Nmap Development mailing list archives
Problems with nmap, raw packets, and PPPoE
From: Damian Gerow <dgerow () afflictions org>
Date: Tue, 11 Apr 2006 16:34:44 -0400
I've just installed an OpenBSD snaphot from yesterday, and I've run into a bit of an issue using nmap to scan anything over the PPPoE link when raw packets are required (i.e. SYN scan, OS fingerprinting): # nmap -sS -P0 -p 80,81 192.168.0.1 Starting Nmap 4.01 ( http://www.insecure.org/nmap/ ) at 2006-04-11 16:18 EDT WARNING: Unable to find appropriate interface for system route to 0.0.0.1 WARNING: Unable to find appropriate interface for system route to 0.0.0.0 nexthost: failed to determine route to 192.168.0.1 QUITTING! # nmap -sT -P0 -p 80,81 -O 192.168.0.1 Starting Nmap 4.01 ( http://www.insecure.org/nmap/ ) at 2006-04-11 16:23 EDT WARNING: Unable to find appropriate interface for system route to 0.0.0.1 WARNING: Unable to find appropriate interface for system route to 0.0.0.0 nexthost: failed to determine route to 192.168.0.1 QUITTING! # I'm going to go out on a limb and guess it's because the system default route is 0.0.0.1, and nmap's logic to find the associated interface fails. I've tried specifying an interface to no avail: # nmap -sT -P0 -p 80,81 -O -e pppoe0 192.168.0.1 Starting Nmap 4.01 ( http://www.insecure.org/nmap/ ) at 2006-04-11 16:28 EDT WARNING: Unable to find appropriate interface for system route to 0.0.0.1 WARNING: Unable to find appropriate interface for system route to 0.0.0.0 Warning: OS detection will be MUCH less reliable because we did not find at least 1 open and 1 closed TCP port sendto in send_ip_packet: sendto(4, packet, 60, 0, 192.168.0.1, 16) => No route to host Sleeping 15 seconds then retrying sendto in send_ip_packet: sendto(4, packet, 60, 0, 192.168.0.1, 16) => No route to host Sleeping 60 seconds then retrying caught SIGINT signal, cleaning up # (Yes, I can manually connect to port 80 on the host in question.) And finally, here's the output of --iflist: # nmap --iflist Starting Nmap 4.01 ( http://www.insecure.org/nmap/ ) at 2006-04-11 16:30 EDT ************************INTERFACES************************ DEV (SHORT) IP/MASK TYPE UP MAC lo0 (lo0) 127.0.0.1/8 loopback up vr0 (vr0) 10.0.0.1/30 ethernet up 00:50:BA:E8:08:B5 fxp0 (fxp0) 172.19.206.8/24 ethernet up 00:80:5F:F7:45:53 ral0 (ral0) 192.168.132.8/24 ethernet up 00:12:17:85:9A:3B fxp1 (fxp1) 10.9.22.8/24 ethernet up 00:D0:B7:23:65:34 pppoe0 (pppoe0) 64.7.134.90/32 point2point up WARNING: Unable to find appropriate interface for system route to 0.0.0.1 WARNING: Unable to find appropriate interface for system route to 0.0.0.0 **************************ROUTES************************** DST/MASK DEV GATEWAY 127.0.0.1/32 lo0 127.0.0.1 127.0.0.0/0 lo0 127.0.0.1 224.0.0.0/0 lo0 127.0.0.1 # Is this a known issue right now? Should I be chasing this down with OpenBSD? (Please Cc: me in responses; I don't (yet) subscribe to -dev@.) - Damian _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev
Current thread:
- Problems with nmap, raw packets, and PPPoE Damian Gerow (Apr 11)