingtype=122) at targets.cc:403
---Type <return> to continue, or q <return> to quit---
#11 0x08075b8f in nmap_main (argc=7, argv=0xbffff6e4) at nmap.cc:1788
#12 0x0806e9c5 in main (argc=7, argv=0xbffff6e4) at main.cc:198

open("/etc/host.conf", O_RDONLY)        = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=92, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7766000
read(3, "# The \"order\" line is only used "..., 4096) = 92
read(3, "", 4096)                       = 0
close(3)                                = 0



munmap(0xb7766000, 4096)                = 0
open("/etc/hosts", O_RDONLY|O_CLOEXEC)  = 3
fcntl64(3, F_GETFD)                     = 0x1 (flags FD_CLOEXEC)
fstat64(3, {st_mode=S_IFREG|0644, st_size=229, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7766000
read(3, "127.0.0.1\tlocalhost\n127.0.1.1\tjr"..., 4096) = 229
read(3, "", 4096)                       = 0
close(3)                                = 0

munmap(0xb7766000, 4096)                = 0
socket(PF_NETLINK, SOCK_RAW, 0)         = 3
bind(3, {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 0
sendmsg(3, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000000}, msg_iov(1)=[{"$\0\0\0\32\0\1\0\0\0\0\0\0\0\0\0\2 \0\0\0\0\0\0\0\0\0\0\10\0\1\0"..., 36}], msg_controllen=0, msg_flags=0}, 0) = 36
recvmsg(3, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000000}, msg_iov(1)=[{"`\0\0\0\30\0\0\0\0\0\0\0\2301\0\0\2 \0\0\376\0\0\2\0\2\0\200\10\0\17\0"..., 512}], msg_controllen=0, msg_flags=0}, 0) = 96
close(3)                                = 0
access("/proc/net", R_OK)               = 0
access("/proc/net/unix", R_OK)          = 0
socket(PF_FILE, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 3
ioctl(3, SIOCGIFNAME, {ifr_index=1, ifr_name="lo"}) = 0
close(3)                                = 0

socket(PF_INET, SOCK_DGRAM, IPPROTO_IP) = 3
setsockopt(3, SOL_SOCKET, SO_BROADCAST, [1], 4) = 0
open("/proc/net/dev", O_RDONLY)         = 4
ioctl(3, SIOCGIFCONF, {64, {{"lo", {AF_INET, inet_addr("127.0.0.1")}}, {"wlan0", {AF_INET, inet_addr("192.168.1.105")}}}}) = 0
fstat64(4, {st_mode=S_IFREG|0444, st_size=0, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7766000
read(4, "Inter-|   Receive               "..., 1024) = 573
socket(PF_FILE, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 5
ioctl(5, SIOCGIFINDEX, {ifr_name="lo", ifr_index=1}) = 0
close(5)                                = 0

ioctl(3, SIOCGIFFLAGS, {ifr_name="lo", ifr_flags=IFF_UP|IFF_LOOPBACK|IFF_RUNNING}) = 0
ioctl(3, SIOCGIFMTU, {ifr_name="lo", ifr_mtu=16436}) = 0
ioctl(3, SIOCGIFADDR, {ifr_name="lo", ifr_addr={AF_INET, inet_addr("127.0.0.1")}}) = 0
ioctl(3, SIOCGIFNETMASK, {ifr_name="lo", ifr_netmask={AF_INET, inet_addr("255.0.0.0")}}) = 0
open("/proc/net/if_inet6", O_RDONLY)    = 5
fstat64(5, {st_mode=S_IFREG|0444, st_size=0, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7765000
read(5, "fe80000000000000e2b9a5fffe044300"..., 1024) = 108
read(5, "", 1024)                       = 0
close(5)                                = 0
munmap(0xb7765000, 4096)                = 0

socket(PF_NETLINK, SOCK_RAW, 0)         = 5
bind(5, {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 0
getsockname(5, {sa_family=AF_NETLINK, pid=12696, groups=00000000}, [12]) = 0
time(NULL)                              = 1336170738
sendto(5, "\24\0\0\0\26\0\1\3\362X\244O\0\0\0\0\0\0\0\0", 20, 0, {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 20
recvmsg(5, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000000}, msg_iov(1)=[{"0\0\0\0\24\0\2\0\362X\244O\2301\0\0\2\10\200\376\1\0\0\0\10\0\1\0\177\0\0\1"..., 4096}], msg_controllen=0, msg_flags=0}, 0) = 108
 
#0 sendto () at ../sysdeps/unix/sysv/linux/i386/socket.S:46
#1 0x0051000b in make_request (fd=6, pid=15825, seen_ipv4=0xbfffe78b, seen_ipv6=0xbfffe78a, in6ai=0xbfffe780, in6ailen=0xbfffe77c)at ../sysdeps/unix/sysv/linux/check_pf.c:99
#2 0x005104f4 in __check_pf (seen_ipv4=0xbfffe78b, seen_ipv6=0xbfffe78a, in6ai=0xbfffe780, in6ailen=0xbfffe77c) at ../sysdeps/unix/sysv/linux/check_pf.c:277
#3 0x004c6abb in getaddrinfo (name=0x827d878 "localhost", service=<value optimized out>, hints=0xbfffe7bc, pai=0xbfffe7dc) at ../sysdeps/posix/getaddrinfo.c:2109
#4 0x0807b1a6 in resolve_all (hostname=0x827d878 "localhost", pf=2) at tcpip.cc:449
#5 0x080cb023 in TargetGroup::parse_expr (this=0x84e4d08,  target_expr=0x827d868 "localhost", af=2) at TargetGroup.cc:182
#6 0x080799b9 in nexthost (hs=0x84e4ce8, exclude_group=0xbfffec34, ports=0x826b9e0, pingtype=122) at targets.cc:403
#7 0x08075b8f in nmap_main (argc=7, argv=0xbffff6e4) at nmap.cc:1788
#8 0x0806e9c5 in main (argc=7, argv=0xbffff6e4) at main.cc:198

recvmsg(5, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000000}, msg_iov(1)=[{"@\0\0\0\24\0\2\0\362X\244O\2301\0\0\n\200\200\376\1\0\0\0\24\0\1\0\0\0\0\0"..., 4096}], msg_controllen=0, msg_flags=0}, 0) = 128
recvmsg(5, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000000}, msg_iov(1)=[{"\24\0\0\0\3\0\2\0\362X\244O\2301\0\0\0\0\0\0\1\0\0\0\24\0\1\0\0\0\0\0"..., 4096}], msg_controllen=0, msg_flags=0}, 0) = 20
close(5)                                = 0

socket(PF_NETLINK, SOCK_RAW, 0)         = 5
bind(5, {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 0
getsockname(5, {sa_family=AF_NETLINK, pid=12696, groups=00000000}, [12]) = 0
time(NULL)                              = 1336170738
sendto(5, "\24\0\0\0\26\0\1\3\362X\244O\0\0\0\0\0\0\0\0", 20, 0, {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 20 

