Re: NMap Scan Through VPN?

[Andreas Ericsson <ae () op5 se>]

Alan Jones wrote:
> I recently was thinking I should send in some equipment and version info
> on some of network devices at the office that NMap did not recognize. 
> Due to timing I never got around to doing any checks.  So this weekend I
> decided to experiment on a few things.
>
> I loaded the latest NMap and connected from home over the VPN back to
> the office.  I knew from past experience I could ping, trace, and load
> various programs etc over the VPN.  So I decided to scan a few boxes
> just to see  what would happen next.
>
> Interestingly enough Nmap did not even see the equipment.
>
> I was surprised....  I figured Nmap might complain about something
> father along but not that it could not find the equipment.
>
> This was using the Microsoft Windows VPN software.
>
> Anyone else done any scanning over a VPN?  I am sure there are enough
> variables that it would not be endorsed, but just curious if this issue
> was just our network or something bigger.  I did not run any debug type
> checks.... at this point just wanted to get reaction and ides from others.

For windows, nmap works by sending raw ethernet frames directly to the 
NIC. I'm guessing that can't be done with a virtual interface (which is 
always involved when setting up a VPN) so nmap just won't work over VPN 
connections on Windows. I think it should on Unices, since raw socket 
support is still available there, but I'm not sure. Perhaps someone with 
more knowledge of the nmap core plumbing can answer that.

-- 
Andreas Ericsson                   andreas.ericsson () op5 se
OP5 AB                             www.op5.se
Tel: +46 8-230225                  Fax: +46 8-230231


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev