Nmap Development mailing list archives
Re: Possible WinPcap problems
From: "Jamie Gavahan" <redpike () gmail com>
Date: Sat, 6 May 2006 14:02:41 -0500
On 5/5/06, John Crichton <ti86macos () hotmail com> wrote:
On May 4, 2006, at 1:17 AM, AgentSmith15 wrote: > Do you have a WRT54G router by any chance? Do you think that this > could be the cause of the problem? No, I have a netgear WGR614. Heres the result for the packet trace scan nmap -p20-26 -sV -r --packet-trace scanme.nmap.org Starting Nmap 4.03 ( http://www.insecure.org/nmap/ ) at 2006-05-04 15:32 CDT NSOCK (2.5630s) UDP connection requested to 192.168.0.1:53 (IOD #1) EID 8 NSOCK (2.5630s) Read request from IOD #1 [192.168.0.1:53] (timeout: -1ms) EID 18 Stats: 0:00:02 elapsed; 0 hosts completed (0 up), 0 undergoing ACK Scan System DNS resolution Timing: About 0.00% done; ETC: 19:01 (-596:-31:-23 remaining) NSOCK (2.5630s) Write request for 45 bytes to IOD #1 EID 27 [192.168.0.1:53]: .s...........62.153.217.205.in-addr.arpa..... NSOCK (2.5670s) nsock_loop() started (timeout=500ms). 3 events pending NSOCK (2.5670s) Callback: CONNECT SUCCESS for EID 8 [192.168.0.1:53] NSOCK (2.5670s) Callback: WRITE SUCCESS for EID 27 [192.168.0.1:53] NSOCK (2.7540s) Callback: READ SUCCESS for EID 18 [192.168.0.1:53] (169 bytes) NSOCK (2.7540s) Read request from IOD #1 [192.168.0.1:53] (timeout: -1ms) EID 34 CONN (2.9600s) TCP localhost > 205.217.153.62:20 => Operation now in progress CONN (2.9610s) TCP localhost > 205.217.153.62:21 => Operation now in progress CONN (2.9620s) TCP localhost > 205.217.153.62:22 => Operation now in progress CONN (2.9620s) TCP localhost > 205.217.153.62:23 => Operation now in progress CONN (2.9630s) TCP localhost > 205.217.153.62:24 => Operation now in progress CONN (2.9630s) TCP localhost > 205.217.153.62:25 => Operation now in progress CONN (2.9640s) TCP localhost > 205.217.153.62:26 => Operation now in progress CONN (4.2490s) TCP localhost > 205.217.153.62:26 => Operation now in progress CONN (4.2500s) TCP localhost > 205.217.153.62:24 => Operation now in progress CONN (4.2510s) TCP localhost > 205.217.153.62:23 => Operation now in progress CONN (4.2510s) TCP localhost > 205.217.153.62:21 => Operation now in progress CONN (4.2520s) TCP localhost > 205.217.153.62:20 => Operation now in progress NSOCK (14.7310s) TCP connection requested to 205.217.153.62:22 (IOD #1) EID 8 NSOCK (14.7320s) nsock_loop() started (no timeout). 1 events pending NSOCK (14.8150s) Callback: CONNECT SUCCESS for EID 8 [205.217.153.62:22] NSOCK (14.8150s) Read request from IOD #1 [205.217.153.62:22] (timeout: 6000ms) EID 18 NSOCK (14.8870s) Callback: READ SUCCESS for EID 18 [205.217.153.62:22] (20 bytes): SSH-2.0-OpenSSH_4.3. Interesting ports on scanme.nmap.org (205.217.153.62): PORT STATE SERVICE VERSION 20/tcp filtered ftp-data 21/tcp filtered ftp 22/tcp open ssh OpenSSH 4.3 (protocol 2.0) 23/tcp filtered telnet 24/tcp filtered priv-mail 25/tcp closed smtp 26/tcp filtered unknown Nmap finished: 1 IP address (1 host up) scanned in 14.960 seconds On short scans, I do not see the problem occur, only on default scan of all of nmaps 1670 some odd ports.
I also have experienced this problem, both after compiling from source, and from the pre-compiled binaries. I have a Windows XP Pro SP2 laptop with the windows firewall disabled. My router is also a Netgear WRG614. It is version 5 with the latest firmware. The SPI firewall is disabled on the router. Here's my output from a packet trace: nmap -p20-26 -sV -r --packet-trace scanme.insecure.org Starting Nmap 4.03 ( http://www.insecure.org/nmap ) at 2006-05-06 13:42 Central Daylight Time SENT (0.2810s) ICMP 10.0.0.2 > 205.217.153.62 Echo request (type=8/code=0) ttl=4 5 id=5357 iplen=28 SENT (0.2810s) TCP 10.0.0.2:61300 > 205.217.153.62:80 A ttl=52 id=52485 iplen=40 seq=319111262 win=1024 ack=512049246 RCVD (0.4060s) ICMP 205.217.153.62 > 10.0.0.2 Echo reply (type=0/code=0) ttl=44 id=12786 iplen=28 NSOCK (0.9060s) UDP connection requested to 10.0.0.1:53 (IOD #1) EID 8 NSOCK (0.9060s) Read request from IOD #1 [10.0.0.1:53] (timeout: -1ms) EID 18 NSOCK (0.9060s) Write request for 45 bytes to IOD #1 EID 27 [10.0.0.1:53]: 6c... ........62.153.217.205.in-addr.arpa..... NSOCK (0.9060s) nsock_loop() started (timeout=500ms). 3 events pending NSOCK (0.9060s) Callback: CONNECT SUCCESS for EID 8 [10.0.0.1:53] NSOCK (0.9060s) Callback: WRITE SUCCESS for EID 27 [10.0.0.1:53] NSOCK (0.9690s) Callback: READ SUCCESS for EID 18 [10.0.0.1:53] (169 bytes) NSOCK (0.9690s) Read request from IOD #1 [10.0.0.1:53] (timeout: -1ms) EID 34 SENT (0.9840s) TCP 10.0.0.2:61278 > 205.217.153.62:20 S ttl=40 id=49014 iplen=44 seq=964039243 win=1024 SENT (0.9840s) TCP 10.0.0.2:61278 > 205.217.153.62:21 S ttl=58 id=4937 iplen=44 seq=964039243 win=3072 SENT (0.9840s) TCP 10.0.0.2:61278 > 205.217.153.62:22 S ttl=47 id=6674 iplen=44 seq=964039243 win=4096 SENT (0.9840s) TCP 10.0.0.2:61278 > 205.217.153.62:23 S ttl=57 id=31282 iplen=44 seq=964039243 win=2048 SENT (0.9840s) TCP 10.0.0.2:61278 > 205.217.153.62:24 S ttl=57 id=61745 iplen=44 seq=964039243 win=2048 SENT (0.9840s) TCP 10.0.0.2:61278 > 205.217.153.62:25 S ttl=45 id=38522 iplen=44 seq=964039243 win=2048 SENT (0.9840s) TCP 10.0.0.2:61278 > 205.217.153.62:26 S ttl=51 id=25177 iplen=44 seq=964039243 win=4096 RCVD (1.0940s) TCP 205.217.153.62:22 > 10.0.0.2:61278 SA ttl=44 id=12794 iplen=4 4 seq=4093108198 win=5840 ack=964039244 SENT (2.5150s) TCP 10.0.0.2:61279 > 205.217.153.62:26 S ttl=37 id=61031 iplen=44 seq=964104778 win=2048 SENT (2.5150s) TCP 10.0.0.2:61279 > 205.217.153.62:25 S ttl=46 id=32323 iplen=44 seq=964104778 win=3072 SENT (2.5310s) TCP 10.0.0.2:61279 > 205.217.153.62:24 S ttl=48 id=16181 iplen=44 seq=964104778 win=1024 SENT (2.5470s) TCP 10.0.0.2:61279 > 205.217.153.62:23 S ttl=47 id=52527 iplen=44 seq=964104778 win=4096 SENT (2.5620s) TCP 10.0.0.2:61279 > 205.217.153.62:21 S ttl=42 id=63557 iplen=44 seq=964104778 win=3072 SENT (2.5620s) TCP 10.0.0.2:61279 > 205.217.153.62:20 S ttl=46 id=51326 iplen=44 seq=964104778 win=3072 NSOCK (3.9370s) TCP connection requested to 205.217.153.62:22 (IOD #1) EID 8 NSOCK (3.9370s) nsock_loop() started (no timeout). 1 events pending NSOCK (4.0470s) Callback: CONNECT SUCCESS for EID 8 [205.217.153.62:22] NSOCK (4.0470s) Read request from IOD #1 [205.217.153.62:22] (timeout: 6000ms) E ID 18 NSOCK (4.1720s) Callback: READ SUCCESS for EID 18 [205.217.153.62:22] (20 bytes) : SSH-2.0-OpenSSH_4.3. Interesting ports on scanme.nmap.org (205.217.153.62): PORT STATE SERVICE VERSION 20/tcp filtered ftp-data 21/tcp filtered ftp 22/tcp open ssh OpenSSH 4.3 (protocol 2.0) 23/tcp filtered telnet 24/tcp filtered priv-mail 25/tcp filtered smtp 26/tcp filtered unknown Nmap finished: 1 IP address (1 host up) scanned in 4.203 seconds Also, I experience the problem while trying just operating system fingerprinting on scanme.insecure.org. The output is attached. I used the command: nmap -P0 -O -oN nmap.log scanme.isecure.org -Jamie
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev
Current thread:
- Possible WinPcap problems AgentSmith15 (May 01)
- Re: Possible WinPcap problems Fyodor (May 02)
- Message not available
- Re: Possible WinPcap problems AgentSmith15 (May 02)
- Message not available
- Re: Possible WinPcap problems AgentSmith15 (May 02)
- Re: Possible WinPcap problems John Crichton (May 02)
- Re: Possible WinPcap problems 王敬 (May 02)
- Message not available
- Re: Possible WinPcap problems AgentSmith15 (May 04)
- Message not available
- Message not available
- Re: Possible WinPcap problems John Crichton (May 05)
- Re: Possible WinPcap problems Fyodor (May 02)
- Message not available
- Message not available
- Message not available
- Re: Possible WinPcap problems Jamie Gavahan (May 06)