#0  sendto () at ../sysdeps/unix/sysv/linux/i386/socket.S:46
#1  0x0051000b in make_request (fd=8, pid=15825, seen_ipv4=0xbfff9f3b, seen_ipv6=0xbfff9f3a, in6ai=0xbfff9f30, in6ailen=0xbfff9f2c) at ../sysdeps/unix/sysv/linux/check_pf.c:99
#2  0x005104f4 in __check_pf (seen_ipv4=0xbfff9f3b, seen_ipv6=0xbfff9f3a, in6ai=0xbfff9f30, in6ailen=0xbfff9f2c) at ../sysdeps/unix/sysv/linux/check_pf.c:277
#3  0x004c6abb in getaddrinfo (name=0xbfff9f9b "127.0.0.1", service=<value optimized out>, hints=0xbfff9f74, pai=0xbfff9f94) at ../sysdeps/posix/getaddrinfo.c:2109
#4  0x0812255d in canonicalize_address (ss=0xbfffa3ec, output=0x84e98c8) at netutil.cc:1239
#5  0x08122838 in collect_dnet_interfaces (entry=0xbfffa4bc, arg=0xbfffe4fc) at netutil.cc:1272
#6  0x081363f8 in intf_loop (intf=0x84ea470, callback=0x81225d0 <collect_dnet_interfaces(intf_entry const*, void*)>, arg=0xbfffe4fc) at intf.c:884
#7  0x0812416d in getinterfaces_dnet (howmany=0xbfffe55c, errstr=0x0, errstrlen=0) at netutil.cc:1342
#8  getinterfaces (howmany=0xbfffe55c, errstr=0x0, errstrlen=0) at netutil.cc:1365
#9  0x0812435e in getInterfaceByName (iname=0xbfffe7fc "lo", af=2) at netutil.cc:1425
#10 0x0812481f in route_dst_netlink (dst=0xbfffeafc, rnfo=0xbfffe93c, device=0x8275750 "", spoofss=0x0) at netutil.cc:3126
#11 0x0807dd68 in nmap_route_dst (dst=0xbfffeafc, rnfo=0xbfffe93c)at tcpip.cc:2025
#12 0x08079873 in nexthost (hs=0x84e4ce8, exclude_group=0xbfffec34, ports=0x826b9e0, pingtype=122) at targets.cc:361
#13 0x08075b8f in nmap_main (argc=7, argv=0xbffff6e4) at nmap.cc:1788
#14 0x0806e9c5 in main (argc=7, argv=0xbffff6e4) at main.cc:198

recvmsg(5, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000000}, msg_iov(1)=[{"0\0\0\0\24\0\2\0\362X\244O\2301\0\0\2\10\200\376\1\0\0\0\10\0\1\0\177\0\0\1"..., 4096}], msg_controllen=0, msg_flags=0}, 0) = 108
recvmsg(5, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000000}, msg_iov(1)=[{"@\0\0\0\24\0\2\0\362X\244O\2301\0\0\n\200\200\376\1\0\0\0\24\0\1\0\0\0\0\0"..., 4096}], msg_controllen=0, msg_flags=0}, 0) = 128
recvmsg(5, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000000}, msg_iov(1)=[{"\24\0\0\0\3\0\2\0\362X\244O\2301\0\0\0\0\0\0\1\0\0\0\24\0\1\0\0\0\0\0"..., 4096}], msg_controllen=0, msg_flags=0}, 0) = 20
close(5)                                = 0

socket(PF_FILE, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 5
ioctl(5, SIOCGIFINDEX, {ifr_name="eth0", ifr_index=2}) = 0
close(5)                                = 0

ioctl(3, SIOCGIFFLAGS, {ifr_name="eth0", ifr_flags=IFF_UP|IFF_BROADCAST|IFF_MULTICAST}) = 0
ioctl(3, SIOCGIFMTU, {ifr_name="eth0", ifr_mtu=1500}) = 0
ioctl(3, SIOCGIFADDR, {ifr_name="eth0", ???}) = -1 EADDRNOTAVAIL (Cannot assign requested address)
ioctl(3, SIOCGIFHWADDR, {ifr_name="eth0", ifr_hwaddr=f4:6d:04:b8:e3:20}) = 0
open("/proc/net/if_inet6", O_RDONLY)    = 5
fstat64(5, {st_mode=S_IFREG|0444, st_size=0, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7765000
read(5, "fe80000000000000e2b9a5fffe044300"..., 1024) = 108
read(5, "", 1024)                       = 0
close(5)                                = 0

munmap(0xb7765000, 4096)                = 0
socket(PF_FILE, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 5
ioctl(5, SIOCGIFINDEX, {ifr_name="wlan0", ifr_index=3}) = 0
close(5)                                = 0

ioctl(3, SIOCGIFFLAGS, {ifr_name="wlan0", ifr_flags=IFF_UP|IFF_BROADCAST|IFF_RUNNING|IFF_MULTICAST}) = 0
ioctl(3, SIOCGIFMTU, {ifr_name="wlan0", ifr_mtu=1500}) = 0
ioctl(3, SIOCGIFADDR, {ifr_name="wlan0", ifr_addr={AF_INET, inet_addr("192.168.1.105")}}) = 0
ioctl(3, SIOCGIFNETMASK, {ifr_name="wlan0", ifr_netmask={AF_INET, inet_addr("255.255.255.0")}}) = 0
ioctl(3, SIOCGIFHWADDR, {ifr_name="wlan0", ifr_hwaddr=e0:b9:a5:04:43:00}) = 0

