Nmap Development mailing list archives
Re: Nmap does not perform reliable scans on Solaris 11
From: David Fifield <david () bamsoftware com>
Date: Tue, 20 Mar 2012 00:26:37 -0700
On Sat, May 21, 2011 at 12:08:19AM -0700, David Fifield wrote:
On Mon, May 16, 2011 at 08:46:06PM +0200, Giovanni Schmid wrote:Hi, I tested Nmap 5.21 on Oracle Solaris 11 and found that it only apparently works. Actually, many different scan sessions (with different options and targets) got wrong results. For ex., the following scan is related to a host with 22/tcp (SSH) and 111/tcp (rpcbind) open; however the two services are not detected. Morever, turning off the -PN option results in an host apparently blocking up ping probes. This is not the case, instead. # nmap -A 172.16.3.42 Starting Nmap 5.21 ( http://nmap.org/ ) at 2011-05-16 20:13 CEST Note: Host seems down. If it is really up, but blocking our ping probes, try -PN Nmap done: 1 IP address (0 hosts up) scanned in 3.60 seconds # nmap -PN -A 172.16.3.42 Starting Nmap 5.21 ( http://nmap.org/ ) at 2011-05-16 20:14 CEST Nmap scan report for 172.16.3.42 Host is up. All 1000 scanned ports on 172.16.3.42 are filtered Too many fingerprints match this host to give specific OS details TRACEROUTE (using proto 1/icmp) HOP RTT ADDRESS 1 ... 30 # nmap -PN -sS 172.16.3.42 Starting Nmap 5.21 ( http://nmap.org/ ) at 2011-05-16 20:34 CEST Nmap scan report for 172.16.3.42 Host is up. All 1000 scanned ports on 172.16.3.42 are filtered Nmap done: 1 IP address (1 host up) scanned in 201.16 secondsThank you for reporting this. We need some more information from you. Do the wrong results happen every time, or only sometimes? Is it only this IP address that has the problem, or other LAN addresses, or all addresses? It looks like you are getting no reponses at all from the target. Is there a firewall or something similar in the way? What output do you see when you run the command ssh -v 172.16.3.42
I recently had occasion to do some additional testing on Solaris, and what I found is that Solaris 11 uses a different packet capture than Solaris 10 does. Namely Solaris 11 uses BPF and Solaris 10 uses DLPI. This means that we need to activate our platform-specific code that knows about BPF on this platform. The attached patch was enough to make it work for me. I will add a TODO item to install a more permanent fix. David Fifield
Attachment:
solaris-11-selectable-fd.patch
Description:
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Re: Nmap does not perform reliable scans on Solaris 11 David Fifield (Mar 20)