Nmap Development mailing list archives
Re: Issue with nmap identifying aliased interfaces
From: Donovan Lampa <donovan.lampa () gmail com>
Date: Tue, 17 Dec 2013 09:26:31 -0600
Understandable. I appreciate your time. I realize everyone's busy, but in your (or others') opinion, how complex of a fix does this look like? How much time do you think it would take to get a patch together if someone familiar with the codebase put one together? If possible, I'd like to help out and get this fixed, and I think I'm looking in the right place so far (maybe we can take this off-list as well from here if necessary), but would you or someone on this list be able to point me in the right direction to get started on a fix? Maybe I can get a patch together in a reasonable amount of time... Maybe. In any case, any guidance would be appreciated. -Donovan On Sat, Dec 14, 2013 at 7:42 AM, Daniel Miller <bonsaiviking () gmail com>wrote:
I can confirm this on Linux Mint. At least one problem seems to be the use of the /proc/net/dev file for gathering interfaces, since that file doesn't show aliases. I don't have time to debug more, but I will try to help as time permits. Dan On Fri, Dec 13, 2013 at 11:56 AM, Donovan Lampa <donovan.lampa () gmail com> wrote:Hey all, In nmap 6.40, I'm having some issues with nmap being able to identify aliased interfaces correctly. On Centos5 I have an alias interface configured: [root@localhost nmap-6.40-install]# /sbin/ifconfig eth0 Link encap:Ethernet HWaddr 00:0C:29:DD:6A:5E inet addr:172.16.209.139 Bcast:172.16.209.255Mask:255.255.255.0UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:98468 errors:0 dropped:0 overruns:0 frame:0 TX packets:85230 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:46335310 (44.1 MiB) TX bytes:6116459 (5.8 MiB) eth0:0 Link encap:Ethernet HWaddr 00:0C:29:DD:6A:5E inet addr:172.16.209.140 Bcast:172.16.255.255Mask:255.255.0.0UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:2169 errors:0 dropped:0 overruns:0 frame:0 TX packets:2169 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:2333206 (2.2 MiB) TX bytes:2333206 (2.2 MiB) Nmap seems to identify it as a primary interface instead of an alias even though it has the same mac address. It just seems to truncate the ':0' [root@localhost nmap-6.40-install]# bin/nmap --iflist Starting Nmap 6.40 ( http://nmap.org ) at 2013-12-13 11:50 CST ************************INTERFACES************************ DEV (SHORT) IP/MASK TYPE UP MTU MAC lo (lo) 127.0.0.1/8 loopback up 16436 eth0 (eth0) 172.16.209.139/24 ethernet up 1500 00:0C:29:DD:6A:5E eth0 (eth0) 172.16.209.140/16 ethernet up 1500 00:0C:29:DD:6A:5E **************************ROUTES************************** DST/MASK DEV METRIC GATEWAY 172.16.209.0/24 eth0 0 172.16.0.0/16 eth0 0 169.254.0.0/16 eth0 0 0.0.0.0/0 eth0 0 172.16.209.2 This has some undesirable results when specifying the interface andsourceaddress for specific types of scans [root@localhost nmap-6.40-install]# bin/nmap -e eth0:0 -S 172.16.209.140 10.70.244.44 WARNING: If -S is being used to fake your source address, you may alsohaveto use -e <interface> and -Pn . If you are using it to specify your real source address, you can ignore this warning. Starting Nmap 6.40 ( http://nmap.org ) at 2013-12-13 11:54 CST Could not find interface eth0:0 which was specified by -e Earlier versions of nmap (i.e. the one provided by Centos Base) don'tseemto have this issue. [root@localhost nmap-6.40-install]# nmap --iflist Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-12-1311:51 CST************************INTERFACES************************ DEV (SHORT) IP/MASK TYPE UP MAC lo (lo) 127.0.0.1/8 loopback up eth0 (eth0) 172.16.209.139/24 ethernet up 00:0C:29:DD:6A:5E eth0:0 (eth0) 172.16.209.140/16 ethernet up 00:0C:29:DD:6A:5E **************************ROUTES************************** DST/MASK DEV GATEWAY 172.16.209.0/0 eth0 172.16.0.0/0 eth0 169.254.0.0/0 eth0 0.0.0.0/0 eth0 172.16.209.2 [root@localhost nmap-6.40-install]# nmap -e eth0:0 -S 172.16.209.140 10.70.244.44 WARNING: If -S is being used to fake your source address, you may also have to use -e <interface> and -P0 . If you are using it to specify your real source address, you can ignore this warning. Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-12-1311:55 CSTStats: 0:00:12 elapsed; 0 hosts completed (1 up), 1 undergoing SYNStealthScan SYN Stealth Scan Timing: About 85.87% done; ETC: 11:55 (0:00:01remaining)Interesting ports on scantest-centos5-01.tw-test.net (10.70.244.44): Not shown: 1678 closed ports PORT STATE SERVICE 22/tcp open ssh 80/tcp open http Nmap finished: 1 IP address (1 host up) scanned in 13.911 seconds I think I've tracked it down to the collect_dnet_interfaces loop in libnetutil/netutil.cc but I'm kind of stumped there. Am I missing something? Doing something wrong? Any thoughts? -Donovan _______________________________________________ Sent through the dev mailing list http://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
_______________________________________________ Sent through the dev mailing list http://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Issue with nmap identifying aliased interfaces Donovan Lampa (Dec 13)
- Re: Issue with nmap identifying aliased interfaces Daniel Miller (Dec 14)
- Re: Issue with nmap identifying aliased interfaces Donovan Lampa (Dec 17)
- Re: Issue with nmap identifying aliased interfaces Daniel Miller (Dec 14)