open("/proc/net/if_inet6", O_RDONLY)    = 5
fstat64(5, {st_mode=S_IFREG|0444, st_size=0, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7765000
read(5, "fe80000000000000e2b9a5fffe044300"..., 1024) = 108
read(5, "", 1024)                       = 0
close(5)                                = 0

munmap(0xb7765000, 4096)                = 0
socket(PF_NETLINK, SOCK_RAW, 0)         = 5
bind(5, {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 0
getsockname(5, {sa_family=AF_NETLINK, pid=12696, groups=00000000}, [12]) = 0
time(NULL)                              = 1336170738
sendto(5, "\24\0\0\0\26\0\1\3\362X\244O\0\0\0\0\0\0\0\0", 20, 0, {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 20
recvmsg(5, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000000}, msg_iov(1)=[{"0\0\0\0\24\0\2\0\362X\244O\2301\0\0\2\10\200\376\1\0\0\0\10\0\1\0\177\0\0\1"..., 4096}], msg_controllen=0, msg_flags=0}, 0) = 108
#0  sendto () at ../sysdeps/unix/sysv/linux/i386/socket.S:46
#1  0x0051000b in make_request (fd=8, pid=15825, seen_ipv4=0xbfff9f3b, seen_ipv6=0xbfff9f3a, in6ai=0xbfff9f30, in6ailen=0xbfff9f2c) at ../sysdeps/unix/sysv/linux/check_pf.c:99
#2  0x005104f4 in __check_pf (seen_ipv4=0xbfff9f3b, seen_ipv6=0xbfff9f3a, in6ai=0xbfff9f30, in6ailen=0xbfff9f2c) at ../sysdeps/unix/sysv/linux/check_pf.c:277
#3  0x004c6abb in getaddrinfo (name=0xbfff9f9b "::1", service=<value optimized out>, hints=0xbfff9f74, pai=0xbfff9f94) at ../sysdeps/posix/getaddrinfo.c:2109
#4  0x0812255d in canonicalize_address (ss=0xbfffa3ec, output=0x84e9984) at netutil.cc:1239
#5  0x081228b8 in collect_dnet_interfaces (entry=0xbfffa4bc, arg=0xbfffe4fc) at netutil.cc:1281
#6  0x081363f8 in intf_loop (intf=0x84ea470, callback=0x81225d0 <collect_dnet_interfaces(intf_entry const*, void*)>, arg=0xbfffe4fc) at intf.c:884
#7  0x0812416d in getinterfaces_dnet (howmany=0xbfffe55c, errstr=0x0, errstrlen=0) at netutil.cc:1342
#8  getinterfaces (howmany=0xbfffe55c, errstr=0x0, errstrlen=0) at netutil.cc:1365
#9  0x0812435e in getInterfaceByName (iname=0xbfffe7fc "lo", af=2) at netutil.cc:1425
#10 0x0812481f in route_dst_netlink (dst=0xbfffeafc, rnfo=0xbfffe93c, device=0x8275750 "", spoofss=0x0) at netutil.cc:3126
#11 0x0807dd68 in nmap_route_dst (dst=0xbfffeafc, rnfo=0xbfffe93c) at tcpip.cc:2025
#12 0x08079873 in nexthost (hs=0x84e4ce8, exclude_group=0xbfffec34, ports=0x826b9e0, pingtype=122) at targets.cc:361
#13 0x08075b8f in nmap_main (argc=7, argv=0xbffff6e4) at nmap.cc:1788
#14 0x0806e9c5 in main (argc=7, argv=0xbffff6e4) at main.cc:198
recvmsg(5, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000000}, msg_iov(1)=[{"@\0\0\0\24\0\2\0\362X\244O\2301\0\0\n\200\200\376\1\0\0\0\24\0\1\0\0\0\0\0"..., 4096}], msg_controllen=0, msg_flags=0}, 0) = 128
recvmsg(5, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000000}, msg_iov(1)=[{"\24\0\0\0\3\0\2\0\362X\244O\2301\0\0\0\0\0\0\1\0\0\0\24\0\1\0\0\0\0\0"..., 4096}], msg_controllen=0, msg_flags=0}, 0) = 20
close(5)                                = 0

socket(PF_NETLINK, SOCK_RAW, 0)         = 5
bind(5, {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 0
getsockname(5, {sa_family=AF_NETLINK, pid=12696, groups=00000000}, [12]) = 0
time(NULL)                              = 1336170738
sendto(5, "\24\0\0\0\26\0\1\3\362X\244O\0\0\0\0\0\0\0\0", 20, 0, {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 20

#0  sendto () at ../sysdeps/unix/sysv/linux/i386/socket.S:46
#1  0x0051000b in make_request (fd=8, pid=15825, seen_ipv4=0xbfff9f3b, seen_ipv6=0xbfff9f3a, in6ai=0xbfff9f30, in6ailen=0xbfff9f2c) at ../sysdeps/unix/sysv/linux/check_pf.c:99
#2  0x005104f4 in __check_pf (seen_ipv4=0xbfff9f3b, seen_ipv6=0xbfff9f3a, in6ai=0xbfff9f30, in6ailen=0xbfff9f2c) at ../sysdeps/unix/sysv/linux/check_pf.c:277
#3  0x004c6abb in getaddrinfo (name=0xbfff9f9b "192.168.1.105", service=<value optimized out>, hints=0xbfff9f74, pai=0xbfff9f94) at ../sysdeps/posix/getaddrinfo.c:2109
#4  0x0812255d in canonicalize_address (ss=0xbfffa3ec, output=0x84e9afc) at netutil.cc:1239
#5  0x08122838 in collect_dnet_interfaces (entry=0xbfffa4bc, arg=0xbfffe4fc) at netutil.cc:1272
#6  0x081363f8 in intf_loop (intf=0x84ea470, callback=0x81225d0 <collect_dnet_interfaces(intf_entry const*, void*)>, arg=0xbfffe4fc) at intf.c:884
#7  0x0812416d in getinterfaces_dnet (howmany=0xbfffe55c, errstr=0x0, errstrlen=0) at netutil.cc:1342
#8  getinterfaces (howmany=0xbfffe55c, errstr=0x0, errstrlen=0) at netutil.cc:1365
#9  0x0812435e in getInterfaceByName (iname=0xbfffe7fc "lo", af=2) at netutil.cc:1425
#10 0x0812481f in route_dst_netlink (dst=0xbfffeafc, rnfo=0xbfffe93c, device=0x8275750 "", spoofss=0x0) at netutil.cc:3126
#11 0x0807dd68 in nmap_route_dst (dst=0xbfffeafc, rnfo=0xbfffe93c) at tcpip.cc:2025
#12 0x08079873 in nexthost (hs=0x84e4ce8, exclude_group=0xbfffec34, ports=0x826b9e0, pingtype=122) at targets.cc:361
#13 0x08075b8f in nmap_main (argc=7, argv=0xbffff6e4) at nmap.cc:1788
#14 0x0806e9c5 in main (argc=7, argv=0xbffff6e4) at main.cc:198

