Nmap Development mailing list archives
Issues with privileged scan of LAN on Mac OS X
From: Jesper Kückelhahn <dev.kyckel () gmail com>
Date: Sun, 27 Jan 2013 13:01:04 +0100
Hi List, I'm seeing some strange behaviour when running privileged scans against hosts in my LAN. nmap marks the target as being down, but if I run unprivileged, it works fine. This does not happen when scanning external targets. I've checked out previous revisions (back to r30000), to see if it might be a patch that broke something, but I haven't found any differences. Could this issue be caused by a change in OS X ? Unfortunately, I don't have access to previous versions (I'm on 10.8.2), so I can't test if this is the case. Any ideas on why this is happening ? - Jesper -------------------------------------------------------------------------------- $ nmap -d 192.168.1.23 Starting Nmap 6.26SVN ( http://nmap.org ) at 2013-01-27 11:33 CET PORTS: Using top 1000 ports found open (TCP:1000, UDP:0, SCTP:0) --------------- Timing report --------------- hostgroups: min 1, max 100000 rtt-timeouts: init 1000, min 100, max 10000 max-scan-delay: TCP 1000, UDP 1000, SCTP 1000 parallelism: min 0, max 0 max-retries: 10, host-timeout: 0 min-rate: 0, max-rate: 0 --------------------------------------------- Initiating Ping Scan at 11:33 Scanning 192.168.1.23 [2 ports] Completed Ping Scan at 11:33, 0.00s elapsed (1 total hosts) Overall sending rates: 3514.94 packets / s. mass_rdns: Using DNS server xxx mass_rdns: Using DNS server xxx Initiating Parallel DNS resolution of 1 host. at 11:33 mass_rdns: 0.09s 0/1 [#: 2, OK: 0, NX: 0, DR: 0, SF: 0, TR: 1] Completed Parallel DNS resolution of 1 host. at 11:33, 0.09s elapsed DNS resolution of 1 IPs took 0.09s. Mode: Async [#: 2, OK: 0, NX: 1, DR: 0, SF: 0, TR: 1, CN: 0] Initiating Connect Scan at 11:33 Scanning 192.168.1.23 [1000 ports] Discovered open port 8080/tcp on 192.168.1.23 Discovered open port 22/tcp on 192.168.1.23 Discovered open port 995/tcp on 192.168.1.23 Discovered open port 445/tcp on 192.168.1.23 Discovered open port 139/tcp on 192.168.1.23 Discovered open port 110/tcp on 192.168.1.23 Discovered open port 53/tcp on 192.168.1.23 Discovered open port 80/tcp on 192.168.1.23 Discovered open port 993/tcp on 192.168.1.23 Discovered open port 25/tcp on 192.168.1.23 Discovered open port 143/tcp on 192.168.1.23 Discovered open port 5432/tcp on 192.168.1.23 Completed Connect Scan at 11:33, 0.03s elapsed (1000 total ports) Overall sending rates: 29619.98 packets / s. Nmap scan report for 192.168.1.23 Host is up, received syn-ack (0.00081s latency). Scanned at 2013-01-27 11:33:00 CET for 0s Not shown: 988 closed ports Reason: 988 conn-refused PORT STATE SERVICE REASON 22/tcp open ssh syn-ack 25/tcp open smtp syn-ack 53/tcp open domain syn-ack 80/tcp open http syn-ack 110/tcp open pop3 syn-ack 139/tcp open netbios-ssn syn-ack 143/tcp open imap syn-ack 445/tcp open microsoft-ds syn-ack 993/tcp open imaps syn-ack 995/tcp open pop3s syn-ack 5432/tcp open postgresql syn-ack 8080/tcp open http-proxy syn-ack Final times for host: srtt: 808 rttvar: 28 to: 100000 Read from /usr/local/bin/../share/nmap: nmap-payloads nmap-services. Nmap done: 1 IP address (1 host up) scanned in 0.16 seconds -------------------------------------------------------------------------------- $ sudo nmap -ddd 192.168.1.23 Starting Nmap 6.26SVN ( http://nmap.org ) at 2013-01-27 11:34 CET Fetchfile found /usr/local/bin/../share/nmap/nmap-services PORTS: Using top 1000 ports found open (TCP:1000, UDP:0, SCTP:0) Fetchfile found /usr/local/bin/../share/nmap/nmap.xsl The max # of sockets we are using is: 0 --------------- Timing report --------------- hostgroups: min 1, max 100000 rtt-timeouts: init 1000, min 100, max 10000 max-scan-delay: TCP 1000, UDP 1000, SCTP 1000 parallelism: min 0, max 0 max-retries: 10, host-timeout: 0 min-rate: 0, max-rate: 0 --------------------------------------------- doing 0.0.0.0 = 192.168.1.23 Fetchfile found /usr/local/bin/../share/nmap/nmap-payloads Initiating ARP Ping Scan at 11:34 Scanning 192.168.1.23 [1 port] Packet capture filter (device en1): arp and arp[18:4] = 0xE4CE8F35 and arp[22:2] = 0x7D32 SENT (0.0359s) ARP who-has 192.168.1.23 tell 192.168.1.15 **TIMING STATS** (0.0360s): IP, probes active/freshportsleft/retry_stack/outstanding/retranwait/onbench, cwnd/ssthresh/delay, timeout/srtt/rttvar/ Groupstats (1/1 incomplete): 1/*/*/*/*/* 10.00/75/* 200000/-1/-1 Current sending rates: 1315.79 packets / s, 55263.16 bytes / s. Overall sending rates: 1315.79 packets / s, 55263.16 bytes / s. SENT (0.2443s) ARP who-has 192.168.1.23 tell 192.168.1.15 **TIMING STATS** (0.2445s): IP, probes active/freshportsleft/retry_stack/outstanding/retranwait/onbench, cwnd/ssthresh/delay, timeout/srtt/rttvar/ Groupstats (1/1 incomplete): 1/*/*/*/*/* 10.00/75/* 200000/-1/-1 Current sending rates: 9.56 packets / s, 401.42 bytes / s. Overall sending rates: 9.56 packets / s, 401.42 bytes / s. **TIMING STATS** (0.4508s): IP, probes active/freshportsleft/retry_stack/outstanding/retranwait/onbench, cwnd/ssthresh/delay, timeout/srtt/rttvar/ Groupstats (1/1 incomplete): 0/*/*/*/*/* 10.00/75/* 200000/-1/-1 Current sending rates: 4.81 packets / s, 202.13 bytes / s. Overall sending rates: 4.81 packets / s, 202.13 bytes / s. ultrascan_host_probe_update called for machine 192.168.1.23 state UNKNOWN -> HOST_DOWN (trynum 1 time: 217789) Moving 192.168.1.23 to completed hosts list with 1 outstanding probe. Completed ARP Ping Scan at 11:34, 0.43s elapsed (1 total hosts) Overall sending rates: 4.68 packets / s, 196.73 bytes / s. pcap stats: 6 packets received by filter, 0 dropped by kernel. mass_rdns: Using DNS server xxx mass_rdns: Using DNS server xxx Nmap scan report for 192.168.1.23 [host down, received no-response] Read from /usr/local/bin/../share/nmap: nmap-payloads nmap-services. Note: Host seems down. If it is really up, but blocking our ping probes, try -Pn Nmap done: 1 IP address (0 hosts up) scanned in 0.46 seconds Raw packets sent: 2 (56B) | Rcvd: 0 (0B) -------------------------------------------------------------------------------- $ sudo nmap -Pn 192.168.1.23 Starting Nmap 6.26SVN ( http://nmap.org ) at 2013-01-27 12:32 CET Nmap done: 1 IP address (0 hosts up) scanned in 0.51 seconds HomerMac:nmap kyckel$ sudo nmap -Pn -ddd 192.168.1.23 Starting Nmap 6.26SVN ( http://nmap.org ) at 2013-01-27 12:32 CET Fetchfile found /usr/local/bin/../share/nmap/nmap-services PORTS: Using top 1000 ports found open (TCP:1000, UDP:0, SCTP:0) Fetchfile found /usr/local/bin/../share/nmap/nmap.xsl The max # of sockets we are using is: 0 --------------- Timing report --------------- hostgroups: min 1, max 100000 rtt-timeouts: init 1000, min 100, max 10000 max-scan-delay: TCP 1000, UDP 1000, SCTP 1000 parallelism: min 0, max 0 max-retries: 10, host-timeout: 0 min-rate: 0, max-rate: 0 --------------------------------------------- Fetchfile found /usr/local/bin/../share/nmap/nmap-payloads Initiating ARP Ping Scan at 12:32 Scanning 192.168.1.23 [1 port] Packet capture filter (device en1): arp and arp[18:4] = 0xE4CE8F35 and arp[22:2] = 0x7D32 SENT (0.0336s) ARP who-has 192.168.1.23 tell 192.168.1.15 **TIMING STATS** (0.0336s): IP, probes active/freshportsleft/retry_stack/outstanding/retranwait/onbench, cwnd/ssthresh/delay, timeout/srtt/rttvar/ Groupstats (1/1 incomplete): 1/*/*/*/*/* 10.00/75/* 200000/-1/-1 Current sending rates: 1926.78 packets / s, 80924.86 bytes / s. Overall sending rates: 1926.78 packets / s, 80924.86 bytes / s. SENT (0.2394s) ARP who-has 192.168.1.23 tell 192.168.1.15 **TIMING STATS** (0.2396s): IP, probes active/freshportsleft/retry_stack/outstanding/retranwait/onbench, cwnd/ssthresh/delay, timeout/srtt/rttvar/ Groupstats (1/1 incomplete): 1/*/*/*/*/* 10.00/75/* 200000/-1/-1 Current sending rates: 9.68 packets / s, 406.68 bytes / s. Overall sending rates: 9.68 packets / s, 406.68 bytes / s. **TIMING STATS** (0.4478s): IP, probes active/freshportsleft/retry_stack/outstanding/retranwait/onbench, cwnd/ssthresh/delay, timeout/srtt/rttvar/ Groupstats (1/1 incomplete): 0/*/*/*/*/* 10.00/75/* 200000/-1/-1 Current sending rates: 4.82 packets / s, 202.53 bytes / s. Overall sending rates: 4.82 packets / s, 202.53 bytes / s. ultrascan_host_probe_update called for machine 192.168.1.23 state UNKNOWN -> HOST_DOWN (trynum 1 time: 219691) Moving 192.168.1.23 to completed hosts list with 1 outstanding probe. Completed ARP Ping Scan at 12:32, 0.43s elapsed (1 total hosts) Overall sending rates: 4.69 packets / s, 197.11 bytes / s. pcap stats: 3 packets received by filter, 0 dropped by kernel. mass_rdns: Using DNS server xxx mass_rdns: Using DNS server xxx Nmap scan report for 192.168.1.23 [host down, received no-response] Read from /usr/local/bin/../share/nmap: nmap-payloads nmap-services. Nmap done: 1 IP address (0 hosts up) scanned in 0.46 seconds Raw packets sent: 2 (56B) | Rcvd: 0 (0B) -------------------------------------------------------------------------------- $ sudo nmap -Pn -d scanme.nmap.org Starting Nmap 6.26SVN ( http://nmap.org ) at 2013-01-27 12:34 CET PORTS: Using top 1000 ports found open (TCP:1000, UDP:0, SCTP:0) --------------- Timing report --------------- hostgroups: min 1, max 100000 rtt-timeouts: init 1000, min 100, max 10000 max-scan-delay: TCP 1000, UDP 1000, SCTP 1000 parallelism: min 0, max 0 max-retries: 10, host-timeout: 0 min-rate: 0, max-rate: 0 --------------------------------------------- mass_rdns: Using DNS server xxx mass_rdns: Using DNS server xxx Initiating Parallel DNS resolution of 1 host. at 12:34 mass_rdns: 1.18s 0/1 [#: 2, OK: 0, NX: 0, DR: 0, SF: 0, TR: 1] Completed Parallel DNS resolution of 1 host. at 12:34, 1.18s elapsed DNS resolution of 1 IPs took 1.18s. Mode: Async [#: 2, OK: 1, NX: 0, DR: 0, SF: 0, TR: 1, CN: 0] Initiating SYN Stealth Scan at 12:34 Scanning scanme.nmap.org (74.207.244.221) [1000 ports] Packet capture filter (device en1): dst host 192.168.1.15 and (icmp or icmp6 or ((tcp or udp or sctp) and (src host 74.207.244.221))) Increased max_successful_tryno for 74.207.244.221 to 1 (packet drop) Discovered open port 80/tcp on 74.207.244.221 Discovered open port 22/tcp on 74.207.244.221 Increasing send delay for 74.207.244.221 from 0 to 5 due to 11 out of 22 dropped probes since last increase. Increased max_successful_tryno for 74.207.244.221 to 2 (packet drop) SYN Stealth Scan Timing: About 44.12% done; ETC: 12:36 (0:00:39 remaining) Increased max_successful_tryno for 74.207.244.221 to 3 (packet drop) Discovered open port 9929/tcp on 74.207.244.221 Completed SYN Stealth Scan at 12:35, 62.38s elapsed (1000 total ports) Overall sending rates: 17.62 packets / s, 775.24 bytes / s. Nmap scan report for scanme.nmap.org (74.207.244.221) Host is up, received user-set (0.46s latency). Scanned at 2013-01-27 12:34:56 CET for 63s Not shown: 993 closed ports Reason: 993 resets PORT STATE SERVICE REASON 22/tcp open ssh syn-ack 80/tcp open http syn-ack 135/tcp filtered msrpc no-response 139/tcp filtered netbios-ssn no-response 445/tcp filtered microsoft-ds no-response 646/tcp filtered ldp no-response 9929/tcp open nping-echo syn-ack Final times for host: srtt: 459281 rttvar: 47754 to: 650297 Read from /usr/local/bin/../share/nmap: nmap-payloads nmap-services. Nmap done: 1 IP address (1 host up) scanned in 63.59 seconds Raw packets sent: 1099 (48.356KB) | Rcvd: 1036 (41.460KB) _______________________________________________ Sent through the dev mailing list http://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Issues with privileged scan of LAN on Mac OS X Jesper Kückelhahn (Jan 27)
- Re: Issues with privileged scan of LAN on Mac OS X David Fifield (Jan 27)
- Re: Issues with privileged scan of LAN on Mac OS X Jesper Kückelhahn (Jan 27)
- Re: Issues with privileged scan of LAN on Mac OS X Patrik Karlsson (Jan 27)
- Re: Issues with privileged scan of LAN on Mac OS X Jesper Kückelhahn (Jan 28)
- Re: Issues with privileged scan of LAN on Mac OS X Jesper Kückelhahn (Jan 27)
- Re: Issues with privileged scan of LAN on Mac OS X David Fifield (Jan 27)