Nmap Development mailing list archives
Re: OS X 10.6 Problems with privileged scans
From: Walt Scrivens <walts () gate net>
Date: Fri, 23 Oct 2009 10:47:11 -0400
Here's the log.The pcap_next() call is in line 2 but I have no idea what line 3 means :-(
Walt =============================== testcomputer:~ walts$ sudo gdb ./nmap 1624GNU gdb 6.3.50-20050815 (Apple version gdb-1344) (Fri Jul 3 01:19:56 UTC 2009)
Copyright 2004 Free Software Foundation, Inc.GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.There is absolutely no warranty for GDB. Type "show warranty" for details. This GDB was configured as "x86_64-apple-darwin"..../nmap: No such file or directory
/Users/walts/1624: No such file or directory Attaching to process 1624. Reading symbols for shared libraries . done Reading symbols for shared libraries .......... done 0x00007fff838e9364 in read () (gdb) backtrace #0 0x00007fff838e9364 in read () #1 0x00000001001635fc in pcap_read_bpf () #2 0x000000010016524b in pcap_next ()#3 0x0000000100012e6f in readip_pcap (pd=0x100201900, len=0x7fff5fbfaccc, to_usec=998850, rcvdtime=0x7fff5fbfaca0, linknfo=0x7fff5fbfacd0, validate=true) at tcpip.cc:2330 #4 0x0000000100036fd7 in waitForResponses (USI=0x100201410) at scan_engine.cc:4414 #5 0x000000010003a8ff in ultra_scan (Targets=@0x7fff5fbfaf00, ports=0x100201480, scantype=STYPE_UNKNOWN, to=0x1000c97a4) at scan_engine.cc:5280
#6 0x000000010000cd24 in ~vector [inlined] () at targets.cc:429#7 0x000000010000cd24 in ~vector [inlined] () at /usr/include/c++/ 4.2.1/bits/stl_vector.h:271 #8 0x000000010000cd24 in massping (hostbatch=0x1, num_hosts=1, ports=0x7fff5fbfc740) at targets.cc:429 #9 0x000000010000d3a2 in nexthost (hs=0x10081fc00, exclude_group=0x0, ports=0x7fff5fbfc740, pingtype=122) at targets.cc:583 #10 0x0000000100008613 in nmap_main (argc=4, argv=0x7fff5fbffb78) at nmap.cc:1722 #11 0x0000000100003bdb in main (argc=4, argv=0x7fff5fbffb78) at main.cc:205
(gdb) On Oct 23, 2009, at 10:00 AM, David Fifield wrote:
On Thu, Oct 15, 2009 at 09:49:20PM -0400, SCRIVENS WALTER wrote:I've been dealing with this from version 5.05 BETA1, and I have the samesymptoms as Tom. I have no problem with nmap version 5.0I have no problem with Wireshark version 1.2.0 under OS X 10.6.1 once Iapplied the recommended patch, sudo chmod g+w /dev/bpf* Here is the backtrace from my nmap5.05BETA1: Reading symbols for shared libraries .++++++.. done 0x00007fff8653b364 in read () (gdb) backtrace #0 0x00007fff8653b364 in read () #1 0x00000001001635fc in pcap_read_bpf () #2 0x000000010016524b in pcap_next ()#3 0x0000000100012e6f in readip_pcap (pd=0x100201900, len=0x7fff5fbfaccc, to_usec=999756, rcvdtime=0x7fff5fbfaca0, linknfo=0x7fff5fbfacd0, validate=true) at tcpip.cc:2330 #4 0x0000000100036fd7 in waitForResponses (USI=0x100201410) at scan_engine.cc:4414 #5 0x000000010003a8ff in ultra_scan (Targets=@0x7fff5fbfaf00, ports=0x100201480, scantype=STYPE_UNKNOWN, to=0x1000c97a4) at scan_engine.cc:5280#6 0x000000010000cd24 in ~vector [inlined] () at targets.cc:429#7 0x000000010000cd24 in ~vector [inlined] () at /usr/include/c++/ 4.2.1/bits/stl_vector.h:271 #8 0x000000010000cd24 in massping (hostbatch=0x1, num_hosts=1, ports=0x7fff5fbfc740) at targets.cc:429 #9 0x000000010000d3a2 in nexthost (hs=0x10081fc00, exclude_group=0x0, ports=0x7fff5fbfc740, pingtype=122) at targets.cc:583 #10 0x0000000100008613 in nmap_main (argc=4, argv=0x7fff5fbffb78) at nmap.cc:1722 #11 0x0000000100003bdb in main (argc=4, argv=0x7fff5fbffb78) at main.cc:205(gdb)It is different from Tom's, but I have no idea what I'm looking at :-)I have a suspicion of where the hang might be occurring. It might happenwhere pcap_next is called for an unknown datalink type. Can you tryrunning the attached patch? Just save it in your nmap working directoryand run patch -p0 < pcap_datalink_log.diffThen run a scan using the -d option to see the extra log messages. Whatwe're looking for are messages along the lines of pcap_datalink returned unknown datalink type %d a pcap_next David Fifield< pcap_datalink_log.diff>_______________________________________________Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- OS X 10.6 Problems with privileged scans Tom Sellers (Oct 15)
- Re: OS X 10.6 Problems with privileged scans David Fifield (Oct 15)
- Re: OS X 10.6 Problems with privileged scans Tom Sellers (Oct 15)
- Re: OS X 10.6 Problems with privileged scans SCRIVENS WALTER (Oct 15)
- Re: OS X 10.6 Problems with privileged scans David Fifield (Oct 15)
- Re: OS X 10.6 Problems with privileged scans - data from version 5.0 Tom Sellers (Oct 15)
- Re: OS X 10.6 Problems with privileged scans - data from version 5.0 Walt Scrivens (Oct 16)
- Re: OS X 10.6 Problems with privileged scans Tom Sellers (Oct 15)
- Re: OS X 10.6 Problems with privileged scans David Fifield (Oct 23)
- Re: OS X 10.6 Problems with privileged scans Walt Scrivens (Oct 23)
- Re: OS X 10.6 Problems with privileged scans David Fifield (Oct 23)
- Re: OS X 10.6 Problems with privileged scans Walt Scrivens (Oct 23)
- Re: OS X 10.6 Problems with privileged scans David Fifield (Oct 23)
- Re: OS X 10.6 Problems with privileged scans Walt Scrivens (Oct 23)
- Re: OS X 10.6 Problems with privileged scans Tom Sellers (Oct 23)
- Re: OS X 10.6 Problems with privileged scans Walt Scrivens (Oct 23)
- Re: OS X 10.6 Problems with privileged scans David Fifield (Oct 15)
- OS X 10.6 diagnosis: pcap timeout and bpf device access David Fifield (Nov 07)
- Re: OS X 10.6 diagnosis: pcap timeout and bpf device access Walt Scrivens (Nov 07)