I am pleased to announce the Nmap version 3.25 is now available! This
new several features, including UDP-based "ping" scanning. It also
offers minor performance advantages over previous versions and
contains many important bugfixes!
I have received numerous (daily) problem reports related to compiling
Nmap 3.20 under Mac OS X. That group is either very big or very
vocal. Unfortunately, the Sourceforge "compile farm" OS X boxes I was
using are down for the indeterminate future. So if anyone can give me
a temporary account, let me know and I'll send you my SSH key. Or, if
you can fix the compilation problems yourself and send me a patch,
that would be even better
Here are the most important changes in 3.25:
o I added UDP-based "ping" scanning. The -PU option can take an
optional portlist like the TCP "ping" options (-PS, -PA), but it
a UDP packet to the targets and expects hosts that are up to reply
with a port unreachable (or possibly a UDP response if the port is
open). This one is likely to work best against closed ports, since
many open ports don't respond to empty requests.
o Fixed (I hope) problem where Nmap would abort, complaining that
"Assertion `pt->down_this_block > 0' failed". Thanks to
for reporting and
helping me debug this problem.
o Fixed a GCC dependency reported by Ayamura Kikuchi
o Fixed an "assertion failure" which would cause Nmap to exit when you
specify a --max_rtt_timeout below 3000. Thanks to Tammy Rathbun
(email@example.com) and Jan Roger Wilkens (firstname.lastname@example.org) for
o Packet receive times are now obtained from libpcap rather than
simply using the time the packets are passed to Nmap. This should
improve performance slightly. I was not able to get this to work
properly on Windows (either pcap or raw) -- join the nmap-dev list
if you have ideas.
o Fixed bug that caused Nmap to ignore certain RST responses when you
do both -PS and -PA.
o Modified ping scan to work better when many instances of Nmap are
o I'm now linking directly to the gzip compressed version of Nmap on
the homepage as well as the .bz2.
o Fixed a portability problem that caused BSD Make to bail out.
o Fixed a divide by zero error caused when nonroot users (on UNIX)
explicitly request ICMP pings (which require root privileges). Now
prints a warning and uses the normal nonroot TCP connect() ping.
Jaroslav Sladek (email@example.com) found the bug and provided the patch.
o Made Nmap more tolerant of corrupt nmap-services and nmap-protocols
files thanks to report & patch sent by Phix (firstname.lastname@example.org)
o Added some more port numbers sent in by Seth Master
(email@example.com). He has been a frequent nmap-services
contributor in the last couple months.
o Added --packet_trace support to Windows
o Removed superfluous "addport" line in the XML output (patch from Max
o Merged wintcpip.cc into tcpip.cc to avoid the headache of
maintaining many nearly-identical functions.
o Fixed an assertion failure crash related to combining port 0 scans
and OS scan. Thanks to A.Jones@mvv.de
for reporting this.
o Fixed some compilation problems on systems without IPv6 support --
patch sent by Jochen Erwied (Jochen.Erwied@mbs-software.info)
o Applied patch from Jochen Erwied (Jochen.Erwied@mbs-software.info)
which fixes the format strings used for printing certain timestamps.
o Upgraded to autoconf 2.57, including the latest
o Renamed configure.ac files to configure.in as recommended by the
latest autoconf documentation.
o Changed the wording of NmapFE Gnome entries to better-comply with
Gnome's Human Interface Guidelines (HIG). Suggested by Axel Krauth
For those of you running Linux/x86 w/a recent version of rpm
), you can install/upgrade to the newest version of
nmap/nmapfe by executing these commands as root:
rpm -vhU (nmap url)
where (nmap url) is one (or both) of these:
For the rest of you, source tarballs and source RPMs are always
available at: http://www.insecure.org/nmap/nmap_download.html
For the more paranoid (smart) members of the list, here are the md5
These release notes should be signed with my PGP key, which is
available at http://www.insecure.org/fyodor_gpgkey.txt
The key fingerprint is: 97 2F 93 AB 9C B0 09 80 D9 51 40 6B B9 BC E1 7E