recvmsg(5, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000000}, 
msg_iov(1)=[{"0\0\0\0\24\0\2\0\362X\244O\2301\0\0\2\10\200\376\1\0\0\0\10\0\1\0\177\0\0\1"..., 4096}], msg_controllen=0, msg_flags=0}, 0) = 108
recvmsg(5, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000000}, msg_iov(1)=[{"@\0\0\0\24\0\2\0\362X\244O\2301\0\0\n\200\200\376\1\0\0\0\24\0\1\0\0\0\0\0"..., 4096}], msg_controllen=0, msg_flags=0}, 0) = 128
recvmsg(5, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000000}, msg_iov(1)=[{"\24\0\0\0\3\0\2\0\362X\244O\2301\0\0\0\0\0\0\1\0\0\0\24\0\1\0\0\0\0\0"..., 4096}], msg_controllen=0, msg_flags=0}, 0) = 20
close(5)                                = 0

read(4, "", 1024)                       = 0
close(4)                                = 0

munmap(0xb7766000, 4096)                = 0
close(3)                                = 0

gettimeofday({1336170738, 657497}, NULL) = 0
getuid32()                              = 0
open("/etc/passwd", O_RDONLY|O_CLOEXEC) = 3
_llseek(3, 0, [0], SEEK_CUR)            = 0
fstat64(3, {st_mode=S_IFREG|0644, st_size=1704, ...}) = 0
mmap2(NULL, 1704, PROT_READ, MAP_SHARED, 3, 0) = 0xb7766000
_llseek(3, 1704, [1704], SEEK_SET)      = 0
munmap(0xb7766000, 1704)                = 0
close(3)                                = 0

stat64("/root/.nmap/updates/5.61TEST4/nmap-payloads", 0xbfa1f24c) = -1 ENOENT (No such file or directory)
getuid32()                              = 0
geteuid32()                             = 0
readlink("/proc/self/exe", "/home/username/Nmap/source/main/nmap", 1024) = 61
stat64("/home/username/Nmap/source/main/updates/5.61TEST4/nmap-payloads", 0xbfa1f24c) = -1 ENOENT (No such file or directory)
stat64("/home/username/Nmap/source/main/../share/nmap/updates/5.61TEST4/nmap-payloads", 0xbfa1f24c) = -1 ENOENT (No such file or directory)
stat64("/usr/local/share/nmap/updates/5.61TEST4/nmap-payloads", 0xbfa1f24c) = -1 ENOENT (No such file or directory)
getuid32()                              = 0
open("/etc/passwd", O_RDONLY|O_CLOEXEC) = 3
_llseek(3, 0, [0], SEEK_CUR)            = 0
fstat64(3, {st_mode=S_IFREG|0644, st_size=1704, ...}) = 0
mmap2(NULL, 1704, PROT_READ, MAP_SHARED, 3, 0) = 0xb7766000
_llseek(3, 1704, [1704], SEEK_SET)      = 0
munmap(0xb7766000, 1704)                = 0
close(3)                                = 0

stat64("/root/.nmap/nmap-payloads", 0xbfa1f24c) = -1 ENOENT (No such file or directory)
getuid32()                              = 0
geteuid32()                             = 0
readlink("/proc/self/exe", "/home/username/Nmap/source/main/nmap", 1024) = 61
stat64("/home/username/Nmap/source/main/nmap-payloads", {st_mode=S_IFREG|0644, st_size=9981, ...}) = 0
access("/home/username/Nmap/source/main/nmap-payloads", R_OK) = 0
stat64("./nmap-payloads", {st_mode=S_IFREG|0644, st_size=9981, ...}) = 0
access("./nmap-payloads", R_OK)         = 0
stat64("/home/username/Nmap/source/main/nmap-payloads", {st_mode=S_IFREG|0644, st_size=9981, ...}) = 0

stat64("./nmap-payloads", {st_mode=S_IFREG|0644, st_size=9981, ...}) = 0
open("/home/username/Nmap/source/main/nmap-payloads", O_RDONLY) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=9981, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7766000
read(3, "# Nmap nmap payload database -*-"..., 4096) = 4096
read(3, "164, IPSEC, IDENTITY.\n  \"\\x00\\x0"..., 4096) = 4096
read(3, "erver and will be ignored.\nudp 6"..., 4096) = 1789
read(3, "", 4096)                       = 0
close(3)                                = 0

munmap(0xb7766000, 4096)                = 0

gettimeofday({1336170738, 668598}, NULL) = 0
gettimeofday({1336170738, 668758}, NULL) = 0
gettimeofday({1336170738, 668899}, NULL) = 0
gettimeofday({1336170738, 669055}, NULL) = 0

socket(PF_INET, SOCK_RAW, IPPROTO_RAW)  = 3
setsockopt(3, SOL_SOCKET, SO_BROADCAST, [1], 4) = 0
setsockopt(3, SOL_IP, IP_HDRINCL, [1], 4) = 0

socket(PF_PACKET, SOCK_RAW, 768)        = 4
ioctl(4, SIOCGIFINDEX, {ifr_name="lo", ifr_index=1}) = 0
ioctl(4, SIOCGIFHWADDR, {ifr_name="lo", ifr_hwaddr=00:00:00:00:00:00}) = 0
ioctl(4, SIOCGIFINDEX, {ifr_name="lo", ifr_index=1}) = 0
bind(4, {sa_family=AF_PACKET, proto=0x03, if1, pkttype=PACKET_HOST, addr(0)={0, }, 20) = 0
getsockopt(4, SOL_SOCKET, SO_ERROR, [0], [4]) = 0
setsockopt(4, SOL_PACKET, PACKET_AUXDATA, [1], 4) = 0
setsockopt(4, SOL_SOCKET, SO_ATTACH_FILTER, "\1\0\0\0\f\270&\10", 8) = 0
fcntl64(4, F_GETFL)                     = 0x2 (flags O_RDWR)
fcntl64(4, F_SETFL, O_RDWR|O_NONBLOCK)  = 0
recv(4, 0xbfa20baf, 1, MSG_TRUNC)       = -1 EAGAIN (Resource temporarily unavailable)
fcntl64(4, F_SETFL, O_RDWR)             = 0
setsockopt(4, SOL_SOCKET, SO_ATTACH_FILTER, ":\0\0\0`(\25\t", 8) = 0

gettimeofday({1336170738, 709933}, NULL) = 0
gettimeofday({1336170738, 710120}, NULL) = 0
gettimeofday({1336170738, 710323}, NULL) = 0
gettimeofday({1336170738, 710506}, NULL) = 0
gettimeofday({1336170738, 710693}, NULL) = 0
sendto(3, "E\0\0,\237a\0\0004\6\351h\177\0\0\1\177\0\0\1\211\24\37\220\30W|\31\0\0\0\0"..., 44, 0, {sa_family=AF_INET, sin_port=htons(8080), sin_addr=inet_addr("127.0.0.1")}, 16) = 44

#0  sendto () at ../sysdeps/unix/sysv/linux/i386/socket.S:46
#1  0x08128bde in Sendto (functionname=0x816c8d1 "send_ip_packet_sd", sd=6,  packet=0x84eac70 "E", len=44, flags=0, to=0xbfffe71c, tolen=16) at netutil.cc:3382
#2  0x08128e87 in send_ip_packet_sd (sd=6, dst=0x84e95a4, packet=0x84eac70 "E", packetlen=44) at netutil.cc:3477
#3  0x0807b2e3 in send_ipv4_packet (sd=6, eth=0x0, dst=0x84e95a4, packet=0x84eac70 "E", packetlen=44) at tcpip.cc:473
#4  send_ip_packet (sd=6, eth=0x0, dst=0x84e95a4, packet=0x84eac70 "E", packetlen=44) at tcpip.cc:504
#5  0x080b1f3b in sendIPScanProbe (USI=0x84ea4a8, hss=0x84eb018, pspec=0xbfffea24, tryno=0 '\000', pingseq=0 '\000') at scan_engine.cc:3335
#6  0x080be1cc in sendNextScanProbe (Targets=..., ports=0x826b9e0, scantype=SYN_SCAN, to=0x0) at scan_engine.cc:3551
#7  doAnyNewProbes (Targets=..., ports=0x826b9e0, scantype=SYN_SCAN, to=0x0) at scan_engine.cc:3588
#8  ultra_scan (Targets=..., ports=0x826b9e0, scantype=SYN_SCAN, to=0x0) at scan_engine.cc:5641
#9  0x08076874 in nmap_main (argc=7, argv=0xbffff6e4) at nmap.cc:1889
#10 0x0806e9c5 in main (argc=7, argv=0xbffff6e4) at main.cc:198






gettimeofday({1336170738, 711404}, NULL) = 0
 
write(1, "SENT (0.4265s) TCP 127.0.0.1:350"..., 114) = 114
  • #9 log_vwrite (logt=1024, fmt=0x8143938 "%s (%.4fs) %s\n", ap=0xbfffe708 "h8\024\b") at output.cc:930
  • #10 0x080a555b in log_write (logt=1025, fmt=0x8143938 "%s (%.4fs) %s\n") at output.cc:983
  • #11 0x0807addc in PacketTrace::trace (pdir=1, packet=0x84eac70 "E", len=44, now=0x0) at tcpip.cc:342
  • #12 0x0807b23e in send_ipv6_packet (sd=6, eth=0x0, dst=0x84e95a4, packet=0x84eac70 "E", packetlen=44) at tcpip.cc:488
  • #13 send_ip_packet (sd=6, eth=0x0, dst=0x84e95a4, packet=0x84eac70 "E", packetlen=44) at tcpip.cc:507
  • #14 0x080b1f3b in sendIPScanProbe (USI=0x84ea4a8, hss=0x84eb018, pspec=0xbfffea24, tryno=0 '\000', pingseq=0 '\000') at scan_engine.cc:3335
  • #15 0x080be1cc in sendNextScanProbe (Targets=..., ports=0x826b9e0, scantype=SYN_SCAN, to=0x0) at scan_engine.cc:3551
  • #16 doAnyNewProbes (Targets=..., ports=0x826b9e0, scantype=SYN_SCAN, to=0x0) at scan_engine.cc:3588
  • #17 ultra_scan (Targets=..., ports=0x826b9e0, scantype=SYN_SCAN, to=0x0) at scan_engine.cc:5641
  • #18 0x08076874 in nmap_main (argc=7, argv=0xbffff6e4) at nmap.cc:1889
  • #19 0x0806e9c5 in main (argc=7, argv=0xbffff6e4) at main.cc:198

  • #9  log_vwrite (logt=1024, fmt=0x8143938 "%s (%.4fs) %s\n", ap=0xbfffe708 "h8\024\b") at output.cc:930
  • #10 0x080a555b in log_write (logt=1025, fmt=0x8143938 "%s (%.4fs) %s\n") at output.cc:983
  • #11 0x0807addc in PacketTrace::trace (pdir=1, packet=0x84eb5c8 "E", len=44, now=0x0) at tcpip.cc:342
  • #12 0x0807b23e in send_ipv6_packet (sd=6, eth=0x0, dst=0x84e95a4, packet=0x84eb5c8 "E", packetlen=44) at tcpip.cc:488
  • #13 send_ip_packet (sd=6, eth=0x0, dst=0x84e95a4, packet=0x84eb5c8 "E", packetlen=44) at tcpip.cc:507
  • #14 0x080b1f3b in sendIPScanProbe (USI=0x84ea4a8, hss=0x84eb018,  pspec=0x84ea5f8, tryno=1 '\001', pingseq=0 '\000') at scan_engine.cc:3335
  • #15 0x080be3e9 in retransmitProbe (Targets=..., ports=0x826b9e0, scantype=SYN_SCAN, to=0x0) at scan_engine.cc:3716
  • #16 doAnyOutstandingRetransmits (Targets=..., ports=0x826b9e0, scantype=SYN_SCAN, to=0x0) at scan_engine.cc:3799
  • #17 ultra_scan (Targets=..., ports=0x826b9e0, scantype=SYN_SCAN, to=0x0) at scan_engine.cc:5637
  • #18 0x08076874 in nmap_main (argc=7, argv=0xbffff6e4) at nmap.cc:1889
  • #19 0x0806e9c5 in main (argc=7, argv=0xbffff6e4) at main.cc:198
gettimeofday({1336170738, 711967}, NULL) = 0
gettimeofday({1336170738, 712154}, NULL) = 0
gettimeofday({1336170738, 712334}, NULL) = 0
gettimeofday({1336170738, 712529}, NULL) = 0
gettimeofday({1336170738, 712720}, NULL) = 0
select(5, [4], NULL, NULL, {0, 998164}) = 1 (in [4], left {0, 998152})
recvmsg(4, {msg_name(18)={sa_family=AF_PACKET, proto=0x800, if1, pkttype=PACKET_OUTGOING, addr(6)={772, 000000000000}, msg_iov(1)=[{"\0\0\0\0\0\0\0\0\0\0\0\0\10\0E\0\0,\237a\0\0004\6\351h\177\0\0\1\177\0"..., 256}], msg_controllen=32, {cmsg_len=32, cmsg_level=SOL_PACKET, cmsg_type=, ...}, msg_flags=0}, MSG_TRUNC) = 58
gettimeofday({1336170738, 715625}, NULL) = 0

select(5, [4], NULL, NULL, {0, 998164}) = 1 (in [4], left {0, 998149})




recvmsg(4, {msg_name(18)={sa_family=AF_PACKET, proto=0x800, if1, pkttype=PACKET_HOST, addr(6)={772, 000000000000}, msg_iov(1)=[{"\0\0\0\0\0\0\0\0\0\0\0\0\10\0E\0\0,\237a\0\0004\6\351h\177\0\0\1\177\0"..., 256}], msg_controllen=32, {cmsg_len=32, cmsg_level=SOL_PACKET, cmsg_type=, ...}, msg_flags=0}, MSG_TRUNC) = 58
ioctl(4, SIOCGSTAMP, 0xbfa212a0)        = 0

write(1, "RCVD (0.4318s) TCP 127.0.0.1:350"..., 114) = 114

  • #10 0x080a555b in log_write (logt=1025, fmt=0x8143938 "%s (%.4fs) %s\n") at output.cc:983
  • #11 0x0807addc in PacketTrace::trace (pdir=2, packet=0x84eac70 "E", len=44, now=0xbfffe534) at tcpip.cc:342
  • #12 0x0807cf7e in readip_pcap (pd=0x84eb200, len=0xbfffe548, to_usec=2000, rcvdtime=0xbfffe534, linknfo=0xbfffe8dc, validate=true) at tcpip.cc:1729
  • #13 0x080b8928 in get_pcap_result (USI=0x84ea4a8, stime=0xbfffea04) at scan_engine.cc:4283
  • #14 0x080be05f in waitForResponses (Targets=..., ports=0x826b9e0, scantype=SYN_SCAN, to=0x0) at scan_engine.cc:5336
  • #15 ultra_scan (Targets=..., ports=0x826b9e0, scantype=SYN_SCAN, to=0x0) at scan_engine.cc:5645
  • #16 0x08076874 in nmap_main (argc=7, argv=0xbffff6e4) at nmap.cc:1889
  • #17 0x0806e9c5 in main (argc=7, argv=0xbffff6e4) at main.cc:198 

  • #9  log_vwrite (logt=1024, fmt=0x8143938 "%s (%.4fs) %s\n", ap=0xbfffe418 "m8\024\b") at output.cc:930
  • #10 0x080a555b in log_write (logt=1025, fmt=0x8143938 "%s (%.4fs) %s\n" at output.cc:983
  • #11 0x0807addc in PacketTrace::trace (pdir=2, packet=0x84eac70 "E", len=40, now=0xbfffe534) at tcpip.cc:342
  • #12 0x0807cf7e in readip_pcap (pd=0x84eb200, len=0xbfffe548, to_usec=2000, rcvdtime=0xbfffe534, linknfo=0xbfffe8dc, validate=true) at tcpip.cc:1729
  • #13 0x080b8928 in get_pcap_result (USI=0x84ea4a8, stime=0xbfffea04) at scan_engine.cc:4283
  • #14 0x080be05f in waitForResponses (Targets=..., ports=0x826b9e0, scantype=SYN_SCAN, to=0x0) at scan_engine.cc:5336
  • #15 ultra_scan (Targets=..., ports=0x826b9e0, scantype=SYN_SCAN, to=0x0) at scan_engine.cc:5645
  • #16 0x08076874 in nmap_main (argc=7, argv=0xbffff6e4) at nmap.cc:1889
  • #17 0x0806e9c5 in main (argc=7, argv=0xbffff6e4) at main.cc:198

gettimeofday({1336170738, 717269}, NULL) = 0
gettimeofday({1336170738, 717850}, NULL) = 0

select(5, [4], NULL, NULL, {0, 993424}) = 1 (in [4], left {0, 993411})

#0 select () at ../sysdeps/unix/syscall-template.S:82
#1 0x081237c4 in pcap_select (p=0x84eb200, timeout=0xbfffe438) at netutil.cc:921
#2 0x0812386c in pcap_select (p=0x84eb200, usecs=999717) at netutil.cc:939
#3 0x0807ce07 in readip_pcap (pd=0x84eb200, len=0xbfffe548, to_usec=999717, rcvdtime=0xbfffe534, linknfo=0xbfffe8dc, validate=true) at tcpip.cc:1657
#4 0x080b8928 in get_pcap_result (USI=0x84ea4a8, stime=0xbfffea04) at scan_engine.cc:4283
#5 0x080be05f in waitForResponses (Targets=..., ports=0x826b9e0, scantype=SYN_SCAN, to=0x0) at scan_engine.cc:5336
#6 ultra_scan (Targets=..., ports=0x826b9e0, scantype=SYN_SCAN, to=0x0) at scan_engine.cc:5645
#7 0x08076874 in nmap_main (argc=7, argv=0xbffff6e4) at nmap.cc:1889
#8 0x0806e9c5 in main (argc=7, argv=0xbffff6e4) at main.cc:198



