Nmap Development mailing list archives
Re: nmap: [REGRESSION 5.00-3 -> 6.00-0.3] -sP fails with "nexthost: failed to determine route to X.X.X.X"
From: David Fifield <david () bamsoftware com>
Date: Tue, 6 Aug 2013 17:08:14 -0700
On Tue, Aug 06, 2013 at 10:30:26AM +0300, Timo Juhani Lindfors wrote:
David Fifield <david () bamsoftware com> writes:Another thing to try: The --route-dst option makes Nmap make a routing decision, without sending pings or any other traffic. Try something like sudo nmap --route-dst 10.7.24.1 and see if it increases the number of ARP entries in the cache. If so, we will have the problem localized closely.It does: $ for i in $(seq 20 30); do sudo nmap --route-dst 10.7.24.$i > /dev/null 2>&1; ip ntable show dev eth0 name arp_cache | grep refcnt; done refcnt 17 reachable 26920 base_reachable 30000 retrans 1000 refcnt 18 reachable 26920 base_reachable 30000 retrans 1000 refcnt 19 reachable 26920 base_reachable 30000 retrans 1000 refcnt 20 reachable 26920 base_reachable 30000 retrans 1000
Thanks for this. I think I have traced down the commit where it started,
r24413. In this commit, we connect a dummy SOCK_DGRAM socket in order to
find out what the kernel thinks our source address should be. I found
that it is exactly at the call to connect in get_srcaddr that an ARP
cache entry gets added.
You can try reproducing it yourself with this Python program:
import socket
import sys
s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM, 0)
s.connect((sys.argv[1], 1234))
s.close()
You should see the cache size change when calling this program with
different IP addresses as arguments.
I was able to reproduce the problem on Debian wheezy (Linux 3.2) with
Nmap 6.00 and 6.40. But: I do not get the problem on Debian testing
(currently Linux 3.9) with any version of Nmap.
I don't know the best thing to do here--r24413 fixed another bug, and
newer releases of Linux don't seem to have the problem. Can you think of
other ways to fix it? Perhaps there is a netlink interface to find out
the recommended source address?
A workaround is to use the -S option (source address).
David Fifield
_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/
Current thread:
- nmap: [REGRESSION 5.00-3 -> 6.00-0.3] -sP fails with "nexthost: failed to determine route to X.X.X.X" Timo Juhani Lindfors (Jul 05)
- Re: nmap: [REGRESSION 5.00-3 -> 6.00-0.3] -sP fails with "nexthost: failed to determine route to X.X.X.X" David Fifield (Jul 31)
- Re: nmap: [REGRESSION 5.00-3 -> 6.00-0.3] -sP fails with "nexthost: failed to determine route to X.X.X.X" Daniel Miller (Jul 31)
- Re: nmap: [REGRESSION 5.00-3 -> 6.00-0.3] -sP fails with "nexthost: failed to determine route to X.X.X.X" David Fifield (Jul 31)
- Re: nmap: [REGRESSION 5.00-3 -> 6.00-0.3] -sP fails with "nexthost: failed to determine route to X.X.X.X" Timo Juhani Lindfors (Aug 06)
- Re: nmap: [REGRESSION 5.00-3 -> 6.00-0.3] -sP fails with "nexthost: failed to determine route to X.X.X.X" Daniel Miller (Jul 31)
- Re: nmap: [REGRESSION 5.00-3 -> 6.00-0.3] -sP fails with "nexthost: failed to determine route to X.X.X.X" Timo Juhani Lindfors (Aug 06)
- Re: nmap: [REGRESSION 5.00-3 -> 6.00-0.3] -sP fails with "nexthost: failed to determine route to X.X.X.X" David Fifield (Aug 06)
- Re: nmap: [REGRESSION 5.00-3 -> 6.00-0.3] -sP fails with "nexthost: failed to determine route to X.X.X.X" David Fifield (Jul 31)