Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Incorrect NIC Selection / Unable to specify

From: "Donahue, Patrick" <Patrick.Donahue () vitale com>
Date: Sun, 13 Nov 2005 20:05:27 -0500
Hello,

I'm attempting to scan hosts using nmap 3.93 from an HP DL320 running
FreeBSD 5.4. This box has 2 onboard NICs detected by FBSD as "bge0" and
"bge1". "bge0" is statically assigned an IP address, and all traffic
routes out through this NIC. "bge1" is unused ("ifconfig bge1 down").

Unless I explicitly specify "-S sourceip -e sourcenic" as arguments,
nmap will fail with "getinterfaces: Failed to open ethernet interface
(bge1)\nQUITTING!". When the appropriate values are entered on the
command line for bge0, scans such as "nmap -sS" work fine. However, when
I attempt to use either OS detection "-O" or version scans "-sV", the
error reappears. It's almost as if the call to this part of the scan
does not pass the source IP and NIC. Any suggestions?

Thank You,
Patrick Donahue
Vitale, Caturano & Co., Ltd.

--

Below is the nmap output with TCPIP_DEBUGGING enabled followed by the
relevant network configuration:

root@monitor# ./nmap -S (bge0 IP) -e bge0 -v -sV -O (target IP)
WARNING:  If -S is being used to fake your source address, you may also
have to use -e <iface> and -P0 .  If you are using it to specify your
real source address, you can ignore this warning.

Starting nmap 3.93 ( http://www.insecure.org/nmap/ ) at 2005-11-13 19:46
EST
Initiating SYN Stealth Scan against (host IP) [1668 ports] at 19:46
Discovered open port 22/tcp on (host IP) 
Discovered open port 3306/tcp on (host IP) 
The SYN Stealth Scan took 52.73s to scan 1668 total ports.
Initiating service scan against 2 services on (host IP) at 19:47
The service scan took 0.32s to scan 2 services on 1 host.
Warning:  OS detection will be MUCH less reliable because we did not
find at least 1 open and 1 closed TCP port
For OSScan assuming port 22 is open, 38060 is closed, and neither are
firewalled
ifnet list length = 312
sa_len = 72
Here it is:
62 67 65 30   0  0  0  0    0  0  0  0    0  0  0  0
38 12 1  0    6  4  6  0    62 67 65 30   0  13 21 1D
33 50 0  0    0  0  0  0    0  0  0  0    0  0  0  0
0  0  0  0    0  0  0  0    0  0  0  0    0  0  0  0
0  0  0  0    0  0  0  0    62 67 65 30   0  0  0  0
0  0  0  0    0  0  0  0    10 2  0  0    A  9  1  33
0  0  0  0    0  0  0  0    62 67 65 31   0  0  0  0
0  0  0  0    0  0  0  0    38 12 2  0    6  4  6  0
62 67 65 31   0  13 21 1D   33 4F 0  0    0  0  0  0
0  0  0  0    0  0  0  0    0  0  0  0    0  0  0  0
0  0  0  0    0  0  0  0    0  0  0  0    0  0  0  0
62 67 65 31   0  0  0  0    0  0  0  0    0  0  0  0
10 2  0  0    AC 10 A  3B   0  0  0  0    0  0  0  0
6C 6F 30 0    0  0  0  0    0  0  0  0    0  0  0  0
38 12 3  0    18 3  0  0    6C 6F 30 0    0  0  0  0
0  0  0  0    0  0  0  0    0  0  0  0    0  0  0  0
0  0  0  0    0  0  0  0    0  0  0  0    0  0  0  0
0  0  0  0    0  0  0  0    6C 6F 30 0    0  0  0  0
0  0  0  0    0  0  0  0    10 2  0  0    7F 0  0  1
0  0  0  0    0  0  0  0
ifr = 96AA000
Size of struct ifreq: 32
ifr_name size = 16
ifr = 96AA000
ifr_name size = 16
ifr = 96AA048
ifr_name size = 16
ifr = 96AA068
ifr_name size = 16
ifr = 96AA0B0
getinterfaces: Failed to open ethernet interface (bge1)
QUITTING!
root@monitor#


root@monitor# dmesg | grep bge
bge0: <Broadcom BCM5704C Dual Gigabit Ethernet, ASIC rev. 0x2100> mem
0xfdef0000-0xfdefffff irq 24 at device 1.0 on pci6
miibus0: <MII bus> on bge0
bge0: Ethernet address: (MAC address)
bge1: <Broadcom BCM5704C Dual Gigabit Ethernet, ASIC rev. 0x2100> mem
0xfdee0000-0xfdeeffff irq 25 at device 1.1 on pci6
miibus1: <MII bus> on bge1
bge1: Ethernet address: (MAC address)

root@monitor# ifconfig
bge0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        options=1a<TXCSUM,VLAN_MTU,VLAN_HWTAGGING>
        inet (IP address) netmask 0xffffff00 broadcast (broadcast
address)
        ether (MAC address)
        media: Ethernet autoselect (100baseTX <full-duplex>)
        status: active
bge1: flags=8802<BROADCAST,SIMPLEX,MULTICAST> mtu 1500
        options=1a<TXCSUM,VLAN_MTU,VLAN_HWTAGGING>
        inet (IP address) netmask 0xffffff00 broadcast (broadcast
address)
        ether (MAC address)
        media: Ethernet autoselect (none)
        status: no carrier

root@monitor# netstat -rn | grep default
Destination        Gateway            Flags    Refs      Use  Netif
Expire
default            (bge0 IP)              UGS         0   471511   bge0


______________________________________________________________
Any U.S. tax advice contained in this communication (including
any attachments) is not intended or written to be used for the 
purpose of avoiding penalties under the Internal Revenue Code 
and cannot be used for that purpose.  
______________________________________________________________
This electronic message is intended only for the use of the 
individual or entity named above and may contain information 
which is privileged and/or confidential.  If you are not the 
intended recipient, be aware that any disclosure, copying, 
distribution, dissemination or use of the contents of this 
message is prohibited.  If you have received this message in 
error, please notify the sender immediately.



_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Previous By Date Next
Previous By Thread Next

Current thread: