Recent Changes - Search:

PmWiki

pmwiki.org

edit SideBar

Nmap /

Log

This is a record of the things I did working on Nmap during the Summer of Code in 2007.

April

  • 12: Got the official acceptance notice.
  • 13: Found out about the Subversion repository.
  • 15: Learned about the various databases Nmap ships.
  • 19: main.cc investigation.
  • 28: libdnet.
  • 29: Wrote a libdnet ping of death program.
  • 30: Found an assertion failure in traceroute and started investigating it. Refined the ping of death.

May

  • 6: Read the reference guide and the version detection paper. Checked out targets and some of the scanning mechanism.
  • 7: More research into the traceroute assertion failure.
  • 8: Submitted a bug report about the traceroute issue. More traceroute research.
  • 10: Read the idle scan paper. I get it now! That's cool.
  • 12: Browsed scan_engine.cc, trying to get the idea.
  • 13: Spent some serious quality time with scan_engine.cc. Scan engine.
  • 15: Read parts of the Nmap and Subversion books. Checked out and built using my infrastructure credentials. Wrote up my notes on the ultra_scan research.
  • 16: Looked at Eddie's reason patch. Sent some observations and suggestions. Read more from the Nmap book. Wrote a version detection line for monchat.
  • 17: Skimmed over RFC 2553, on IPv6 and things like sockaddr_storage. Read the OS detection chapter of the Nmap book. Walked through a Wireshark trace of OS detection.
  • 18: Merged from trunk and wrote a little how-to. Submitted a patch to force overwriting script files. Read the Nmap book chapter on ping scanning.
  • 19: Committed a change to use svn export when installing script files.
  • 21: Committed a modified change after discussion on nmap-dev.
  • 22: Merged from trunk. I'm the "SVN merge expert" now! Had my very first change committed. Fixed a bug with list and ping scan not working with the enhanced port selection patches.
  • 23: Read the NSE chapter of the Nmap book and parts of the Lua tutorial.
  • 24: Read more of the Nmap book.
  • 25: Chatted with Fyodor on instant messaging. Agreed on tasks to get started with. Looked at some more NSE implementation. Spent some time experimenting with weeding out header files. Graphed build dependencies. Wrote a program to automatically compare the number of dependencies in makefile.dep.
  • 26: Got my book from Google in the mail. Figured I should start reading the mailing lists. Looks like I have to send in some forms.
  • 27: Researched ways to keep the version string in just one place.
  • 28: Sent status report #1. Submitted a version string patch.
  • 29: Worked on a way to show the locations of used data files. Committed a patch to do the --services option.
  • 31: Created an nmap-dependency branch. Did a lot of dependency reduction work.

June

  • 1: Installed a Windows compiler. Committed the NMAP_VERSION patch. Reported a Subversion keyword problem with nmap-service-probes. Committed the dependency-reduction patch. Renamed the --services option to --servicedb. Added a --versiondb option.
  • 2: Committed a change to keep from copying .svn directories into the Windows zip file.
  • 3: Got my first payment. Investigated a weird Windows bug that appears when running a Debug build but not a Release build.
  • 4: Sent status report #2. Worked on ideas for presenting data file paths and sent it to nmap-dev. Deleted the dependency branch.
  • 5: Worked on an implementation for verbose data file paths.
  • 6: Worked (for a long time) on the verbose data file paths. Came up with a pretty good solution. Committed a patch. Debugged the issue that appeared only on Windows, turns out it's not just a Windows issue.
  • 7: Worked on rewriting the basename and dirname replacements so they can go in nbase. Talked with Fyodor on IM. Committed a correction to my reason patch.
  • 8–12: Away on vacation. (Sent status report #3.)
  • 13: Moved dirname and basename replacements into nbase. Reported a bug having to do with --script-updatedb (fixed by Stoiko). Removed INTERACTIVE_NAMES.
  • 14: Committed a change to make init_updatedb use the new path_get_basename. Did OS database integration training with Fyodor. Wrote up some OS detection integration notes.
  • 15: Looked at merging identical lines in OS fingerprint submissions. Wrote a merging test program.
  • 16: Made the nmap-dev utilities warn when they see an illegal empty value, and keep fingerfix from printing spurious empty values.
  • 17: Did about 100 OS submission integrations.
  • 18: Sent status report #4.
  • 20: Committed a change that handles the case where the initial TTL is calculated to be greater than 255. Committed another to handle negative distances. Talked to Fyodor after I discovered that some reference fingerprints have a TTL greater than 255. We decided to allow it and make the fingerprint utilities warn if it's seen.
  • 21: Refactored the fingerprint-checking code in the OS database utilities. Added a test for TTLs greater than 255. Worked through about 120 submissions.
  • 22: Worked through about 250 submissions.
  • 23: The disk on the Subversion server filled up. Fixed a bug with fingerfix having to do with the removal of empty tests. Worked through about 200 OS submissions.
  • 25: Sent status report #5. Worked through about 410 OS submissions.
  • 26: Worked through about 220 OS submissions.
  • 28: Worked through about 40 OS submissions (mostly finished).
  • 29: Made mergeFPs merge fingerprints more intelligently.

