Nmap Development mailing list archives
Re: Follow up to NMAP on Snow Leopard with VMWARE Fusion installed
From: Walt Scrivens <walts () gate net>
Date: Mon, 21 Sep 2009 07:28:50 -0400
Here's some more info - this time with 5.00. I did the same scan through Zenmap, running natively under Snow Leopard, and running as a Windows 7 VM under VMWare Fusion under Snow Leopard. Same computer, same network. I used the "canned" Intense Scan profile in Zenmap from the Windows vm, and copy/pasted it into the Mac Zenmap since its version of Intense Scan did not include the -PE -PS22,25,80 -PA21,23,80,3389
It looks to me as if the Mac user scan worked correctly, being the same as the Windows scan less that which requires root to run. The Mac root scan fails miserably.
I'm happy to help in any way I can with diagnosing this, but I'm nowhere near as clever as most of you when it comes to digging into the nmap code or the OS. I'm happy to run lots of scans and to provide capture files from Wireshark if they will help. I don't have the beta installed on the Windows 7 VM since I don't have the development environment installed there, but maybe later today I can do that.
WaltHere's the command line that was used for both scans followed by the output:
First the Windows 7 scan: ===================================== nmap -T4 -A -v -PE -PS22,25,80 -PA21,23,80,3389 192.168.1.1Starting Nmap 5.00 ( http://nmap.org ) at 2009-09-21 07:06 Eastern Daylight Time
NSE: Loaded 30 scripts for scanning. Initiating Ping Scan at 07:07 Scanning 192.168.1.1 [8 ports] Completed Ping Scan at 07:07, 1.23s elapsed (1 total hosts) Initiating Parallel DNS resolution of 1 host. at 07:07 Completed Parallel DNS resolution of 1 host. at 07:07, 0.01s elapsed Initiating SYN Stealth Scan at 07:07 Scanning 0ur1an (192.168.1.1) [1000 ports] Discovered open port 53/tcp on 192.168.1.1 Discovered open port 23/tcp on 192.168.1.1 Discovered open port 80/tcp on 192.168.1.1 Completed SYN Stealth Scan at 07:07, 2.34s elapsed (1000 total ports) Initiating Service scan at 07:07 Scanning 3 services on 0ur1an (192.168.1.1) Completed Service scan at 07:08, 74.48s elapsed (3 services on 1 host) Initiating OS detection (try #1) against 0ur1an (192.168.1.1) Initiating Traceroute at 07:08 192.168.1.1: guessing hop distance at 1 Completed Traceroute at 07:08, 0.03s elapsed Initiating Parallel DNS resolution of 3 hosts. at 07:08 Completed Parallel DNS resolution of 3 hosts. at 07:08, 0.14s elapsed NSE: Script scanning 192.168.1.1. NSE: Starting runlevel 1 scan Initiating NSE at 07:08 Completed NSE at 07:08, 4.34s elapsed NSE: Script Scanning completed. Host 0ur1an (192.168.1.1) is up (0.026s latency). Interesting ports on 0ur1an (192.168.1.1): Not shown: 997 closed ports PORT STATE SERVICE VERSION23/tcp open telnet DD-WRT telnetd 23 SP2 std (c) 2006 NewMedia-NET GmbH
53/tcp open domain dnsmasq 2.33 80/tcp open http? |_ html-title: 0ur1an - Info Device type: general purpose Running: Apple Mac OS X 10.5.X OS details: Apple Mac OS X 10.5.5 (Leopard) TCP Sequence Prediction: Difficulty=260 (Good luck!) IP ID Sequence Generation: Incremental Service Info: OS: Linux; Device: WAP TRACEROUTE (using port 22/tcp) HOP RTT ADDRESS 1 16.00 192.168.246.2 2 0.00 0ur1an (192.168.1.1) Read data files from: C:\Program Files\NmapOS and Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 104.19 seconds Raw packets sent: 1034 (47.206KB) | Rcvd: 1175 (51.683KB) ====================================== Now the Mac version: ====================================== nmap -T4 -A -v -PE -PS22,25,80 -PA21,23,80,3389 192.168.1.1 Starting Nmap 5.00 ( http://nmap.org ) at 2009-09-21 07:10 EDT NSE: Loaded 30 scripts for scanning. Initiating ARP Ping Scan at 07:10 Scanning 192.168.1.1 [1 port] Completed ARP Ping Scan at 07:10, 0.21s elapsed (1 total hosts) Read data files from: /usr/local/share/nmapNote: Host seems down. If it is really up, but blocking our ping probes, try -PN
