Nmap Development mailing list archives
Re: -NP ignored when running as root
From: David Fifield <david () bamsoftware com>
Date: Wed, 22 Jul 2009 09:30:00 -0600
On Thu, Jul 16, 2009 at 06:58:51PM -0400, Mike Calmus wrote:
I just downloaded and built nmap 5.0 on MacOSX 10.5.7. When I run a simple scan on a Windows 7 box it seems to ignore the -NP setting when I run as root. It works fine when I run as an unprivileged user: bash-3.2$ sudo nmap -PN -A -v 192.168.1.190 Starting Nmap 5.00 ( http://nmap.org ) at 2009-07-16 18:48 EDT NSE: Loaded 30 scripts for scanning. Initiating ARP Ping Scan at 18:48 Scanning 192.168.1.190 [1 port] Completed ARP Ping Scan at 18:48, 0.22s elapsed (1 total hosts) Read data files from: /usr/local/share/nmap Nmap done: 1 IP address (0 hosts up) scanned in 0.54 seconds Raw packets sent: 2 (84B) | Rcvd: 0 (0B) bash-3.2$ nmap -PN -A 192.168.1.190 Starting Nmap 5.00 ( http://nmap.org ) at 2009-07-16 18:50 EDT Stats: 0:01:44 elapsed; 0 hosts completed (1 up), 1 undergoing Script Scan NSE Timing: About 0.00% done Interesting ports on 192.168.1.190: Not shown: 993 filtered ports PORT STATE SERVICE VERSION 135/tcp open msrpc Microsoft Windows RPC 139/tcp open netbios-ssn 445/tcp open netbios-ssn 554/tcp open rtsp? 2869/tcp open http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP) 5357/tcp open http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP) |_ html-title: Service Unavailable 10243/tcp open http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP) |_ html-title: Not Found Service Info: OS: Windows
I sent Mike a patch based on the problem report by Marcus Haebler here: http://seclists.org/nmap-dev/2009/q1/0176.html The problem is that some operating systems send their ARP replies to the broadcast address. Nmap didn't receive them with its BPF filter of arp and ether dst host 0xAABBCCDDEEFF Marcus's suggestion was to look inside the ARP packet, at the target address field, with a filter like arp and arp[18:4] = 0xAABBCCDD and arp[22:2] = 0xEEFF The patch worked for Mike and worked in my own testing against unicast ARP replies, so I applied it in r14498. I haven't been able to find much on the web about this phenomenon, except for this mailing list post which Marcus also noted: http://unix.derkeiler.com/Mailing-Lists/SunManagers/2009-01/msg00009.html David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Nmap 5.00 Fyodor (Jul 16)
- -NP ignored when running as root Mike Calmus (Jul 16)
- Re: -NP ignored when running as root David Fifield (Jul 16)
- Re: -NP ignored when running as root Mike Calmus (Jul 16)
- Re: -NP ignored when running as root Brandon Enright (Jul 16)
- Re: -NP ignored when running as root Mike Calmus (Jul 18)
- Re: -NP ignored when running as root David Fifield (Jul 18)
- Message not available
- Re: -NP ignored when running as root Michael Pattrick (Jul 18)
- Re: -NP ignored when running as root Mike Calmus (Jul 18)
- Re: -NP ignored when running as root David Fifield (Jul 16)
- -NP ignored when running as root Mike Calmus (Jul 16)