Re: Nmap 4.20 on Mac OS X

[Fyodor <fyodor () insecure org>]

On Mon, Nov 06, 2006 at 06:39:14PM -0800, Kurt Grutzmacher wrote:
> I see a lot of change in packet construction within tcpip.cc so I'll
> start peeking and poking around there to see what's what. Subesquent
> tests with 4.20ALPHA1 through 4.20ALPHA4 have shown no issues. My
> previous statement of ALPHA4 having some issues appears to have been
> isolated as I haven't been able to repeat it. ALPHA4 is definately the
> last version that worked.

Thanks Kurt, that sounds great.  Also, the problem seems that it may
be in packet reception rather than packet construction.  After all,
the packets seem to reach their destination and be valid enough that
the target replies.  But Nmap doesn't seem to see those responses,
even though tcpdump does.

If you run Nmap with -d, you should see lines starting with "Packet
capture filter".  Those give the tcpdump-style filter Nmap gives to
Pcap to determine which packets are passed back to it.  That line also
tells what device Nmap is sniffing on.  So you'll want to make sure
that both are set such that they should be receiving the replies.  If
that turn out OK, you may want to set a breakpoint on pcap_next,
readip_pcap, and read_arp_reply_pcap to see what is going on.

I wish I could help more, but I don't have a MAC.  But I'm sure all
the MAC-based Nmap users appreciate your efforts!

Also, in two places in tcpip.cc you see:

// Add other systems here if they don't support select()able pcap descriptors
#ifdef WIN32
 pcap_descriptor = -1;
#else
 pcap_descriptor = pcap_get_selectable_fd(pd);
#endif

Why don't you try removing those lines and just leaving:

 pcap_descriptor = -1;

Then recompile and see if that helps.  The Pcap selectable descriptor
stuff was inserted in ALPHA5.  Maybe it doesn't work on OS X.

Cheers,
-F

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org