Nmap done: 1 IP address (0 hosts up) scanned in 0.47 seconds Raw packets sent: 2 (84B) | Rcvd: 0 (0B) =======================================Then, just for grins, I tried the same scan from a command line as an ordinary user
=======================================testcomputer:~ walts$ nmap -T4 -A -v -PE -PS22,25,80 -PA21,23,80,3389 192.168.1.1
Warning: You are not root -- using TCP pingscan rather than ICMP Starting Nmap 5.00 ( http://nmap.org ) at 2009-09-21 07:18 EDT NSE: Loaded 30 scripts for scanning. Initiating Ping Scan at 07:18 Scanning 192.168.1.1 [6 ports] Completed Ping Scan at 07:18, 0.01s elapsed (1 total hosts) Initiating Parallel DNS resolution of 1 host. at 07:18 Completed Parallel DNS resolution of 1 host. at 07:18, 0.01s elapsed Initiating Connect Scan at 07:18 Scanning 0ur1an (192.168.1.1) [1000 ports] Discovered open port 53/tcp on 192.168.1.1 Discovered open port 23/tcp on 192.168.1.1 Discovered open port 80/tcp on 192.168.1.1 Completed Connect Scan at 07:18, 2.14s elapsed (1000 total ports) Initiating Service scan at 07:18 Scanning 3 services on 0ur1an (192.168.1.1) Completed Service scan at 07:18, 6.02s elapsed (3 services on 1 host) NSE: Script scanning 192.168.1.1. NSE: Starting runlevel 1 scan Initiating NSE at 07:18 Completed NSE at 07:18, 4.26s elapsed NSE: Script Scanning completed. Host 0ur1an (192.168.1.1) is up (0.076s latency). Interesting ports on 0ur1an (192.168.1.1): Not shown: 997 closed ports PORT STATE SERVICE VERSION23/tcp open telnet DD-WRT telnetd 23 SP2 std (c) 2006 NewMedia-NET GmbH
53/tcp open domain dnsmasq 2.33 80/tcp open http Linksys wrt54g DD-WRT firmware http config |_ html-title: 0ur1an - Info Service Info: OS: Linux; Device: WAP Read data files from: /usr/local/share/nmapService detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 12.76 seconds testcomputer:~ walts$ ========================================= ...and finally as root: =========================================testcomputer:~ walts$ sudo nmap -T4 -A -v -PE -PS22,25,80 - PA21,23,80,3389 192.168.1.1
Password: Starting Nmap 5.00 ( http://nmap.org ) at 2009-09-21 07:20 EDT NSE: Loaded 30 scripts for scanning. Initiating ARP Ping Scan at 07:20 Scanning 192.168.1.1 [1 port] Completed ARP Ping Scan at 07:20, 0.21s elapsed (1 total hosts) Read data files from: /usr/local/share/nmapNote: Host seems down. If it is really up, but blocking our ping probes, try -PN
Nmap done: 1 IP address (0 hosts up) scanned in 0.47 seconds Raw packets sent: 2 (84B) | Rcvd: 0 (0B) testcomputer:~ walts$ ========================================== On Sep 21, 2009, at 5:03 AM, Norbert Szetei wrote:
Hello,I reported also this problem a few days ago, on fresh show leopard installation (nmap 5.05BETA1) and without vmware.s.
[SNIP] _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Follow up to NMAP on Snow Leopard with VMWARE Fusion installed James R. Marcus (Sep 18)
- Re: Follow up to NMAP on Snow Leopard with VMWARE Fusion installed Walt Scrivens (Sep 18)
- Re: Follow up to NMAP on Snow Leopard with VMWARE Fusion installed James R. Marcus (Sep 18)
- Re: Follow up to NMAP on Snow Leopard with VMWARE Fusion installed Walt Scrivens (Sep 18)
- Re: Follow up to NMAP on Snow Leopard with VMWARE Fusion installed Norbert Szetei (Sep 21)
- Re: Follow up to NMAP on Snow Leopard with VMWARE Fusion installed Walt Scrivens (Sep 21)
- Re: Follow up to NMAP on Snow Leopard with VMWARE Fusion installed Jay Fink (Sep 21)
- Re: Follow up to NMAP on Snow Leopard with VMWARE Fusion installed David Fifield (Sep 22)
- Re: Follow up to NMAP on Snow Leopard with VMWARE Fusion installed Walt Scrivens (Sep 23)
- Re: Follow up to NMAP on Snow Leopard with VMWARE Fusion installed Jay Fink (Sep 23)
- Re: Follow up to NMAP on Snow Leopard with VMWARE Fusion installed Jay Fink (Sep 23)
- Re: Follow up to NMAP on Snow Leopard with VMWARE Fusion installed James R. Marcus (Sep 18)
- Re: Follow up to NMAP on Snow Leopard with VMWARE Fusion installed Walt Scrivens (Sep 18)