recvmsg(4, {msg_name(18)={sa_family=AF_PACKET, proto=0x800, if1, pkttype=PACKET_OUTGOING, addr(6)={772, 000000000000}, msg_iov(1)=[{"\0\0\0\0\0\0\0\0\0\0\0\0\10\0E\0\0(\0\0@\0@\6<\316\177\0\0\1\177\0"..., 256}], msg_controllen=32, {cmsg_len=32, cmsg_level=SOL_PACKET, cmsg_type=, ...}, msg_flags=0}, MSG_TRUNC) = 54
#0 recvmsg () at ../sysdeps/unix/sysv/linux/i386/socket.S:46
#1 0x0811b729 in pcap_read_packet (handle=0x84eb200, max_packets=1, callback=0x8106a60 <pcap_oneshot>,
user=0xbfffe430 "x\344\377\277<\344\377\277") at ./pcap-linux.c:1502
#2 pcap_read_linux (handle=0x84eb200, max_packets=1, callback=0x8106a60 <pcap_oneshot>, user=0xbfffe430 "x\344\377\277<\344\377\277") at ./pcap-linux.c:1407
#3 0x08106f17 in pcap_dispatch (p=0x84eb200, cnt=1, callback=0x8106a60 <pcap_oneshot>, user=0xbfffe430 "x\344\377\277<\344\377\277") at ./pcap.c:497
#4 0x08106f65 in pcap_next (p=0x84eb200, h=0xbfffe478) at ./pcap.c:180
#5 0x0807d107 in readip_pcap (pd=0x84eb200, len=0xbfffe548, to_usec=999717, rcvdtime=0xbfffe534, linknfo=0xbfffe8dc, validate=true) at tcpip.cc:1660
#6 0x080b8928 in get_pcap_result (USI=0x84ea4a8, stime=0xbfffea04) at scan_engine.cc:4283
#7 0x080be05f in waitForResponses (Targets=..., ports=0x826b9e0, scantype=SYN_SCAN, to=0x0) at scan_engine.cc:5336
#8 ultra_scan (Targets=..., ports=0x826b9e0, scantype=SYN_SCAN, to=0x0) at scan_engine.cc:5645
#9 0x08076874 in nmap_main (argc=7, argv=0xbffff6e4) at nmap.cc:1889
#10 0x0806e9c5 in main (argc=7, argv=0xbffff6e4) at main.cc:198


gettimeofday({1336170738, 718693}, NULL) = 0

select(5, [4], NULL, NULL, {0, 993424}) = 1 (in [4], left {0, 993414})
recvmsg(4, {msg_name(18)={sa_family=AF_PACKET, proto=0x800, if1, pkttype=PACKET_HOST, addr(6)={772, 000000000000}, msg_iov(1)=[{"\0\0\0\0\0\0\0\0\0\0\0\0\10\0E\0\0(\0\0@\0@\6<\316\177\0\0\1\177\0"..., 256}], msg_controllen=32, {cmsg_len=32, cmsg_level=SOL_PACKET, cmsg_type=, ...}, msg_flags=0}, MSG_TRUNC) = 54
ioctl(4, SIOCGSTAMP, 0xbfa212a0)        = 0

write(1, "RCVD (0.4347s) TCP 127.0.0.1:808"..., 90) = 90


  • #9 log_vwrite (logt=1024, fmt=0x8143938 "%s (%.4fs) %s\n", ap=0xbfffe418 "m8\024\b") at output.cc:930
  • #10 0x080a555b in log_write (logt=1025, fmt=0x8143938 "%s (%.4fs) %s\n") at output.cc:983
  • #11 0x0807addc in PacketTrace::trace (pdir=2, packet=0x84eac70 "E", len=44, now=0xbfffe534) at tcpip.cc:342
  • #12 0x0807cf7e in readip_pcap (pd=0x84eb200, len=0xbfffe548, to_usec=2000, rcvdtime=0xbfffe534, linknfo=0xbfffe8dc, validate=true) at tcpip.cc:1729
  • #13 0x080b8928 in get_pcap_result (USI=0x84ea4a8, stime=0xbfffea04) at scan_engine.cc:4283
  • #14 0x080be05f in waitForResponses (Targets=..., ports=0x826b9e0, scantype=SYN_SCAN, to=0x0) at scan_engine.cc:5336
  • #15 ultra_scan (Targets=..., ports=0x826b9e0, scantype=SYN_SCAN, to=0x0) at scan_engine.cc:5645
  • #16 0x08076874 in nmap_main (argc=7, argv=0xbffff6e4) at nmap.cc:1889
  • #17 0x0806e9c5 in main (argc=7, argv=0xbffff6e4) at main.cc:198

  • #10 0x080a555b in log_write (logt=1025, fmt=0x8143938 "%s (%.4fs) %s\n")  at output.cc:983
  • #11 0x0807addc in PacketTrace::trace (pdir=2, packet=0x84eac70 "E", len=40, now=0xbfffe534) at tcpip.cc:342
  • #12 0x0807cf7e in readip_pcap (pd=0x84eb200, len=0xbfffe548, to_usec=2000, rcvdtime=0xbfffe534, linknfo=0xbfffe8dc, validate=true) at tcpip.cc:1729
  • #13 0x080b8928 in get_pcap_result (USI=0x84ea4a8, stime=0xbfffea04) at scan_engine.cc:4283
  • #14 0x080be05f in waitForResponses (Targets=..., ports=0x826b9e0, scantype=SYN_SCAN, to=0x0) at scan_engine.cc:5336
  • #15 ultra_scan (Targets=..., ports=0x826b9e0, scantype=SYN_SCAN, to=0x0) at scan_engine.cc:5645
  • #16 0x08076874 in nmap_main (argc=7, argv=0xbffff6e4) at nmap.cc:1889
  • #17 0x0806e9c5 in main (argc=7, argv=0xbffff6e4) at main.cc:198

  •  #8  log_vwrite (logt=2048, fmt=0x814ce08 "RTTVAR has grown to over 2.3 seconds, decreasing to 2.0", ap=0xbfffe394 "127.\\") at output.cc:935
  • #9  0x0807e306 in error (fmt=0x814ce08 "RTTVAR has grown to over 2.3 seconds, decreasing to 2.0") at nmap_error.cc:164
  • #10 0x080c1742 in adjust_timeouts2 (sent=0x84eb630, received=0xbfffe534, to=0x84e94dc) at timing.cc:175
  • #11 0x080b094b in ultrascan_adjust_timeouts (probe=0x84eb628, rcvdtime=0xbfffe534, USI=<value optimized out>, hss=<value optimized out>)  at scan_engine.cc:2174
  • #12 0x080b73dc in ultrascan_port_probe_update (USI=0x84ea4a8, hss=0x84eb018, probeI=..., newstate=1, rcvdtime=0xbfffe534, adjust_timing_hint=true) at scan_engine.cc:2818
  • #13 0x080b8d46 in get_pcap_result (USI=0x84ea4a8, stime=0xbfffea01) at scan_engine.cc:4787
  • #14 0x080be05f in waitForResponses (Targets=..., ports=0x826b9e0, scantype=SYN_SCAN, to=0x0) at scan_engine.cc:5336
  • #15 ultra_scan (Targets=..., ports=0x826b9e0, scantype=SYN_SCAN, to=0x0) at scan_engine.cc:5645
  • #16 0x08076874 in nmap_main (argc=7, argv=0xbffff6e4) at nmap.cc:1889
  • #17 0x0806e9c5 in main (argc=7, argv=0xbffff6e4) at main.cc:198


gettimeofday({1336170738, 720190}, NULL) = 0
gettimeofday({1336170738, 720427}, NULL) = 0
gettimeofday({1336170738, 720605}, NULL) = 0
gettimeofday({1336170738, 720783}, NULL) = 0
ioctl(3, TIOCGPGRP, [3922393])          = -1 EINVAL (Invalid argument)
close(3)                                = 0
close(4)                                = 0
 
write(1, "Nmap scan report for localhost ("..., 43) = 43

  • #8 log_vwrite (logt=2048, fmt=0x814ce08 "RTTVAR has grown to over 2.3 seconds, decreasing to 2.0",
  • ap=0xbfffe394 "127.\\") at output.cc:935
  • #9 0x0807e306 in error (fmt=0x814ce08 "RTTVAR has grown to over 2.3 seconds, decreasing to 2.0") at nmap_error.cc:164
  • #10 0x080c1742 in adjust_timeouts2 (sent=0x84eb630, received=0xbfffe534, to=0x84e94dc) at timing.cc:175
  • #11 0x080b094b in ultrascan_adjust_timeouts (probe=0x84eb628, rcvdtime=0xbfffe534, USI=<value optimized out>, hss=<value optimized out>) at scan_engine.cc:2174
  • #12 0x080b73dc in ultrascan_port_probe_update (USI=0x84ea4a8, hss=0x84eb018, probeI=..., newstate=1, rcvdtime=0xbfffe534, adjust_timing_hint=true) at scan_engine.cc:2818
  • #13 0x080b8d46 in get_pcap_result (USI=0x84ea4a8, stime=0xbfffea01) at scan_engine.cc:4787
  • #14 0x080be05f in waitForResponses (Targets=..., ports=0x826b9e0, scantype=SYN_SCAN, to=0x0) at scan_engine.cc:5336
  • #15 ultra_scan (Targets=..., ports=0x826b9e0, scantype=SYN_SCAN, to=0x0) at scan_engine.cc:5645
  • #16 0x08076874 in nmap_main (argc=7, argv=0xbffff6e4) at nmap.cc:1889
  • #17 0x0806e9c5 in main (argc=7, argv=0xbffff6e4) at main.cc:198

write(1, "Host is up, received localhost-r"..., 59) = 59
write(1, "PORT     STATE  SERVICE    REASO"..., 67) = 67

#9 log_vwrite (logt=1024, fmt=0x8146e6e "\n", ap=0xbfffeba8 "\026\275\246O") at output.cc:930
#10 0x080a555b in log_write (logt=1031, fmt=0x8146e6e "\n") at output.cc:983
#11 0x080761ac in nmap_main (argc=7, argv=0xbffff6e4) at nmap.cc:2008
#12 0x0806e9c5 in main (argc=7, argv=0xbffff6e4) at main.cc:198

write(1, "\n", 1)                       = 1
gettimeofday({1336170738, 757261}, NULL) = 0
time(NULL)                              = 1336170738
write(1, "Nmap done: 1 IP address (1 host "..., 60) = 60

  • #9 log_vwrite (logt=1024, fmt=0x814a138 "Nmap done: %d %s (%d %s up) scanned in %.2f seconds\n", ap=0xbfffea48 "\001") at output.cc:930
  • #10 0x080a555b in log_write (logt=1028, fmt=0x814a138 "Nmap done: %d %s (%d %s up) scanned in %.2f seconds\n")at output.cc:983
  • #11 0x080a94c4 in printfinaloutput () at output.cc:2466
  • #12 0x08076497 in nmap_main (argc=7, argv=0xbffff6e4) at nmap.cc:2052
  • #13 0x0806e9c5 in main (argc=7, argv=0xbffff6e4) at main.cc:198




stat64("/etc/localtime", {st_mode=S_IFREG|0644, st_size=3519, ...}) = 0
stat64("/etc/localtime", {st_mode=S_IFREG|0644, st_size=3519, ...}) = 0
exit_group(0)                           = ?
at

1 comment:

  1. rkingApril 11, 2013 at 5:18 AM

    Thanks!

    Really nice to see people diving in with details like this.

    ReplyDelete

Subscribe to: Post Comments (Atom)

Progress on the campaign manager

You can see that you can build tactical maps automatically from the world map data.  You can place roads, streams, buildings. The framework ...

  • Nothing Up My Sleeve.
    The tent smelled of ozone, sawdust, and cheap miracles. On a rickety stage, a man named Constantine adjusted the frayed cuffs of his tuxedo...
  • 37 sensor kit from Sunfounder lab
    So, I saw this kit on Amazon.  It seemed too good too be true.  The kit was priced right, it was less than 2 dollars for each board.  Of co...
  • Pihole, squid, squidguard on a $5 Pi Zero
    My plan was to get the most use possible from the $5 raspberry Pi Zero that I managed to get my hands onto by buying a full kit that include...