Nmap Development mailing list archives
Raw scanning as an unprivileged user on Mac OS X
From: David Fifield <david () bamsoftware com>
Date: Sat, 10 May 2008 13:45:09 -0600
Hello, I said back in http://seclists.org/nmap-dev/2008/q2/0189.html that I would investigate whether Nmap really needs root to run privileged scans as long as it can read and with the /dev/bpf* devices. It turns out root is not required, as long as you use --send-eth. By default, users don't have read and write access to the bpf devices. Wireshark on Mac OS X ships with a startup script called ChmodBPF that gives access to users in the admin group: http://anonsvn.wireshark.org/wireshark/trunk-1.0/packaging/macosx/ChmodBPF/README.macosx http://anonsvn.wireshark.org/wireshark/trunk-1.0/packaging/macosx/ChmodBPF/ChmodBPF I had this startup item installed when I ran the following commands. ~$ nmap scanme.nmap.org Starting Nmap 4.62 ( http://nmap.org ) at 2008-05-10 13:17 MDT ~$ nmap -sS scanme.nmap.org You requested a scan type which requires root privileges. QUITTING! ~$ nmap -sS --privileged scanme.nmap.org Starting Nmap 4.62 ( http://nmap.org ) at 2008-05-10 13:18 MDT socket troubles in Init: Operation not permitted (1) ~$ nmap -sS --privileged --send-eth scanme.nmap.org Starting Nmap 4.62 ( http://nmap.org ) at 2008-05-10 13:18 MDT Interesting ports on scanme.nmap.org (64.13.134.52): Not shown: 1709 filtered ports PORT STATE SERVICE 22/tcp open ssh 25/tcp closed smtp 53/tcp open domain 70/tcp closed gopher 80/tcp open http 113/tcp closed auth Nmap done: 1 IP address (1 host up) scanned in 83.744 seconds So Nmap works just fine without root, but you have to know how to tell it to ignore the fact that you're not root. Except I notice that the -A option doesn't run all the things that option can run (just -sC I think), even though -O and --traceroute work on their own. These observations may apply to other BSDs as well. David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Raw scanning as an unprivileged user on Mac OS X David Fifield (May 10)