Nmap Development mailing list archives
Nmap on OpenBSD
From: Kent Fritz <kfritz () wolfman devio us>
Date: Thu, 12 Jun 2014 00:40:14 -0400
I believe it's broken (and has been for some time). http://marc.info/?t=140175047900002&r=1&w=2 See below for a more detailed trace. You can see that the ARP is sent twice and the timestamp on the RCVD is from the first ARP. Similar result with the SYN packets. The tcpdump shows all packets being sent and received. So, something is going fishy in the libpcap? Does anyone have any ideas where to start looking? This sample is from a KVM VM, but I get the same results from real hardware i386, amd64, and sparc64. Thanks, Kent. # nmap -Pn -sS -p22,9000 -packet-trace -n 192.168.1.120 Starting Nmap 6.46 ( http://nmap.org ) at 2014-06-11 19:25 PDT SENT (0.0340s) ARP who-has 192.168.1.120 tell 192.168.1.131 SENT (0.2438s) ARP who-has 192.168.1.120 tell 192.168.1.131 RCVD (0.0343s) ARP reply 192.168.1.120 is-at DE:AD:BE:EF:00:15 SENT (0.2446s) TCP 192.168.1.131:62760 > 192.168.1.120:22 S ttl=57 id=36604 iplen=44 seq=2486294121 win=1024 <mss 1460> SENT (0.2447s) TCP 192.168.1.131:62760 > 192.168.1.120:9000 S ttl=57 id=25741 iplen=44 seq=2486294121 win=1024 <mss 1460> SENT (1.3639s) TCP 192.168.1.131:62761 > 192.168.1.120:9000 S ttl=53 id=60872 iplen=44 seq=2486228584 win=1024 <mss 1460> SENT (1.3644s) TCP 192.168.1.131:62761 > 192.168.1.120:22 S ttl=58 id=2301 iplen=44 seq=2486228584 win=1024 <mss 1460> RCVD (0.2447s) TCP 192.168.1.120:22 > 192.168.1.131:62760 SA ttl=64 id=0 iplen=44 seq=1814053721 win=5840 <mss 1460> Nmap scan report for 192.168.1.120 Host is up (-0.18s latency). PORT STATE SERVICE 22/tcp open ssh 9000/tcp filtered cslistener MAC Address: DE:AD:BE:EF:00:15 (Unknown) Nmap done: 1 IP address (1 host up) scanned in 1.50 seconds # *** and simultaneously in another window... *** # tcpdump -n host 192.168.1.120 tcpdump: listening on vio0, link-type EN10MB 19:25:35.188613 arp who-has 192.168.1.120 (ff:ff:ff:ff:ff:ff) tell 192.168.1.131 19:25:35.188827 arp reply 192.168.1.120 is-at de:ad:be:ef:00:15 19:25:35.398323 arp who-has 192.168.1.120 (ff:ff:ff:ff:ff:ff) tell 192.168.1.131 19:25:35.398528 arp reply 192.168.1.120 is-at de:ad:be:ef:00:15 tcpdump: WARNING: compensating for unaligned libpcap packets 19:25:35.399065 192.168.1.131.62760 > 192.168.1.120.22: S 2486294121:2486294121(0) win 1024 <mss 1460> 19:25:35.399156 192.168.1.131.62760 > 192.168.1.120.9000: S 2486294121:2486294121(0) win 1024 <mss 1460> 19:25:35.399210 192.168.1.120.22 > 192.168.1.131.62760: S 1814053721:1814053721(0) ack 2486294122 win 5840 <mss 1460> (DF) 19:25:35.399235 192.168.1.131.62760 > 192.168.1.120.22: R 2486294122:2486294122(0) win 0 (DF) 19:25:35.399288 192.168.1.120.9000 > 192.168.1.131.62760: S 3256885666:3256885666(0) ack 2486294122 win 5840 <mss 1460> (DF) 19:25:35.399313 192.168.1.131.62760 > 192.168.1.120.9000: R 2486294122:2486294122(0) win 0 (DF) 19:25:36.518352 192.168.1.131.62761 > 192.168.1.120.9000: S 2486228584:2486228584(0) win 1024 <mss 1460> 19:25:36.518581 192.168.1.120.9000 > 192.168.1.131.62761: S 3653907712:3653907712(0) ack 2486228585 win 5840 <mss 1460> (DF) 19:25:36.518612 192.168.1.131.62761 > 192.168.1.120.9000: R 2486228585:2486228585(0) win 0 (DF) 19:25:36.518905 192.168.1.131.62761 > 192.168.1.120.22: S 2486228584:2486228584(0) win 1024 <mss 1460> 19:25:36.518999 192.168.1.120.22 > 192.168.1.131.62761: S 1036225671:1036225671(0) ack 2486228585 win 5840 <mss 1460> (DF) 19:25:36.519021 192.168.1.131.62761 > 192.168.1.120.22: R 2486228585:2486228585(0) win 0 (DF) ^C 94 packets received by filter 0 packets dropped by kernel _______________________________________________ Sent through the dev mailing list http://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Nmap on OpenBSD Kent Fritz (Jun 11)
- Re: Nmap on OpenBSD Kent Fritz (Jun 15)
- Re: Nmap on OpenBSD Daniel Miller (Jun 16)
- Re: Nmap on OpenBSD Kent Fritz (Jun 15)