Nmap Development mailing list archives
Possible bug in nmap 4.11, operation not permitted error message on Linux without iptables enabled
From: Sebastian Wolfgarten <sebastian () wolfgarten com>
Date: Wed, 23 May 2007 22:00:04 +0200
Hi, I am unsure whether I've hit a bug in nmap 4.11 but here is what I got: # nmap -v -sS -sV -P0 -p0-65535 -O app02.imedo.de Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2007-05-23 21:41 CEST DNS resolution of 1 IPs took 0.03s. Initiating SYN Stealth Scan against 217.188.214.92 [65536 ports] at 21:41 Discovered open port 22/tcp on 217.188.214.92 SYN Stealth Scan Timing: About 3.59% done; ETC: 21:55 (0:13:26 remaining) SYN Stealth Scan Timing: About 11.61% done; ETC: 21:50 (0:07:37 remaining) SYN Stealth Scan Timing: About 41.98% done; ETC: 21:47 (0:03:15 remaining) sendto in send_ip_packet: sendto(5, packet, 44, 0, 217.188.214.92, 16) => Operation not permitted sendto in send_ip_packet: sendto(5, packet, 44, 0, 217.188.214.92, 16) => Operation not permitted sendto in send_ip_packet: sendto(5, packet, 44, 0, 217.188.214.92, 16) => Operation not permitted Stats: 0:04:50 elapsed; 0 hosts completed (1 up), 1 undergoing SYN Stealth Scan SYN Stealth Scan Timing: About 99.60% done; ETC: 21:46 (0:00:01 remaining) The SYN Stealth Scan took 291.59s to scan 65536 total ports. Initiating service scan against 1 service on 217.188.214.92 at 21:46 The service scan took 0.06s to scan 1 service on 1 host. Warning: OS detection will be MUCH less reliable because we did not find at least 1 open and 1 closed TCP port For OSScan assuming port 22 is open, 43229 is closed, and neither are firewalled Host 217.188.214.92 appears to be up ... good. Interesting ports on 217.188.214.92: Not shown: 65535 filtered ports PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 4.3p2 Debian 9 (protocol 2.0) Too many fingerprints match this host to give specific OS details TCP/IP fingerprint: SInfo(V=4.11%P=x86_64-pc-linux-gnu%D=5/23%Tm=46549A0F%O=22%C=-1) TSeq(Class=RI%gcd=1%SI=40E314%IPID=Z) T1(Resp=Y%DF=Y%W=16A0%ACK=S++%Flags=AS%Ops=MNNTNW) T2(Resp=N) T3(Resp=Y%DF=Y%W=16A0%ACK=S++%Flags=AS%Ops=MNNTNW) T4(Resp=Y%DF=Y%W=0%ACK=O%Flags=R%Ops=) T5(Resp=N) T6(Resp=N) T7(Resp=N) PU(Resp=N) TCP Sequence Prediction: Class=random positive increments Difficulty=4252436 (Good luck!) IPID Sequence Generation: All zeros Service Info: OS: Linux Nmap finished: 1 IP address (1 host up) scanned in 294.533 seconds Raw packets sent: 131143 (5.771MB) | Rcvd: 73 (3662B) Now my question is: Why am I getting these "operation not permitted" error messages if I don't have iptables rules set? Here is the output of iptables: # iptables -t nat -L Chain PREROUTING (policy ACCEPT) target prot opt source destination Chain POSTROUTING (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination # iptables -t filter -L Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination My kernel is 2.6.17-gentoo-r8 on Gentoo Linux. Before I start looking into the nmap code (probably gonna take a long time to understand it), do you guys have any idea what causes this message "sendto in send_ip_packet: sendto(5, packet, 44, 0, 217.188.214.92, 16) => Operation not permitted"? Thank you and best regards, Sebastian _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Possible bug in nmap 4.11, operation not permitted error message on Linux without iptables enabled Sebastian Wolfgarten (May 23)