nmap 3.00 / 3.10a2 produces malformed packets and fails

[David.Lamparter () t-online de (David Lamparter)]

Hi,

I get the following malformed packets on my LAN interface when trying to 
use nmap 3.x (3.00 and 3.10a2 tested):

(mercury.net2.diac24.net.eu.org = 172.22.2.2,
 charon.net2.diac24.net.eu.org = 172.22.2.22 = scanning machine)

mercury:~ # tcpdump -xvvvli eth1 -s 1500 host 172.22.2.22 and host 
172.22.2.2
Kernel filter, protocol ALL, datagram packet socket
tcpdump: listening on eth1
20:57:27.551234 charon.net2.diac24.net.eu.org > 
mercury.net2.diac24.net.eu.org: ip-proto-255 8 (ttl 39, id 24654, bad 
cksum d74e!)
                         4500 001c 604e 0000 27ff d74e ac16 0216
                         ac16 0202 0800 fd99 fa65 0000 2020 2020
                         2020 2020 2020 2020 2020 2020 2020
20:57:27.551585 charon.net2.diac24.net.eu.org > 
mercury.net2.diac24.net.eu.org: ip-proto-255 20 (ttl 50, id 30281, bad 
cksum b642!)
                         4500 0028 7649 0000 32ff b642 ac16 0216
                         ac16 0202 9a36 0050 12d0 0003 4e6d e732
                         5010 0c00 6496 0000 2020 2020 2020
20:57:33.566621 charon.net2.diac24.net.eu.org > 
mercury.net2.diac24.net.eu.org: ip-proto-255 8 (ttl 39, id 58320, bad 
cksum 53cc!)
                         4500 001c e3d0 0000 27ff 53cc ac16 0216
                         ac16 0202 0800 fc99 fa65 0100 2020 2020
                         2020 2020 2020 2020 2020 2020 2020
20:57:33.566934 charon.net2.diac24.net.eu.org > 
mercury.net2.diac24.net.eu.org: ip-proto-255 20 (ttl 50, id 42139, bad 
cksum 87f0!)
                         4500 0028 a49b 0000 32ff 87f0 ac16 0216
                         ac16 0202 9a37 0050 1bf8 000b b594 9668
                         5010 0c00 4508 0000 2020 2020 2020
...


at the scanning machine I get:
[root@charon]:~ # nmap -sS -vvO 172.22.2.2

Starting nmap V. 3.00 ( www.insecure.org/nmap/ )
[waits some time here...]
Host  (172.22.2.2) appears to be down, skipping it.
Note: Host seems down. If it is really up, but blocking our ping probes, 
try -P0
Nmap run completed -- 1 IP address (0 hosts up) scanned in 30 seconds
[root@charon]:~ #

-P0 doesn't help too, the only scan working is -sT.
Does someone have an idea why it isn't working?

Thanks a lot,

David Lamparter (david.lamparter () t-online de)

(P.S.: When compiling, the linker worried about an undefined reference 
to 'getifaddrs':
gcc -Llibpcap-possiblymodified  -L/usr/local/lib -Lnbase  -o nmap main.o 
nmap.o targets.o tcpip.o nmap_error.o utils.o idle_scan.o osscan.o 
output.o scan_engine.o timing.o charpool.o services.o protocols.o 
nmap_rpc.o portlist.o  -lpcap -lm  -lnbase -lpcap
/usr/local/bin/ld: Dwarf Error: Invalid or unhandled FORM value: 14. 
libpcap-possiblymodified/libpcap.a(inet.o): In function `pcap_lookupdev':
/usr/src/packages/nmap-3.00/libpcap-possiblymodified/inet.c:100: 
undefined reference to `getifaddrs'

after adding -linet6 everything compiled fine.)


--
System Information:

[root@charon]:~ # uname -a
Linux charon 2.4.19-ac4-crypto-USAGI-ea-acl-ntfs-netfilter-ColtK7 #13 
Sam Aug 10 23:44:07 CEST 2002 i686 unknown
[root@charon]:~ # ip a l
1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 brd 127.255.255.255 scope global lo
    inet6 ::1/128 scope host
2: tunl0@NONE: <NOARP> mtu 1480 qdisc noop
    link/ipip 0.0.0.0 brd 0.0.0.0
3: gre0@NONE: <NOARP> mtu 1476 qdisc noop
    link/gre 0.0.0.0 brd 0.0.0.0
4: sit0@NONE: <NOARP> mtu 1480 qdisc noop
    link/sit 0.0.0.0 brd 0.0.0.0
5: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 100
    link/ether 00:50:56:40:80:59 brd ff:ff:ff:ff:ff:ff
    inet 172.22.2.22/23 brd 172.22.3.255 scope global eth0
    inet6 fe80::250:56ff:fe40:8059/64 scope link
    inet6 3ffe:b80:4c3:1::3/64 scope global
[root@charon]:~ # gcc -v
Reading specs from /usr/lib/gcc-lib/i486-colt-linux-gnu/3.1/specs
Configured with: ../gcc-3.1/configure --prefix=/usr --enable-threads 
--enable-shared --enable-languages=c,c++,java --enable-nls 
--with-system-zlib i486-colt-linux-gnu
Thread model: posix
gcc version 3.1
[root@charon]:~ # /lib/libc.so.6
GNU C Library stable release version 2.2.5, by Roland McGrath et al.
Copyright (C) 1992-2001, 2002 Free Software Foundation, Inc.
This is free software; see the source for copying conditions.
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE.
Compiled by GNU CC version 3.1.
Compiled on a Linux 
2.4.19-pre8-ac5-crypto-USAGI-klips-netfilter-ea-acl-mppe-ColtC4 system 
on 2002-08-09.
Available extensions:
        GNU libio by Per Bothner
        crypt add-on version 2.1 by Michael Glad and others
        linuxthreads-0.9 by Xavier Leroy
        BIND-8.2.3-T5B
        libthread_db work sponsored by Alpha Processor Inc
        NIS(YP)/NIS+ NSS modules 0.19 by Thorsten Kukuk
Report bugs using the `glibcbug' script to <bugs () gnu org>.
[root@charon]:~ #

--
David Lamparter,   diac24.net.eu.org - Doebeln Internet Action Community
mail: david.lamparter () t-online de                 Network Administration
[lang: DE EN FR (JP)]                         Doebeln / Saxony / Germany


---------------------------------------------------------------------
For help using this (nmap-dev) mailing list, send a blank email to 
nmap-dev-help () insecure org . List run by ezmlm-idx (www.ezmlm.org).