Nmap Development mailing list archives

Re: OS X 10.6 Problems with privileged scans

From: David Fifield <david () bamsoftware com>
Date: Fri, 23 Oct 2009 08:00:50 -0600

On Thu, Oct 15, 2009 at 09:49:20PM -0400, SCRIVENS WALTER wrote:

I've been dealing with this from version 5.05 BETA1, and I have the same 
symptoms as Tom.

I have no problem with nmap version 5.0

I have  no problem with Wireshark version 1.2.0 under OS X 10.6.1 once I 
applied the recommended patch, sudo chmod g+w /dev/bpf*

Here is the backtrace from my nmap5.05BETA1:

Reading symbols for shared libraries .++++++.. done
0x00007fff8653b364 in read ()
(gdb) backtrace
#0  0x00007fff8653b364 in read ()
#1  0x00000001001635fc in pcap_read_bpf ()
#2  0x000000010016524b in pcap_next ()
#3  0x0000000100012e6f in readip_pcap (pd=0x100201900, len=0x7fff5fbfaccc, to_usec=999756, rcvdtime=0x7fff5fbfaca0, 
linknfo=0x7fff5fbfacd0, validate=true) at tcpip.cc:2330
#4  0x0000000100036fd7 in waitForResponses (USI=0x100201410) at scan_engine.cc:4414
#5  0x000000010003a8ff in ultra_scan (Targets=@0x7fff5fbfaf00, ports=0x100201480, scantype=STYPE_UNKNOWN, 
to=0x1000c97a4) at scan_engine.cc:5280
#6  0x000000010000cd24 in ~vector [inlined] () at targets.cc:429
#7  0x000000010000cd24 in ~vector [inlined] () at /usr/include/c++/4.2.1/bits/stl_vector.h:271
#8  0x000000010000cd24 in massping (hostbatch=0x1, num_hosts=1, ports=0x7fff5fbfc740) at targets.cc:429
#9  0x000000010000d3a2 in nexthost (hs=0x10081fc00, exclude_group=0x0, ports=0x7fff5fbfc740, pingtype=122) at 
targets.cc:583
#10 0x0000000100008613 in nmap_main (argc=4, argv=0x7fff5fbffb78) at nmap.cc:1722
#11 0x0000000100003bdb in main (argc=4, argv=0x7fff5fbffb78) at main.cc:205
(gdb)

It is different from Tom's, but I have no idea what I'm looking at :-)


I have a suspicion of where the hang might be occurring. It might happen
where pcap_next is called for an unknown datalink type. Can you try
running the attached patch? Just save it in your nmap working directory
and run

patch -p0 < pcap_datalink_log.diff

Then run a scan using the -d option to see the extra log messages. What
we're looking for are messages along the lines of

pcap_datalink returned unknown datalink type %d
a pcap_next

David Fifield

Attachment: pcap_datalink_log.diff
Description:

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

Current thread:

OS X 10.6 Problems with privileged scans Tom Sellers (Oct 15)
- Re: OS X 10.6 Problems with privileged scans David Fifield (Oct 15)
  - Re: OS X 10.6 Problems with privileged scans Tom Sellers (Oct 15)
    - Re: OS X 10.6 Problems with privileged scans SCRIVENS WALTER (Oct 15)
    - Re: OS X 10.6 Problems with privileged scans David Fifield (Oct 15)
    - Re: OS X 10.6 Problems with privileged scans - data from version 5.0 Tom Sellers (Oct 15)
    - Re: OS X 10.6 Problems with privileged scans - data from version 5.0 Walt Scrivens (Oct 16)
    - Re: OS X 10.6 Problems with privileged scans David Fifield (Oct 23)
    - Re: OS X 10.6 Problems with privileged scans Walt Scrivens (Oct 23)
    - Re: OS X 10.6 Problems with privileged scans David Fifield (Oct 23)
    - Re: OS X 10.6 Problems with privileged scans Walt Scrivens (Oct 23)
    - Re: OS X 10.6 Problems with privileged scans David Fifield (Oct 23)
    - Re: OS X 10.6 Problems with privileged scans Walt Scrivens (Oct 23)
    - Re: OS X 10.6 Problems with privileged scans Tom Sellers (Oct 23)
    - Re: OS X 10.6 Problems with privileged scans Walt Scrivens (Oct 23)
- Re: OS X 10.6 Problems with privileged scans David Fifield (Oct 23)
- Re: OS X 10.6 Problems with privileged scans David Fifield (Nov 05)
  - OS X 10.6 diagnosis: pcap timeout and bpf device access David Fifield (Nov 07)

(Thread continues...)