Nmap Development mailing list archives
Re: OS X 10.6 Problems with privileged scans
From: David Fifield <david () bamsoftware com>
Date: Fri, 23 Oct 2009 08:00:50 -0600
On Thu, Oct 15, 2009 at 09:49:20PM -0400, SCRIVENS WALTER wrote:
I've been dealing with this from version 5.05 BETA1, and I have the same symptoms as Tom. I have no problem with nmap version 5.0 I have no problem with Wireshark version 1.2.0 under OS X 10.6.1 once I applied the recommended patch, sudo chmod g+w /dev/bpf* Here is the backtrace from my nmap5.05BETA1: Reading symbols for shared libraries .++++++.. done 0x00007fff8653b364 in read () (gdb) backtrace #0 0x00007fff8653b364 in read () #1 0x00000001001635fc in pcap_read_bpf () #2 0x000000010016524b in pcap_next () #3 0x0000000100012e6f in readip_pcap (pd=0x100201900, len=0x7fff5fbfaccc, to_usec=999756, rcvdtime=0x7fff5fbfaca0, linknfo=0x7fff5fbfacd0, validate=true) at tcpip.cc:2330 #4 0x0000000100036fd7 in waitForResponses (USI=0x100201410) at scan_engine.cc:4414 #5 0x000000010003a8ff in ultra_scan (Targets=@0x7fff5fbfaf00, ports=0x100201480, scantype=STYPE_UNKNOWN, to=0x1000c97a4) at scan_engine.cc:5280 #6 0x000000010000cd24 in ~vector [inlined] () at targets.cc:429 #7 0x000000010000cd24 in ~vector [inlined] () at /usr/include/c++/4.2.1/bits/stl_vector.h:271 #8 0x000000010000cd24 in massping (hostbatch=0x1, num_hosts=1, ports=0x7fff5fbfc740) at targets.cc:429 #9 0x000000010000d3a2 in nexthost (hs=0x10081fc00, exclude_group=0x0, ports=0x7fff5fbfc740, pingtype=122) at targets.cc:583 #10 0x0000000100008613 in nmap_main (argc=4, argv=0x7fff5fbffb78) at nmap.cc:1722 #11 0x0000000100003bdb in main (argc=4, argv=0x7fff5fbffb78) at main.cc:205 (gdb) It is different from Tom's, but I have no idea what I'm looking at :-)
I have a suspicion of where the hang might be occurring. It might happen where pcap_next is called for an unknown datalink type. Can you try running the attached patch? Just save it in your nmap working directory and run patch -p0 < pcap_datalink_log.diff Then run a scan using the -d option to see the extra log messages. What we're looking for are messages along the lines of pcap_datalink returned unknown datalink type %d a pcap_next David Fifield
Attachment:
pcap_datalink_log.diff
Description:
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- OS X 10.6 Problems with privileged scans Tom Sellers (Oct 15)
- Re: OS X 10.6 Problems with privileged scans David Fifield (Oct 15)
- Re: OS X 10.6 Problems with privileged scans Tom Sellers (Oct 15)
- Re: OS X 10.6 Problems with privileged scans SCRIVENS WALTER (Oct 15)
- Re: OS X 10.6 Problems with privileged scans David Fifield (Oct 15)
- Re: OS X 10.6 Problems with privileged scans - data from version 5.0 Tom Sellers (Oct 15)
- Re: OS X 10.6 Problems with privileged scans - data from version 5.0 Walt Scrivens (Oct 16)
- Re: OS X 10.6 Problems with privileged scans Tom Sellers (Oct 15)
- Re: OS X 10.6 Problems with privileged scans David Fifield (Oct 23)
- Re: OS X 10.6 Problems with privileged scans Walt Scrivens (Oct 23)
- Re: OS X 10.6 Problems with privileged scans David Fifield (Oct 23)
- Re: OS X 10.6 Problems with privileged scans Walt Scrivens (Oct 23)
- Re: OS X 10.6 Problems with privileged scans David Fifield (Oct 23)
- Re: OS X 10.6 Problems with privileged scans Walt Scrivens (Oct 23)
- Re: OS X 10.6 Problems with privileged scans Tom Sellers (Oct 23)
- Re: OS X 10.6 Problems with privileged scans Walt Scrivens (Oct 23)
- Re: OS X 10.6 Problems with privileged scans David Fifield (Oct 15)
- OS X 10.6 diagnosis: pcap timeout and bpf device access David Fifield (Nov 07)