Re: OS X 10.6 Problems with privileged scans

[SCRIVENS WALTER <walts () gate net>]

I've been dealing with this from version 5.05 BETA1, and I have the  
same symptoms as Tom.

I have no problem with nmap version 5.0

I have  no problem with Wireshark version 1.2.0 under OS X 10.6.1 once  
I applied the recommended patch, sudo chmod g+w /dev/bpf*

Here is the backtrace from my nmap5.05BETA1:

Reading symbols for shared libraries .++++++.. done
0x00007fff8653b364 in read ()
(gdb) backtrace
#0  0x00007fff8653b364 in read ()
#1  0x00000001001635fc in pcap_read_bpf ()
#2  0x000000010016524b in pcap_next ()
#3  0x0000000100012e6f in readip_pcap (pd=0x100201900,  
len=0x7fff5fbfaccc, to_usec=999756, rcvdtime=0x7fff5fbfaca0,  
linknfo=0x7fff5fbfacd0, validate=true) at tcpip.cc:2330
#4  0x0000000100036fd7 in waitForResponses (USI=0x100201410) at  
scan_engine.cc:4414
#5  0x000000010003a8ff in ultra_scan (Targets=@0x7fff5fbfaf00,  
ports=0x100201480, scantype=STYPE_UNKNOWN, to=0x1000c97a4) at  
scan_engine.cc:5280
#6  0x000000010000cd24 in ~vector [inlined] () at targets.cc:429
#7  0x000000010000cd24 in ~vector [inlined] () at /usr/include/c++/ 
4.2.1/bits/stl_vector.h:271
#8  0x000000010000cd24 in massping (hostbatch=0x1, num_hosts=1,  
ports=0x7fff5fbfc740) at targets.cc:429
#9  0x000000010000d3a2 in nexthost (hs=0x10081fc00, exclude_group=0x0,  
ports=0x7fff5fbfc740, pingtype=122) at targets.cc:583
#10 0x0000000100008613 in nmap_main (argc=4, argv=0x7fff5fbffb78) at  
nmap.cc:1722
#11 0x0000000100003bdb in main (argc=4, argv=0x7fff5fbffb78) at  
main.cc:205
(gdb)

It is different from Tom's, but I have no idea what I'm looking at :-)

Walt

On Oct 15, 2009, at 9:03 PM, Tom Sellers wrote:

> David Fifield wrote:
> > cd nmap
> > sudo ./nmap -sP -d9 scanme.nmap.org
> > Find out the PID of the nmap process, then run
> > sudo gdb ./nmap $pid
> > Type "backtrace" to see where in the code it's hanging.
> > David Fifield
>
> Ok, here we go...
>
>
> Reading symbols for shared libraries .+++++.. done
> 0x00007fff813e0364 in read ()
> (gdb) backtrace
> #0  0x00007fff813e0364 in read ()
> #1  0x00000001003465fc in pcap_read_bpf ()
> #2  0x000000010034824b in pcap_next ()
> #3  0x00000001000321ac in readip_pcap (pd=0x100401c40,  
> len=0x7fff5fbfad84, to_usec=999054, rcvdtime=0x7fff5fbface0,  
> linknfo=0x7fff5fbfad90, validate=true) at tcpip.cc:2330
> #4  0x0000000100087166 in get_ping_pcap_result (USI=0x100401710,  
> stime=0x7fff5fbfae10) at scan_engine.cc:4413
> #5  0x000000010008c3e7 in waitForResponses (USI=0x100401710) at  
> scan_engine.cc:4990
> #6  0x00000001000913cb in ultra_scan (Targets=@0x7fff5fbfaf80,  
> ports=0x7fff5fbfc6e0, scantype=PING_SCAN, to=0x1001e8964) at  
> scan_engine.cc:5279
> #7  0x0000000100020152 in massping (hostbatch=0x100820200,  
> num_hosts=1, ports=0x7fff5fbfc6e0) at targets.cc:424
> #8  0x0000000100022e0c in nexthost (hs=0x10081fc00,  
> exclude_group=0x0, ports=0x7fff5fbfc6e0, pingtype=122) at targets.cc: 
> 578
> #9  0x000000010001ab9e in nmap_main (argc=4, argv=0x7fff5fbffc30) at  
> nmap.cc:1716
> #10 0x000000010000b5c5 in main (argc=4, argv=0x7fff5fbffc30) at  
> main.cc:205
> (gdb)
>
>
> Based on my reading of this the code has hung trying to read from  
> the interface.
> Is that correct?  I am surprised that the code would block and not  
> time out.
>
> Should I do anything to increase the visibility into libpcap?
>
> Tom
>
>
>
> _______________________________________________
> Sent through the nmap-dev mailing list
> http://cgi.insecure.org/mailman/listinfo/nmap-dev
> Archived at http://SecLists.Org


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org