July

  • 2: Sent status report #6. Sent OS detection leftovers to Fyodor. Reviewed the top ports patch and found a few small bugs.
  • 3: Had a long meeting with Fyodor to work through the last of the OS detection submissions. We decided I should start working on the massping migration.
  • 4: Studied host discovery.
  • 5: Created a massping migration branch. Found and fixed a bug in my previous mergeFPs change that kept first-generation fingerprints from being merged. Started hacking in the branch, mainly in the code that surrounds massping (nmap_main and nexthost).
  • 6: Sent a request for advice and a brief proposal to nmap-dev describing my ideas for the massping migration. Researched the issue some more.
  • 8: 4.22SOC1 released. Poked at massping migration some more.
  • 9: Sent status report #7. Worked on hacking up a prototype of an ultra_scan-based massping. Did a little bit of canonicalization in the OS databases, which edits Fyodor beat me to.
  • 11: Very carefully worked on implementing TCP SYN ping scan in ultra_scan. Got it working, though without short-circuiting and with a problem with dismissBench. Also it only handles TCP replies, not ICMP.
  • 12: Worked some on the massping migration. Got it mostly working for TCP SYN ping scan.
  • 13: Sent status report #8. Finished my ultra_scan-based massping prototype. Notified nmap-dev. Solicited code review from the soc list.
  • 13–21: Away at a leadership camp.
  • 22: Caught up on email.
  • 23: Send status report #9. Made ping scan bail out after discovering a host's state. Make ping scan support TCP ACK.
  • 24: Dealt with an issue having to do with interrupted system calls in pcap_select.
  • 25: Got mail from a Google recruiter.
  • 26: Added support for UDP ping scanning. Gave ultra_scan the ability to send ICMP packets.
  • 27: Had a phone call with the Google recruiter. Added support for ICMP ping scan.
  • 28: Started implementing TCP connect ping scan.
  • 29: Finished implementing TCP connect ping scan.
  • 30: Sent status report #10. Did a 50,000-host massping test.
  • 31: Wrote a script to compare host lists. Sent a message to nmap-dev to ask for help in debugging the new host discovery code.

August

  • 1: Had a telephone interview with a Google engineer. Talked with Fyodor about how to correct the ultra_scan host discovery deficiencies.
  • 2: Committed a change to reduce the number of calls to UltraScanInfo::numIncompleteHosts. Did some more host discovery testing.
  • 5: Did some port scans of the hotel using the old and new host discovery code. Saved the logs for later review.
  • 6: Sent status report #11.
  • 10: Did more host discovery research.
  • 11: Did host discovery benchmarking and experimented with changes in my working directory to improve it.
  • 12: Found that hosts being removed from incompleteHosts is the primary reason for failing to mark hosts as up. Committed a change to keep a list of completed hosts around.
  • 13: Did a bunch of host discovery benchmarking and found a few cases where the new ping scan code is superior. IMed with Fyodor about host discovery. Sent status report #12. Had another Google phone interview.
  • 14: Did more extensive benchmarking. Committed a change to use timing pings in host discovery, which at first glance looks to speed it up a lot.
  • 15: Made a few small changes to host discovery: send ICMP message with a non-zero identifier, and mark a host up when a destination unreachable comes directly from it. ultra_scan-based host discovery is starting to be competitive with massping. Found out that TCP connect scans sometimes hang.
  • 16: Ran a big 50,000-host benchmark, and got more hosts in less time with ultra_scan than with massping.
  • 17: Did more benchmarking. Fixed a bug related to the shortening of TCP connect ping scan timeouts.
  • 19: Experimented with retaining the group timeouts between invocations of ultra_scan.
  • 20: Sent status report #13. Made a change to have massping save timeouts across invocations. Wrote a script to graph congestion control variables.

For things after August 20, 2007 see post-SoC log.

Edit - History - Print - Recent Changes - Search
Page last modified on April 25, 2008, at 09:35 AM