Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Problems with nmap, raw packets, and PPPoE

From: Damian Gerow <dgerow () afflictions org>
Date: Tue, 11 Apr 2006 16:34:44 -0400
I've just installed an OpenBSD snaphot from yesterday, and I've run into a
bit of an issue using nmap to scan anything over the PPPoE link when raw
packets are required (i.e. SYN scan, OS fingerprinting):

    # nmap -sS -P0  -p 80,81 192.168.0.1

    Starting Nmap 4.01 ( http://www.insecure.org/nmap/ ) at 2006-04-11 16:18 EDT
    WARNING: Unable to find appropriate interface for system route to 0.0.0.1

    WARNING: Unable to find appropriate interface for system route to 0.0.0.0

    nexthost: failed to determine route to 192.168.0.1
    QUITTING!
    # nmap -sT -P0 -p 80,81 -O 192.168.0.1

    Starting Nmap 4.01 ( http://www.insecure.org/nmap/ ) at 2006-04-11 16:23
    EDT
    WARNING: Unable to find appropriate interface for system route to
    0.0.0.1

    WARNING: Unable to find appropriate interface for system route to
    0.0.0.0

    nexthost: failed to determine route to 192.168.0.1
    QUITTING!
    # 

I'm going to go out on a limb and guess it's because the system default route
is 0.0.0.1, and nmap's logic to find the associated interface fails.

I've tried specifying an interface to no avail:

    # nmap -sT -P0 -p 80,81 -O -e pppoe0 192.168.0.1      

    Starting Nmap 4.01 ( http://www.insecure.org/nmap/ ) at 2006-04-11 16:28 EDT
    WARNING: Unable to find appropriate interface for system route to 0.0.0.1

    WARNING: Unable to find appropriate interface for system route to 0.0.0.0

    Warning:  OS detection will be MUCH less reliable because we did not find at least 1 open and 1 closed TCP port
    sendto in send_ip_packet: sendto(4, packet, 60, 0, 192.168.0.1, 16) =>
    No route to host
    Sleeping 15 seconds then retrying
    sendto in send_ip_packet: sendto(4, packet, 60, 0, 192.168.0.1, 16) =>
    No route to host
    Sleeping 60 seconds then retrying
    caught SIGINT signal, cleaning up
    # 

(Yes, I can manually connect to port 80 on the host in question.)

And finally, here's the output of --iflist:

    # nmap --iflist

    Starting Nmap 4.01 ( http://www.insecure.org/nmap/ ) at 2006-04-11 16:30 EDT
    ************************INTERFACES************************
    DEV    (SHORT)  IP/MASK          TYPE        UP MAC
    lo0    (lo0)    127.0.0.1/8      loopback    up
    vr0    (vr0)    10.0.0.1/30      ethernet    up 00:50:BA:E8:08:B5
    fxp0   (fxp0)   172.19.206.8/24  ethernet    up 00:80:5F:F7:45:53
    ral0   (ral0)   192.168.132.8/24 ethernet    up 00:12:17:85:9A:3B
    fxp1   (fxp1)   10.9.22.8/24     ethernet    up 00:D0:B7:23:65:34
    pppoe0 (pppoe0) 64.7.134.90/32   point2point up

    WARNING: Unable to find appropriate interface for system route to 0.0.0.1

    WARNING: Unable to find appropriate interface for system route to 0.0.0.0

    **************************ROUTES**************************
    DST/MASK     DEV GATEWAY
    127.0.0.1/32 lo0 127.0.0.1
    127.0.0.0/0  lo0 127.0.0.1
    224.0.0.0/0  lo0 127.0.0.1

    # 

Is this a known issue right now?  Should I be chasing this down with
OpenBSD?

(Please Cc: me in responses; I don't (yet) subscribe to -dev@.)

  - Damian


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Previous By Date Next
Previous By Thread Next

Current thread: