Nmap Development mailing list archives

Re: 'nmap -S <src_addr>' does not use 'iproute2' alternate routing table

From: starlight.2012q3 () binnacle cx
Date: Mon, 10 Sep 2012 16:22:20 -0400

At 01:08 PM 9/10/2012 -0700, David Fifield wrote:

On Thu, Aug 23, 2012 at 09:53:24PM -0400, 
starlight.2012q3 () binnacle cx wrote:


$ ip rule show
0:      from all lookup local
32764:  from 172.29.86.4 lookup eth4  # SEARCH ETH4 TABLE
32765:  from 172.29.79.1 lookup eth5
32766:  from all lookup main
32767:  from all lookup default

$ ip route show table eth4
172.29.79.0/24 dev eth5  scope link
172.29.88.0/24 dev eth1  scope link
172.29.87.0/24 dev eth0  scope link
172.29.86.0/24 dev eth4  scope link  src 172.29.86.4
127.0.0.0/8 dev lo  scope link
default via 172.29.86.1 dev eth4     # ROUTE THIS WAY

$ ip route show table main
172.29.79.0/24 dev eth5  scope link  src 172.29.79.1
172.29.91.0/24 via 172.29.83.6 dev tun0
172.29.88.0/24 dev eth1  scope link  src 172.29.88.1
172.29.87.0/24 dev eth0  scope link  src 172.29.87.1
172.29.86.0/24 dev eth4  scope link  src 172.29.86.4
172.29.85.0/24 dev tun1  scope link  src 172.29.85.1
172.29.83.0/24 dev tun0  scope link  src 172.29.83.1
172.29.82.0/24 dev tun2  scope link  src 172.29.82.1
172.29.81.0/24 dev tun3  scope link  src 172.29.81.1
default via 172.29.79.2 dev eth5


Can you point out which parts of this configuration should cause 
a source address of 172.29.87.84 to route through eth4? The 
closest I can guess is from "ip rule show",

32764:  from 172.29.86.4 lookup eth4


Yes, this rule says search the 'eth4' table
when the source address is matched.  Is
before the catchall table entry 'main'.


But that address 172.29.86.4 doesn't match
the 172.29.86.84 used in your Nmap command.
Was that just a typo?


Yes, typo.  Should be

# nmap -e eth4 -S 172.29.86.84 <target>

Re-checked it just to be sure.  Traffic
goes out 'eth5' instead of 'eth4'
and is directed to the MAC address of
the 172.29.79.2 router IP.
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

Current thread:

'nmap -S <src_addr>' does not use 'iproute2' alternate routing table starlight . 2012q3 (Aug 23)
- Re: 'nmap -S <src_addr>' does not use 'iproute2' alternate routing table starlight . 2012q3 (Aug 28)
- Re: 'nmap -S <src_addr>' does not use 'iproute2' alternate routing table David Fifield (Sep 10)
  - Re: 'nmap -S <src_addr>' does not use 'iproute2' alternate routing table David Fifield (Sep 10)
    - Re: 'nmap -S <src_addr>' does not use 'iproute2' alternate routing table starlight . 2012q3 (Sep 10)
    - Re: 'nmap -S <src_addr>' does not use 'iproute2' alternate routing table David Fifield (Sep 10)
  - Re: 'nmap -S <src_addr>' does not use 'iproute2' alternate routing table starlight . 2012q3 (Sep 10)
    - Re: 'nmap -S <src_addr>' does not use 'iproute2' alternate routing table David Fifield (Sep 10)
    - Re: 'nmap -S <src_addr>' does not use 'iproute2' alternate routing table starlight . 2012q3 (Sep 10)