Nmap Development mailing list archives
Re: dhcp script!
From: Walt Scrivens <walts () gate net>
Date: Tue, 8 Sep 2009 16:35:54 -0400
On Sep 8, 2009, at 3:21 PM, David Fifield wrote:
[SNIP]
Try with -PN --send-ip. Maybe something is up with ARP ping. David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Yes.Since I'm running on Unix (Mac) it would have defaulted to raw ethernet packets. I presume a Windows host would have worked without --send-ip. I'll check that and report later.
So now, (dumb newbie question) - why is the router not responding to the ethernet frame but does respond to the IP packet? Isn't the packet content the same after the headers are stripped off?
I don't have time now, but will run with Wireshark later to see what I can learn.
Walt *************** sh-3.2# nmap -PN --send-ip -d -sU -p67 --script=dhcp-inform 192.168.1.1 Starting Nmap 5.00 ( http://nmap.org ) at 2009-09-08 16:21 EDT --------------- Timing report --------------- hostgroups: min 1, max 100000 rtt-timeouts: init 1000, min 100, max 10000 max-scan-delay: TCP 1000, UDP 1000, SCTP 1000 parallelism: min 0, max 0 max-retries: 10, host-timeout: 0 min-rate: 0, max-rate: 0 --------------------------------------------- NSE: Loaded 1 scripts for scanning. Warning: Unable to open interface vmnet8 -- skipping it. Warning: Unable to open interface vmnet1 -- skipping it. mass_rdns: Using DNS server 208.67.222.222 mass_rdns: Using DNS server 208.67.220.220 Initiating Parallel DNS resolution of 1 host. at 16:21 mass_rdns: 0.07s 0/1 [#: 2, OK: 0, NX: 0, DR: 0, SF: 0, TR: 1] Completed Parallel DNS resolution of 1 host. at 16:21, 0.07s elapsedDNS resolution of 1 IPs took 0.07s. Mode: Async [#: 2, OK: 0, NX: 1, DR: 0, SF: 0, TR: 1, CN: 0]
Initiating UDP Scan at 16:21 Scanning 192.168.1.1 [1 port]Packet capture filter (device en1): dst host 192.168.1.144 and (icmp or ((tcp or udp or sctp) and (src host 192.168.1.1)))
Completed UDP Scan at 16:21, 2.02s elapsed (1 total ports) Overall sending rates: 0.99 packets / s, 27.77 bytes / s. NSE: Script scanning 192.168.1.1. NSE: Starting runlevel 1 scan Initiating NSE at 16:21 NSE: NSE Script Threads (1) running: NSE: Starting dhcp-inform against 192.168.1.1:67. NSE: Finished dhcp-inform against 192.168.1.1:67. Completed NSE at 16:21, 3.00s elapsed NSE: Script Scanning completed. Host 192.168.1.1 is up, received user-set. Scanned at 2009-09-08 16:21:25 EDT for 5s Interesting ports on 192.168.1.1: PORT STATE SERVICE REASON 67/udp open|filtered dhcps no-response Final times for host: srtt: -1 rttvar: -1 to: 1000000 Read from /usr/local/share/nmap: nmap-services. Nmap done: 1 IP address (1 host up) scanned in 5.17 seconds Raw packets sent: 2 (56B) | Rcvd: 0 (0B) sh-3.2# ************************************************** Here it is without the -PN: ************************************************** sh-3.2# nmap --send-ip -d -sU -p67 --script=dhcp-inform 192.168.1.1 Starting Nmap 5.00 ( http://nmap.org ) at 2009-09-08 16:28 EDT --------------- Timing report --------------- hostgroups: min 1, max 100000 rtt-timeouts: init 1000, min 100, max 10000 max-scan-delay: TCP 1000, UDP 1000, SCTP 1000 parallelism: min 0, max 0 max-retries: 10, host-timeout: 0 min-rate: 0, max-rate: 0 --------------------------------------------- NSE: Loaded 1 scripts for scanning. Warning: Unable to open interface vmnet8 -- skipping it. Warning: Unable to open interface vmnet1 -- skipping it. Initiating Ping Scan at 16:28 Scanning 192.168.1.1 [4 ports]Packet capture filter (device en1): dst host 192.168.1.144 and (icmp or ((tcp or udp or sctp) and (src host 192.168.1.1))) We got a ping packet back from 192.168.1.1: id = 5989 seq = 0 checksum = 59546
Completed Ping Scan at 16:28, 0.01s elapsed (1 total hosts) Overall sending rates: 341.85 packets / s, 12990.34 bytes / s. mass_rdns: Using DNS server 208.67.222.222 mass_rdns: Using DNS server 208.67.220.220 Initiating Parallel DNS resolution of 1 host. at 16:28 mass_rdns: 0.07s 0/1 [#: 2, OK: 0, NX: 0, DR: 0, SF: 0, TR: 1] Completed Parallel DNS resolution of 1 host. at 16:28, 0.07s elapsedDNS resolution of 1 IPs took 0.07s. Mode: Async [#: 2, OK: 0, NX: 1, DR: 0, SF: 0, TR: 1, CN: 0]
Initiating UDP Scan at 16:28 Scanning 192.168.1.1 [1 port]Packet capture filter (device en1): dst host 192.168.1.144 and (icmp or ((tcp or udp or sctp) and (src host 192.168.1.1)))
Completed UDP Scan at 16:28, 0.21s elapsed (1 total ports) Overall sending rates: 9.35 packets / s, 261.82 bytes / s. NSE: Script scanning 192.168.1.1. NSE: Starting runlevel 1 scan Initiating NSE at 16:28 NSE: NSE Script Threads (1) running: NSE: Starting dhcp-inform against 192.168.1.1:67. NSE: Finished dhcp-inform against 192.168.1.1:67. Completed NSE at 16:28, 3.00s elapsed NSE: Script Scanning completed. Host 192.168.1.1 is up, received echo-reply (0.0040s latency). Scanned at 2009-09-08 16:28:07 EDT for 4s Interesting ports on 192.168.1.1: PORT STATE SERVICE REASON 67/udp open|filtered dhcps no-response MAC Address: 00:0F:66:3E:98:EB (Cisco-Linksys) Final times for host: srtt: 4007 rttvar: 5000 to: 100000 Read from /usr/local/share/nmap: nmap-mac-prefixes nmap-services. Nmap done: 1 IP address (1 host up) scanned in 3.48 seconds Raw packets sent: 6 (208B) | Rcvd: 1 (28B) ******************************************** _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Re: dhcp script!, (continued)
- Re: dhcp script! Ron (Sep 08)
- Re: dhcp script! Brandon Enright (Sep 08)
- Re: dhcp script! Ron (Sep 08)
- Re: dhcp script! Kris Katterjohn (Sep 08)
- Re: dhcp script! Ron (Sep 08)
- Re: dhcp script! Ron (Sep 08)
- Re: dhcp script! jah (Sep 08)
- Re: dhcp script! Ron (Sep 08)
- Re: dhcp script! Walt Scrivens (Sep 08)
- Re: dhcp script! David Fifield (Sep 08)
- Re: dhcp script! Walt Scrivens (Sep 08)
- Re: dhcp script! Ron (Sep 08)
- Re: dhcp script! Walt Scrivens (Sep 08)
- Re: dhcp script! Ron (Sep 08)
- Re: dhcp script! Walt Scrivens (Sep 08)
- Re: dhcp script! Walt Scrivens (Sep 08)
- Re: dhcp script! Brandon Enright (Sep 08)
- Re: dhcp script! Walt Scrivens (Sep 08)