Nmap Development mailing list archives
Re: Nmap labeled ethernet address problem
From: Kris Katterjohn <katterjohn () gmail com>
Date: Tue, 29 Apr 2008 21:27:21 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hey Fyodor, Fyodor wrote:
Nmap seems to quit when it encounters labeled ethernet addresses on Linux.
<snip>
# ip addr add 1.1.1.1/32 dev eth0 label eth0vip # ip addr list dev eth0 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast qlen 1000 link/ether 00:12:79:de:38:13 brd ff:ff:ff:ff:ff:ff inet 192.34.35.49/28 brd 192.34.35.63 scope global eth0 inet 1.1.1.1/32 scope global eth0vip inet6 fe80::212:79ff:fede:3813/64 scope link valid_lft forever preferred_lft forever # nmap -sP -PI 192.34.35.1-5 Starting Nmap 4.60 ( http://nmap.org ) at 2008-04-17 17:33 MDT Failed to determine the netmask of eth0vip!: No such device (19)
I've been looking into this. It looks like "labels" are the same as the older "aliases", which are traditionally either the same name as the interface (as on BSD) or prefixed with the interface name and a colon (as on Solaris). Linux seems to support both. Nmap already knows about the colon notation: Strncpy(mydevs[numifaces].devname, ifr->ifr_name, [...]); /* devname isn't allowed to have alias qualification */ if ((p = strchr(mydevs[numifaces].devname, ':'))) *p = '\0'; I confirmed that using a label of "eth0:0" works as expected. After devname stuff, the netmask stuff is done: Strncpy(tmpifr.ifr_name, ifr->ifr_name, sizeof(tmpifr.ifr_name)); memcpy(&(tmpifr.ifr_addr), sin, [...]); rc = ioctl(sd, SIOCGIFNETMASK, &tmpifr); But notice that ifr->ifr_name is used rather than devname, so the SIOCGIFNETMASK apparently works for aliases and labels *if* they're in the right format. The ip manpage on my system says this about labels: "Each address may be tagged with a label string. In order to preserve compatibility with Linux-2.0 net aliases, this string must coincide with the name of the device or must be prefixed with the device name followed by colon." So it seems that Nmap isn't at fault, but rather the user for selecting the improper label and ip for not producing an error or warning. So given this, I'm not sure what should be done about it :)
Cheers, -F
Thanks, Kris Katterjohn -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQIVAwUBSBfZB/9K37xXYl36AQLTPw//W6U3AEkbMuB4farS7sAjdwfY5ltpoRBu 7qkvKtpAMYyRmwUr/ZJyaLppmUUAtzmzX8t2cK9F5cLHor5Zbp+j4i+DoEiMrgD+ 4qtrDQ4h7WjNEljE5m5tZqhy/Oa9JD6LGwXLnhsNINi8jYz9+hBDii3fuQu1HLi8 ILEoRDmN3eEKooX9Fiexk8uDqF+O5TLpFNM08dP7+6nDHxXU+5sraF2IX28MHpZ6 SKGPu2qKhFd0hdeT+75qiNH447izp9d3B154blxyaf3hOjJ7Vv6Z0n25yRS2wgJk 4UCrhEPr2LFaH4xaQixYWh68q5WwoVmEZeHoeXDRKfv2V30Bj3tjq92ZzAR2iNf9 1WPPsy8ajcrMCVah3Ndityj2rq8eFR4CgvU9w3kQ0Sp8MK+UzJGGvypMz7tAb+PV nKibp29srfF2e+i0GWyeI9AvTHSmAY8m/wTdnBUapi5vV7iRBut5pNQGLPq6atAh 7B6+fiTdkjZZsz6A+rL9N7X/Cy3P6ZF0du1+O6MfnBeDTx1LZCeVlnGVLP8MVK6e gk6LSdQcmtrb3JTmsTNBO+SA6pGyNV+OdZb2xp6iepwrXfpWPn6OT2QOm7nDRic/ T/LW34BPYWhEy0KBtlWRpJ11cvd8EalZETG7f7CrW36Tdq6yLObKgxZ2KBdJZ3Xt IfjphZ5OCcc= =aC3+ -----END PGP SIGNATURE----- _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Nmap labeled ethernet address problem Fyodor (Apr 19)
- Re: Nmap labeled ethernet address problem Kris Katterjohn (Apr 29)
- Re: Nmap labeled ethernet address problem bensonk (Apr 29)
- Re: Nmap labeled ethernet address problem Kris Katterjohn (Apr 30)
- Re: Nmap labeled ethernet address problem Fyodor (May 06)
- Re: Nmap labeled ethernet address problem bensonk (Apr 29)
- Re: Nmap labeled ethernet address problem Kris Katterjohn (Apr 29)