RE: nmap not working properly...showing ports as filtered, but ncat banner grab works

["Joseph McCray" <joe () strategicsec com>]

Like I said, I think that I was unclear in my previous post. I don't think
nmap is broken, I believe that I have a misconfiguration somewhere.

I just attempted to build from svn.

Now I keep getting the following error:

route_dst_netlink: can't find interface "venet0"

Googling the error helped me find some people with similar proplems:

http://zitstif.no-ip.org/?p=581
http://old.nabble.com/Re%3A-ARP-scan-%28-%29-bug-in-Nmap-5.59BETA1-p32390886
.html


Most similar to my issue:
http://talk.maemo.org/archive/index.php/t-48673.html

A generic scan with no options will run as a regular user, but not as root.

# ./nmap --iflist

Starting Nmap 5.61TEST4 ( http://nmap.org ) at 2012-01-16 16:30 EST
INTERFACES: NONE FOUND(!)
ROUTES: NONE FOUND(!)
root@shrek:/toolz/nmap-source# su j0e

$ ./nmap --iflist

Starting Nmap 5.61TEST4 ( http://nmap.org ) at 2012-01-16 16:31 EST
INTERFACES: NONE FOUND(!)
ROUTES: NONE FOUND(!)

Joe McCray

Toll Free:             1-866-892-2132            
Email:                 joe () strategicsec com
LinkedIn:              http://www.linkedin.com/in/joemccray
Twitter:               http://twitter.com/j0emccray
Slideshare:            http://www.slideshare.net/joemccray
GPG Key:               http://strategicsec.com/JoeStrategicSec_Public.key
Website:               http://strategicsec.com



When NASA began the launch of astronauts into space, they found out that
the pens wouldn't work at zero gravity (ink won't flow down to the
writing surface). To solve this problem, it took them one decade and $12
million. They developed a pen that worked at zero gravity, upside down,
underwater, in practically any surface including crystal and in a
temperature range from below freezing to over 300 degrees C. 

And what did the Russians do...?? They used a pencil.


-----Original Message-----
From: David Fifield [mailto:david () bamsoftware com] 
Sent: Monday, January 16, 2012 2:19 PM
To: Joseph McCray
Cc: nmap-dev () insecure org
Subject: Re: nmap not working properly...showing ports as filtered, but ncat
banner grab works

On Mon, Jan 16, 2012 at 03:59:54AM -0500, Joseph McCray wrote:
> Building a box right now. Any IP that I scan comes back as ports being
> filtered, but ncat allows me to bannergrab the host. 
>
> Never seen that before. It does this for any port on any IP - ncat
> bannergrab works, but not a portscan. Any ideas?
>
> root@shrek:~# ncat 69.163.181.91 22     <-- This works fine
> SSH-2.0-OpenSSH_5.1p1 Debian-5
>
> root@shrek:~# nmap -PN -sV -p 22 69.163.181.91             <-- This
doesn't
> work - always shows filtered
>
> PORT   STATE    SERVICE
> 22/tcp filtered ssh

Try the --packet-trace option to see what is being sent and received.

Is it only this target that has the problem, or all targets from your
particular scanning machine?

If it is only this one target, try to get a packet capture ("tcpdump -w
dump.pcap host 69.163.181.91").

David Fifield

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/