Nmap Development mailing list archives

Re: 'nmap -S <src_addr>' does not use 'iproute2' alternate routing table

From: David Fifield <david () bamsoftware com>
Date: Tue, 11 Sep 2012 20:49:18 -0700

On Tue, Sep 11, 2012 at 11:41:07AM -0700, David Fifield wrote:

On Tue, Sep 11, 2012 at 01:38:10PM -0400, starlight.2012q3 () binnacle cx wrote:

At 07:13 PM 9/10/2012 -0700, David Fifield wrote:

Please try this patch, with both --send-ip and --send-eth.
The patch causes route_dst_netlink to add extra specifiers
for the source address.


Cool.  It works as desired with --send-eth, but
not with --send-ip.  The commands used (carefully
pasted) were

   nmap -e eth4 -S 172.29.86.4 --send-eth -Pn 69.160.42.66

and

   nmap -e eth4 -S 172.29.86.4 --send-ip -Pn 69.160.42.66

(Destination address is spammer IP)

When the above lines have --route_dst and --iflist
added the results look the same as before.  I see
in the patch that 'nmap' is making use of a Linux
kernel routing facility when actually sending
packets.

With --send-ip traffic is sent out 'eth5' and
is directed to the MAC of the 172.29.79.2
router address for that link.


That's good to hear. We are making progress. I've committed this patch
that makes --send-eth work. I will look at why --send-ip does not choose
the same route.


This seems to be working for me now; please check if it is for you. This
is the test configuration I set up:

$ ip rule show
0:      from all lookup local
32765:  from 172.29.86.4 lookup 14
32766:  from all lookup main
32767:  from all lookup default

$ ip route show table 14
default via 192.168.0.2 dev br0
172.29.86.0/24 dev eth0  scope link  src 172.29.86.4

$ ip route show table main
default via 192.168.0.1 dev br0
172.29.0.0/16 dev eth0  proto kernel  scope link  src 172.29.86.4
192.168.0.0/24 dev br0  proto kernel  scope link  src 192.168.0.21

$ ./nmap -S 172.29.86.4 -e eth0 --route-dst scanme.nmap.org
74.207.244.221
eth0 eth0 srcaddr 172.29.86.4 nexthop 192.168.0.2

Both --send-ip and --send-eth try to route through 192.168.0.2, and I
can see in tcpdump that it is sending packet's to that IP address's QEMU
MAC address. I think --send-ip needed a little time for an ARP entry to
expire or something.

David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

Current thread:

Re: 'nmap -S <src_addr>' does not use 'iproute2' alternate routing table starlight . 2012q3 (Sep 10)
- Re: 'nmap -S <src_addr>' does not use 'iproute2' alternate routing table David Fifield (Sep 10)
- <Possible follow-ups>
- Re: 'nmap -S <src_addr>' does not use 'iproute2' alternate routing table starlight . 2012q3 (Sep 10)
  - Re: 'nmap -S <src_addr>' does not use 'iproute2' alternate routing table David Fifield (Sep 10)
    - Re: 'nmap -S <src_addr>' does not use 'iproute2' alternate routing table starlight . 2012q3 (Sep 10)
    - Re: 'nmap -S <src_addr>' does not use 'iproute2' alternate routing table David Fifield (Sep 10)
    - Re: 'nmap -S <src_addr>' does not use 'iproute2' alternate routing table starlight . 2012q3 (Sep 10)
    - Re: 'nmap -S <src_addr>' does not use 'iproute2' alternate routing table David Fifield (Sep 10)
    - Re: 'nmap -S <src_addr>' does not use 'iproute2' alternate routing table starlight . 2012q3 (Sep 11)
    - Re: 'nmap -S <src_addr>' does not use 'iproute2' alternate routing table David Fifield (Sep 11)
    - Re: 'nmap -S <src_addr>' does not use 'iproute2' alternate routing table David Fifield (Sep 11)
- Re: 'nmap -S <src_addr>' does not use 'iproute2' alternate routing table starlight . 2012q3 (Sep 10)
- Re: 'nmap -S <src_addr>' does not use 'iproute2' alternate routing table starlight . 2012q3 (Sep 10)