Nmap Development mailing list archives

Re: Latest NMAP & the cisco VPN client...

From: kx <kxmail () gmail com>
Date: Fri, 9 Feb 2007 20:50:21 -0500

Colin,
  WinPcap can't transmit over a VPN.  See:
http://seclists.org/nmap-dev/2006/q3/0438.html


You might try --unprivileged which should allow things like Connect
scans to work.

Cheers,
  kx


On 2/9/07, Hines,Colin Mack <cmhines () ufl edu> wrote:


Running XP sp2 / all latest patches and IE7.

Cisco VPN Client 4.6.02.0011 using ipsec/tcp
Nmap for windows v4.20 downloaded today from insecure.org

It seems that nmap is not correctly enumerating all the local routes
provided by the cisco vpn client.  Here is my current route print
output...

C:\Program Files\Nmap>route print
========================================================================
===
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 13 72 c6 f2 2b ...... Broadcom NetXtreme 57xx Gigabit
Controller - Pac
ket Scheduler Miniport
0x10004 ...00 05 9a 3c 78 00 ...... Cisco Systems VPN Adapter - Packet
Scheduler
 Miniport
========================================================================
===
========================================================================
===
Active Routes:
Network Destination        Netmask          Gateway       Interface
Metric
         0.0.0.0          0.0.0.0      10.241.22.1   10.241.23.222
20
      10.5.135.0    255.255.255.0   10.228.255.129  10.228.255.129
1
      10.5.176.0    255.255.240.0   10.228.255.129  10.228.255.129
1
      10.5.192.0    255.255.240.0   10.228.255.129  10.228.255.129
1
    10.227.208.0    255.255.255.0   10.228.255.129  10.228.255.129
1
    10.228.255.0    255.255.255.0   10.228.255.129  10.228.255.129
1
  10.228.255.128  255.255.255.128   10.228.255.129  10.228.255.129
10
  10.228.255.129  255.255.255.255        127.0.0.1       127.0.0.1
10
     10.241.22.0    255.255.254.0    10.241.23.222   10.241.23.222
20
     10.241.22.0    255.255.254.0   10.228.255.129  10.228.255.129
1
     10.241.23.7  255.255.255.255    10.241.23.222   10.241.23.222
1
   10.241.23.222  255.255.255.255        127.0.0.1       127.0.0.1
20
  10.255.255.255  255.255.255.255   10.228.255.129  10.228.255.129
10
  10.255.255.255  255.255.255.255    10.241.23.222   10.241.23.222
20
       127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1
1
   128.227.0.144  255.255.255.240   10.228.255.129  10.228.255.129
1
    128.227.21.0  255.255.255.192   10.228.255.129  10.228.255.129
1
  128.227.75.224  255.255.255.240   10.228.255.129  10.228.255.129
1
   128.227.128.0    255.255.255.0   10.228.255.129  10.228.255.129
1
   128.227.138.0    255.255.255.0   10.228.255.129  10.228.255.129
1
   128.227.156.0    255.255.255.0   10.228.255.129  10.228.255.129
1
 128.227.166.117  255.255.255.255      10.241.22.1   10.241.23.222
1
 128.227.187.192  255.255.255.192   10.228.255.129  10.228.255.129
1
   128.227.208.0    255.255.255.0   10.228.255.129  10.228.255.129
1
       224.0.0.0        240.0.0.0   10.228.255.129  10.228.255.129
10
       224.0.0.0        240.0.0.0    10.241.23.222   10.241.23.222
20
 255.255.255.255  255.255.255.255   10.228.255.129  10.228.255.129
1
 255.255.255.255  255.255.255.255    10.241.23.222   10.241.23.222
1
Default Gateway:       10.241.22.1
========================================================================
===
Persistent Routes:
 None

Now, here is my nmap --iflist output...

C:\Program Files\Nmap>nmap --iflist

Starting Nmap 4.20 ( http://insecure.org ) at 2007-02-09 11:12 Eastern
Standard
Time
************************INTERFACES************************
DEV  (SHORT) IP/MASK           TYPE     UP MAC
eth0 (eth0)  10.241.23.222/23  ethernet up 00:13:72:C6:F2:2B
eth1 (eth1)  10.228.255.129/25 ethernet up 00:05:9A:3C:78:00
lo0  (lo0)   127.0.0.1/8       loopback up

**************************ROUTES**************************
DST/MASK           DEV  GATEWAY
255.255.255.255/32 eth1 10.228.255.129
128.227.166.117/32 eth0 10.241.22.1
10.255.255.255/32  eth0 10.241.23.222
10.255.255.255/32  eth1 10.228.255.129
10.241.23.222/32   lo0  127.0.0.1
10.241.23.7/32     eth0 10.241.23.222
10.228.255.129/32  lo0  127.0.0.1
255.255.255.255/32 eth0 10.241.23.222
128.227.75.224/4   eth1 10.228.255.129
128.227.0.144/4    eth1 10.228.255.129
128.227.21.0/2     eth1 10.228.255.129
128.227.187.192/2  eth1 10.228.255.129
10.228.255.128/1   eth1 10.228.255.129
128.227.208.0/0    eth1 10.228.255.129
10.5.135.0/0       eth1 10.228.255.129
10.227.208.0/0     eth1 10.228.255.129
10.228.255.0/0     eth1 10.228.255.129
128.227.156.0/0    eth1 10.228.255.129
128.227.128.0/0    eth1 10.228.255.129
128.227.138.0/0    eth1 10.228.255.129
10.241.22.0/0      eth1 10.228.255.129
10.241.22.0/0      eth0 10.241.23.222
10.5.176.0/0       eth1 10.228.255.129
10.5.192.0/0       eth1 10.228.255.129
127.0.0.0/0        lo0  127.0.0.1
224.0.0.0/0        eth1 10.228.255.129
224.0.0.0/0        eth0 10.241.23.222
0.0.0.0/0          eth0 10.241.22.1


As far as I can tell, it seems to be doing some wacky stuff with the
network masks.  We noticed this issue when trying to nmap 10.5.177.x
boxes and it was not sending it over the vpn, but sending it over the
local network, eth0.

Thanks!

Colin M. Hines
Infrastructure Team  -=-  UF Bridges
cmhines () ufl edu  -=-  352.871.7000

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org

Current thread:

Latest NMAP & the cisco VPN client... Hines,Colin Mack (Feb 09)
- Re: Latest NMAP & the cisco VPN client... kx (Feb 09)
  - RE: Latest NMAP & the cisco VPN client... Wagner, Chris (GE Infra, Non-GE, US) (Feb 12)