Nmap Development mailing list archives
Re: nmap: [REGRESSION 5.00-3 -> 6.00-0.3] -sP fails with "nexthost: failed to determine route to X.X.X.X"
From: David Fifield <david () bamsoftware com>
Date: Tue, 6 Aug 2013 17:08:14 -0700
On Tue, Aug 06, 2013 at 10:30:26AM +0300, Timo Juhani Lindfors wrote:
David Fifield <david () bamsoftware com> writes:Another thing to try: The --route-dst option makes Nmap make a routing decision, without sending pings or any other traffic. Try something like sudo nmap --route-dst 10.7.24.1 and see if it increases the number of ARP entries in the cache. If so, we will have the problem localized closely.It does: $ for i in $(seq 20 30); do sudo nmap --route-dst 10.7.24.$i > /dev/null 2>&1; ip ntable show dev eth0 name arp_cache | grep refcnt; done refcnt 17 reachable 26920 base_reachable 30000 retrans 1000 refcnt 18 reachable 26920 base_reachable 30000 retrans 1000 refcnt 19 reachable 26920 base_reachable 30000 retrans 1000 refcnt 20 reachable 26920 base_reachable 30000 retrans 1000
Thanks for this. I think I have traced down the commit where it started, r24413. In this commit, we connect a dummy SOCK_DGRAM socket in order to find out what the kernel thinks our source address should be. I found that it is exactly at the call to connect in get_srcaddr that an ARP cache entry gets added. You can try reproducing it yourself with this Python program: import socket import sys s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM, 0) s.connect((sys.argv[1], 1234)) s.close() You should see the cache size change when calling this program with different IP addresses as arguments. I was able to reproduce the problem on Debian wheezy (Linux 3.2) with Nmap 6.00 and 6.40. But: I do not get the problem on Debian testing (currently Linux 3.9) with any version of Nmap. I don't know the best thing to do here--r24413 fixed another bug, and newer releases of Linux don't seem to have the problem. Can you think of other ways to fix it? Perhaps there is a netlink interface to find out the recommended source address? A workaround is to use the -S option (source address). David Fifield _______________________________________________ Sent through the dev mailing list http://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- nmap: [REGRESSION 5.00-3 -> 6.00-0.3] -sP fails with "nexthost: failed to determine route to X.X.X.X" Timo Juhani Lindfors (Jul 05)
- Re: nmap: [REGRESSION 5.00-3 -> 6.00-0.3] -sP fails with "nexthost: failed to determine route to X.X.X.X" David Fifield (Jul 31)
- Re: nmap: [REGRESSION 5.00-3 -> 6.00-0.3] -sP fails with "nexthost: failed to determine route to X.X.X.X" Daniel Miller (Jul 31)
- Re: nmap: [REGRESSION 5.00-3 -> 6.00-0.3] -sP fails with "nexthost: failed to determine route to X.X.X.X" David Fifield (Jul 31)
- Re: nmap: [REGRESSION 5.00-3 -> 6.00-0.3] -sP fails with "nexthost: failed to determine route to X.X.X.X" Timo Juhani Lindfors (Aug 06)
- Re: nmap: [REGRESSION 5.00-3 -> 6.00-0.3] -sP fails with "nexthost: failed to determine route to X.X.X.X" Daniel Miller (Jul 31)
- Re: nmap: [REGRESSION 5.00-3 -> 6.00-0.3] -sP fails with "nexthost: failed to determine route to X.X.X.X" Timo Juhani Lindfors (Aug 06)
- Re: nmap: [REGRESSION 5.00-3 -> 6.00-0.3] -sP fails with "nexthost: failed to determine route to X.X.X.X" David Fifield (Aug 06)
- Re: nmap: [REGRESSION 5.00-3 -> 6.00-0.3] -sP fails with "nexthost: failed to determine route to X.X.X.X" David Fifield (Jul 31)