'sendto' error in OSX 10.1.5

[Carl Holmberg <cmholm () apple20 mhpcc edu>]

I had been working with Nmap 2.54BETA30 on the command line since 
installing OSX 10.0.x last year without any known issues. Shortly after 
upgrading to 10.1.5 and adding the last few security patches, Nmap 
started returning "permission denied" errors from calls to 'connect' and 
'sendto'. I compiled and installed Nmap 3.00, but got the same results. 
Ditto when logged in as root. I haven't seen mention of anyone seeing 
this boo-boo on Google or the list.

I see where the error pops up in the code, but I don't know why 'sendto' 
is returning an error.
Has someone got a clue I can buy as to a direction to investigate? I've 
gone so far as to set the directive TCPIP_DEBUGGING and arguments -v -v 
-d, but the results aren't telling me anything.

Attached for lack of clue: short form outputs from TCP and SYN scan, 
loooong form from SYN...

me% sudo nmap -sT www.not_me.com
Starting nmap V. 3.00 ( www.insecure.org/nmap/ )
Strange error from connect (13):Permission denied
Interesting ports on www.not_me.com (xxx.xxx.xxx.xxx):
[snipped]

me% sudo nmap -sS www.not_me.com
Starting nmap V. 3.00 ( www.insecure.org/nmap/ )
sendto in send_tcp_raw: sendto(3, packet, 40, 0, xxx.xxx.xxx.xxx, 16) => 
Permission denied
Sleeping 15 seconds then retrying

me% sudo ./nmap -sS -v -v -d www.not_me.com
Starting nmap V. 3.00 ( www.insecure.org/nmap/ )
ifnet list length = 136
sa_len = 36
Here it is:
6C 6F 30 0    0  2A B0 0    2  17 C7 24   2  17 C7 24
14 12 0  1    18 3  0  0    6C 6F 30 0    0  0  0  0
0  0  0  0    6C 6F 30 0    0  2A B0 0    2  17 C7 24
2  17 C7 24   10 2  0  0    7F 0  0  1    0  0  0  0
0  0  0  0    65 6E 30 0    0  2A B0 0    2  17 C7 24
2  17 C7 24   14 12 0  2    6  3  6  0    65 6E 30 0
50 E4 C5 90   64 0  0  0    65 6E 30 0    0  2A B0 0
2  17 C7 24   2  17 C7 24   10 2  0  0    A4 7A 1E DC
0  0  0  0    0  0  0  0
ifr = BFFF7270
Size of struct ifreq: 32
ifr_name size = 16
ifr = BFFF7270
Interface 0 is lo0
ifr_name size = 16
ifr = BFFF7294
Interface 1 is lo0
ifr_name size = 16
ifr = BFFF72B4
Interface 2 is en0
ifr_name size = 16
ifr = BFFF72D8
Interface 3 is en0
Packet capture filter (device en0): (icmp and dst host yyy.yyy.its.mee) 
or (tcp and dst host yyy.yyy.its.mee and ( dst port 42411 or dst port 
42412 or dst port 42413 or dst port 42414 or dst port 42415))
We got a TCP ping packet back from xxx.xxx.xxx.xxx (hostnum = 0 
trynum = 0
Hostupdate called for machine xxx.xxx.xxx.xxx state UNKNOWN/COMBO -> 
HOST_UP (trynum 0, dotimeadj: yes time: 54902)
Finished block: srtt: 56242 rttvar: 56242 timeout: 300000 block_tries: 1 
up_this_block: 1 down_this_block: 0 group_sz: 1
massping done:  num_hosts: 1  num_responses: 1
Host www.not_me.com (xxx.xxx.xxx.xxx) appears to be up ... good.
Starting pos_scan (SYN Stealth Scan)
Packet capture filter (device en0): dst host yyy.yyy.its.mee and (icmp 
or (tcp and src host xxx.xxx.xxx.xxx))
Initiating SYN Stealth Scan against www.not_me.com (xxx.xxx.xxx.xxx)
sendto in send_tcp_raw: sendto(3, packet, 40, 0, xxx.xxx.xxx.xxx, 16) => 
Permission denied
Sleeping 15 seconds then retrying
^Ccaught SIGINT signal, cleaning up

Carl

------------------------------------------------------------------------------
Carl M Holmberg
550 Lipoa Pkwy, Kihei, HI 96753
cmholm () apple20 mhpcc edu, www.mhpcc.edu/~cmholm


---------------------------------------------------------------------
For help using this (nmap-dev) mailing list, send a blank email to 
nmap-dev-help () insecure org . List run by ezmlm-idx (www.ezmlm.org).