NMAP 3.48 unable to scan localhost through its network IP

["Vesselin Peev" <vesselinpeev () hotmail com>]

Hello,

I first posted on the nmap-hackers list, but was kindly advised to repost
here.
Before posting here, I've searched the Internet for a similar issue as the
following one. While I found similar questions, I found no answer that
solves the issue.

I've been testing NMAP 3.48, the latest version, on several machines and on
different networks. All of the machines run Windows XP Pro. Some of them
have shared Internet access through a gateway (and firewall), others are
directly connected to the internet.

I tested the following way: NMAP [IP address the computer had on the
network]. That is, I wanted to do a localhost scan, but seeing that any NMAP
version, including this one, quits with "rawrecv_open: SIO_RCVALL failed
(10022) on device loopback0" if I run NMAP localhost, I tried in the
abovementioned way.

What happened: each time I did NMAP [IP address the computer had on the
network], I got either "Host is down" or "All ports are filtered". I got
both messages on each system if I ran the command multiple times.

That got me suspicious that something not very well was going on, and the
cause is in NMAP. (I ran NMAP from the command prompt, logged as
Administrator on each of the (at least) 10 machines with/without firewalls.
I went manually from computer to computer.) In an attempt to confirm the
issue, I downloaded NMAPWin 1.3.1 (the latest version), and ran it in the
same way as NMAP 3.48. In fact, I went to the program folder of NMAPWin, and
executed its (older, 3.00) console version of the NMAP executable.

To my not very big surprise, NMAP [IP address the computer had on the
network] worked each and every time on each and every machine. It presented
me with the open ports as it should.

Since I use NMAP by calling it from another software which then later parses
the scan report, given these circumstances I will most certainly be forced
to use the old version for all scans that are performed on localhost through
its assigned network IP (not 127.0.0.1).

Can we avoid that? Is this an NMAP bug in the 3.48 version that has slipped
up to now? I did test the above on many machines so there is absolutely no
margin for error or room for dispute.
I do hope, however, that I miss something and perhaps a recompilation of the
source code with certain other options would help. But I do not know.

I will be very grateful for any help that you may provide.

And also: Happy New Year 2004 to all!

-Vesko


---------------------------------------------------------------------
For help using this (nmap-dev) mailing list, send a blank email to 
nmap-dev-help () insecure org . List archive: http://seclists.org