Re: nmap errors on *BSDs (noted on NetBSD and MacOSX, so far) (traceroute)

[Fredrik Pettai <pettai () nordu net>]

On Mar 23, 2010, at 6:30 PM, David Fifield wrote:
> On Tue, Mar 23, 2010 at 06:19:34PM +0100, Fredrik Pettai wrote:
> > On Mar 23, 2010, at 5:57 PM, David Fifield wrote:
> > > On Tue, Mar 23, 2010 at 05:28:29PM +0100, Fredrik Pettai wrote:
> > > > I've noted two problems that has surfaced in between the release of
> > > > nmap 5.00 (2009-07-15) -> 5.10BETA1 (2009-11-23).
> > > >
> > > > First one, traceroute doesn't work any more on *BSD system. I've
> > > > verified this on NetBSD, Mac OS X (I haven't verified OpenBSD, but
> > > > this probably broken there as well). FreeBSD status is unknown.
> > >
> > > Thanks for taking the time to report this. Please post the output
> > > that you see. Make sure to run Nmap with the -d option to get
> > > debugging output. I tested just now and traceroute works for me on  
> > > OS
> > > X (with  the latest SVN version; I didn't test 5.10BETA1).
> >
> > I haven't tested the SVN version but 5.21 still fails both for NetBSD
> > and MacOSX (Leopard).
> > I started with 5.21 first on both platforms and backed back as long  
> > as I
> > could towards 5.00 where the problems wheren't present.
> > (I used the released tarballs, hence I noted that it was present in
> > 5.10BETA1).
> >
> > Here is debug output from a NetBSD host:
> >
> > -bash-4.0$ nmap -d --traceroute ping.sunet.se
> >
> > Starting Nmap 5.21 ( http://nmap.org ) at 2010-03-23 18:05 CET
> > Warning: Traceroute does not support idle or connect scan,  
> > disabling...
> > PORTS: Using top 1000 ports found open (TCP:1000, UDP:0, SCTP:0)
>
> The answer here is the line "Warning: Traceroute does not support idle
> or connect scan, disabling...". Traceroute needs to be run as root.  
> This
> has surprised me more than once too. Maybe we should treat this as a
> fatal error, just like when someone asks for -O as a non-root user?

Yes, why not. I not more helpful to get a portscan then you asked for  
a traceroute, rather the opposite:

$ nmap --traceroute ping.sunet.se

Starting Nmap 5.21 ( http://nmap.org ) at 2010-03-23 21:11 CET
Warning: Traceroute does not support idle or connect scan, disabling...
Nmap scan report for ping.sunet.se (192.36.125.18)
Host is up (0.00025s latency).
Not shown: 995 closed ports
PORT      STATE SERVICE
22/tcp    open  ssh
25/tcp    open  smtp
5666/tcp  open  nrpe
13782/tcp open  netbackup
13783/tcp open  netbackup

Re,
/P
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/