From Fyodor....

Hello everyone,

First let me thank all of you who took the 2006 Nmap survey! The goal was 2,500 responses, and I'm pleased to report that we achieved more than 3,000! I am tabulating the results now and will send mail when they are ready. First up will be the top tools list, as you guys suggested many new and valuable ones!

I am also pleased to report that Nmap 4.03 is now available. It is mostly a bug and portability fix release, though it does have a few new features as well. With this "stable version" out of the way, I plan to resume breaking stuff to implement a 2nd generation OS detection system.

As always, Nmap is available from http://www.insecure.org/nmap/download.html

Here are the changes since 4.01:

o Updated to a newer XSL stylesheet (for XML to HTML output
transformation) by Benjamin Erb. This new version includes IP
address sorting, removal of javascript requirements, some new
address, hostname, and Nmap version information, and various minor
tweaks and fixes.

o Updated the LibPCRE build system to add the -fno-thread-jumps option
to gcc when compiling on the new Intel-based Apple Mac OS X systems.
Hopefully this resolves the version detection crashes that several
people have reported on such systems. Thanks to Kurt Grutzmacher
(grutz(a)jingojango.net) for sending the configure.ac patch.

o Service fingerprints are now provided in the XML output whenever
they would appear in the interactive output (i.e. when a service
response with data but is unrecognized). They are shown in a new
'servicefp' attribute to the 'service' tag. Thanks to Brandon Enright
(bmenrigh(a)ucsd.edu) for sending the patch.

o WinPcap 3.1 binaries are now shipped in the Nmap tarball, along with
a customized installer written by Doug Hoyte. That new WinPcap
installer is now used by the Nmap self-installer (if you request
WinPcap installation). Some Nmap users were uncomfortable with a
"phone home" feature of the official WinPcap installer. It connects
back to CACE Technologies, ostensibly to display news and (more
recently) advertisements. Our new installer omits that feature, but
should be otherwise perfectly compatible with WinPcap 3.1.

o Improved the Windows build system -- mswin32/Makefile now takes care
of packaging Nmap and creating the installers once Visual Studio (GUI)
is done building the Release version of mswin32/nmap.sln. If someone
knows how to do this (build) step on the command line (using the
Makefile), please let me know. Or if you know how to at least make
'Release' (rather than Debug) the default configuration, that would be
valuable.

o Made some portability fixes to keep Nmap compiling with the newest
Visual Studio 2005. Thanks to KX (kxmail(a)gmail.com) for
suggesting them.

o Fixed (I hope) a problem where aggressive --min-parallelization
option values could cause Nmap to quit with the message "box(300, 100,
15) called (min,max,num)". Thanks to Richard van den Berg
(richard.vandenberg(a)ins.com) for reporting the problem.

o Fixed a rare crash bug thanks to a report and patch from Ganga
Bhavani (GBhavani(a)everdreamcorp.com)

o Increased a write buffer length to avoid Nmap from quitting with the
message "log_vwrite: write buffer not large enough -- need to
increase". Thanks to Dave (dmarcher(a)pobox.com) for reporting the
issue.

o Cleaned up the Amiga port code to use atexit() rather than the
previous macro hack. Thanks to Kris Katterjohn (kjak(a)ispwest.com)
for the patch. Applied maybe half a dozen new other code cleanup
patches from him as well.

o Made some changes to various Nmap initialization functions which
help ALT Linux (altlinux.org) and Owl (openwall.com) developers run
Nmap in a chroot environment. Thanks to Dmitry V. Levin
(ldv(a)altlinux.org) for the patch.

o Cleaned up the code a bit by making a bunch (nearly 100) global
symbols (mostly function calls) static. I was also able to removed
some unused functions and superfluous config.h.in defines. Thanks
to Dmitry V. Levin (ldv(a)altlinux.org) for sending a list of
candidate symbols.

o Nmap now tests for the existence of data files using stat(2) rather
than testing whether they can be opened for reading (with fopen).
This is because some device files (tape drives, etc.) may react badly
to being opened at all. Thanks to Dmitry V. Levin
(ldv(a)altlinux.org) for the suggestion.

o Changed Nmap to cache interface information rather than opening and
closing it (with dnet's eth_open and eth_close functions) all the
time.

o Applied a one-character Visual Studio 2005 compatibility patch from
kx (kxmail(a)gmail.com). It changed getch() into _getch() on Windows.

o Added the --log-errors option, which causes most warnings and error
messages that are printed to interactive-mode output (stdout/stderr)
to also be printed to the normal-format output file (if you
specified one). This will not work for most errors related to bad
command-line arguments, as Nmap may not have initialized its output
files yet. In addition, some Nmap error/warning messages use a
different system that does not yet support this option.

o Rewrote much of the Nmap results output functions to be more
efficient and support --log-errors.

o Fixed a flaw in the scan engine which could (in rare cases)
lead to a deadlock situation that prevents a scan from completing.
Thanks to Ganga Bhavani (GBhavani(a)everdreamcorp.com) for reporting
and helping to debug the problem.

o If the pcap_open_live() call (initiates sniffing) fails, Nmap now
tries up to two more times after waiting a little while. This is
attempt to work around a rare bug on Windows in which the
pcap_open_live() fails for unknown reasons.

o Fixed a flaw in the runtime interaction in which Nmap would include
hosts currently being scanned in the number of hosts "completed"
statistic.

o Fixed a crash in OS scan which could occur on Windows when a DHCP
lease issue causes the system to lose its IP address. Nmap still
quits, but at least it gives a proper error message now. Thanks to
Ganga Bhavani (GBhavani(a)everdreamcorp.com) for the patch.

o Applied more than half a dozen small code cleanup patches from
Kris Katterjohn (kjak(a)ispwest.com).

o Modified the configure script to accept CXX when specified as an
absolute path rather than just the executable name. Thanks to
Daniel Roethlisberger (daniel(a)roe.ch) for this patch.

Cheers,
Fyodor