Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Please help with long standing nmap issue

From: David Fifield <david () bamsoftware com>
Date: Fri, 3 Apr 2009 10:13:21 -0600
On Thu, Apr 02, 2009 at 10:16:27PM -0600, David Fifield wrote:

On Mon, Mar 30, 2009 at 07:57:22AM +0100, Rob Nicholls wrote:

I assume from the tracking software you mentioned that you're using OSX? I
think we decided it's a peculiarity of the OS rather than a problem with
nmap: http://seclists.org/nmap-dev/2008/q4/0634.html

I believe David's suggestion was to give the admin group read and write
permissions to /dev/bfp* and run nmap as a non-root user that's in the admin
group.


That explains why --iflist isn't working as non-root. There is another
issue, which is that ping scan is working as non-root but not as root:


M:~ jp$ sudo nmap -O -v 192.168.226.1-254

Starting Nmap 4.85BETA4 ( http://nmap.org ) at 2009-03-29 16:33 MDT
Warning: Unable to open interface vmnet8 -- skipping it.
Warning: Unable to open interface vmnet1 -- skipping it.
Initiating Ping Scan at 16:33
Scanning 254 hosts [2 ports/host]
Ping Scan Timing: About 31.50% done; ETC: 16:35 (0:01:07 remaining)
Ping Scan Timing: About 60.04% done; ETC: 16:35 (0:00:41 remaining)
Completed Ping Scan at 16:35, 103.72s elapsed (254 total hosts)
Read data files from: /usr/local/share/nmap
Nmap done: 254 IP addresses (0 hosts up) scanned in 104.06 seconds
          Raw packets sent: 1016 (34.544KB) | Rcvd: 885 (72.047KB)

M:~ jp$ nmap -sP 192.168.226.1-254

Starting Nmap 4.85BETA4 ( http://nmap.org ) at 2009-03-29 16:38 MDT
Host 192.168.226.1 appears to be up.
Host 192.168.226.2 appears to be up.
Host 192.168.226.10 appears to be up.


Jerry, can you run these commands and send me the log files?:

      sudo nmap -sP -d --packet-trace 192.168.226.1-254 -oN root.nmap
      nmap -sP -d --packet-trace 192.168.226.1-254 -oN nonroot.nmap
      sudo nmap -sP -d --packet-trace --unprivileged 192.168.226.1-254 -oN root-unprivileged.nmap


Thanks, now that I have seen to log files I know what the problem is.
The machines on your network respond to a SYN to port 80 (which is what
the non-root ping scan does), but not an ACK to port 80 nor an ICMP echo
(which is what the root ping scan does). In your network you should use
the -PS option to find up hosts. Just combine it with the options you
were already using:

M:~ jp$ sudo nmap -PS -O -v 192.168.226.1-254

David Fifield

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
Previous By Date Next
Previous By Thread Next

Current thread: