Nmap Development mailing list archives
Re: nmap vs multiple IP address on one NIC
From: David Fifield <david () bamsoftware com>
Date: Mon, 19 Nov 2007 23:25:06 -0700
On Wed, Oct 31, 2007 at 09:41:27AM +0300, preacherandrew () mail ru wrote:
On Tue, Oct 23, 2007, Fyodor wrote:On Fri, Oct 19, 2007 at 04:36:45PM +0400, preacherandrew () mail ru wrote:Hi, Fyodor. My config: Windows 2000; one NIC; in TCP/IP properties set multiple IP addressesHi Andrew. Thanks for your report. Maybe we need to move tne entry->>intf_len assignment. Would you please email your report to nmap-dev () insecure org so that more people have a chance to look at it?Thanks, -FHi Fyodor. I have send my report to nmap-dev () insecure org. But may be problem is wider. I try to fix the problem moving memset(entry, 0, sizeof(*entry)); from "_ifrow_to_entry" function and code fragment "set aliases" is executed. But this fix don't help me in my case ("multiple IP addresses on one network card"). Point is that nmap use only one from addresses returned by GetIpAddrTable. Becase that nmap's rerults may be inadequate. For example: host has two IP adresses on one network card - 192.168.160.12/24 and 192.168.2.3/24. Default router - 192.168.160.254. 1) I run "nmap --iflist". 2) GetIpAddrTable returns addresses is such order: 192.168.2.3, 192.168.160.12. 2) Nmap take into account only first address returned by GetIpAddrTable- 192.168.2.3. 3) Then nmap try verify default router using this address (192.168.2.3). This results "WARNING: Unable to find appropriate interface for system route to 192.168.160.254" (more precisely lot such warnings - for almost each entry in "route print"). In reality, default router is ok - it is reachable from host's other address (192.168.160.12), but nmap doesn't take into account other address.
Thanks for the detailed report. Can you try the attached patch? I don't know too much about Windows networking. I set up a Windows XP computer with two IP addresses on different subnets on the same NIC. This is what nmap --iflist displays with the patch: Starting Nmap 4.23RC2 ( http://insecure.org ) at 2007-11-19 23:16 Pacific Standard Time ************************INTERFACES************************ DEV (SHORT) IP/MASK TYPE UP MAC eth0 (eth0) 192.168.1.202/24 ethernet up 00:D0:59:B7:66:0B eth0 (eth0) 192.168.0.203/24 ethernet up 00:D0:59:B7:66:0B lo0 (lo0) 127.0.0.1/8 loopback up DEV WINDEVICE eth0 \Device\NPF_{FBA5E85C-7959-4351-8D7A-09F319B090A7} lo0 \Device\NPF_GenericDialupAdapter **************************ROUTES************************** DST/MASK DEV GATEWAY 192.168.1.255/32 eth0 192.168.1.202 192.168.1.202/32 lo0 127.0.0.1 192.168.0.203/32 lo0 127.0.0.1 192.168.0.255/32 eth0 192.168.0.203 255.255.255.255/32 eth0 192.168.1.202 192.168.1.0/0 eth0 192.168.1.202 192.168.0.0/0 eth0 192.168.0.203 127.0.0.0/0 lo0 127.0.0.1 224.0.0.0/0 eth0 192.168.1.202 0.0.0.0/0 eth0 192.168.0.1 Is it weird to have both interfaces called "eth0" even though one is an alias of the other? This matches what happens on Linux except that Linux provides suffixed names like eth0:1. Anyway this patch makes port scans on either subnet work for me. Gianluca, can you try this patch too? There's a slight chance that it will have an effect on the problem you've observed in http://seclists.org/nmap-dev/2007/q4/0290.html. David Fifield
Attachment:
intf-win.diff
Description:
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Re[2]: nmap vs multiple IP address on one NIC preacherandrew (Oct 30)
- Re: nmap vs multiple IP address on one NIC David Fifield (Nov 19)
- Message not available
- Re: nmap vs multiple IP address on one NIC 'David Fifield' (Nov 20)
- Re: nmap vs multiple IP address on one NIC 'David Fifield' (Nov 26)
- Message not available
- Re: nmap vs multiple IP address on one NIC David Fifield (Nov 19)