Nmap Development mailing list archives

RE: new Win install fails beyond localhost

From: "Norris Carden" <ncarden () ascendfcu org>
Date: Tue, 9 Mar 2010 15:30:30 -0600

Results as requested... thanks for pointing out these options.. 

nmap --iflist

Starting Nmap 5.21 ( http://nmap.org ) at 2010-03-09 15:13 Central
Standard Time

************************INTERFACES************************

DEV  (SHORT) IP/MASK         TYPE     UP MAC

eth0 (eth0)  10.1.1.XX/24 ethernet up 00:00:00:00:00:00

lo0  (lo0)   127.0.0.1/8     loopback up



DEV    WINDEVICE

eth0   \Device\NPF_{XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX}

lo0    <none>

<none> \Device\NPF_{ZZZZZZZZ-ZZZZ-ZZZZ-ZZZZ-ZZZZZZZZZZZZ}

<none> \Device\NPF_{YYYYYYYY-YYYY-YYYY-YYYY-YYYYYYYYYYYY}



**************************ROUTES**************************

DST/MASK           DEV  GATEWAY

10.255.255.255/32  eth0 10.1.1.1

10.1.1.XX/32    lo0  127.0.0.1

255.255.255.255/32 eth0 10.1.1.XX

10.1.1.0/0       eth0 10.1.1.XX

127.0.0.0/0        lo0  127.0.0.1

224.0.0.0/0        eth0 10.1.1.XX

0.0.0.0/0          eth0 10.1.1.1








nmap -sP -d3 -PE -PA21,23,80,3389 10.1.1.0/29 (this should find 6
responding IPs).


***WinIP***  trying to initialize WinPcap

Winpcap present, dynamic linked to: WinPcap version 4.1.1 (packet.dll
version 4.1.0.1753), based on libpcap version 1.0 branch 1_0_rel0b
(20091008)

NPF service is already running.



Starting Nmap 5.21 ( http://nmap.org ) at 2010-03-09 15:10 Central
Standard Time

The max # of sockets we are using is: 0

--------------- Timing report ---------------

  hostgroups: min 1, max 100000

  rtt-timeouts: init 1000, min 100, max 10000

  max-scan-delay: TCP 1000, UDP 1000, SCTP 1000

  parallelism: min 0, max 0

  max-retries: 10, host-timeout: 0

  min-rate: 0, max-rate: 0

---------------------------------------------

Initiating ARP Ping Scan at 15:10

Scanning 8 hosts [1 port/host]

Pcap filter: arp and arp[18:4] = 0x0013210C and arp[22:2] = 0x7191

Packet capture filter (device eth0): arp and arp[18:4] = 0x0013210C and
arp[22:2] = 0x7191

SENT (0.2180s) ARP who-has 10.1.1.1 tell 10.1.1.xx

**TIMING STATS** (0.2180s): IP, probes
active/freshportsleft/retry_stack/outstanding/retranwait/onbench,
cwnd/ssthresh/delay, timeout/srtt/rttvar/

   Groupstats (8/8 incomplete): 1/*/*/*/*/* 10.00/75/* 100000/-1/-1

Current sending rates: 7.14 packets / s, 300.00 bytes / s.

Overall sending rates: 7.14 packets / s, 300.00 bytes / s.

SENT (0.2340s) ARP who-has 10.1.1.4 tell 10.1.1.XX

SENT (0.2340s) ARP who-has 10.1.1.5 tell 10.1.1.XX

SENT (0.2340s) ARP who-has 10.1.1.6 tell 10.1.1.XX

SENT (0.2340s) ARP who-has 10.1.1.7 tell 10.1.1.XX

SENT (0.2340s) ARP who-has 10.1.1.0 tell 10.1.1.XX

SENT (0.2340s) ARP who-has 10.1.1.2 tell 10.1.1.XX

SENT (0.2340s) ARP who-has 10.1.1.3 tell 10.1.1.XX

**TIMING STATS** (0.2340s): IP, probes
active/freshportsleft/retry_stack/outstanding/retranwait/onbench,
cwnd/ssthresh/delay, timeout/srtt/rttvar/

   Groupstats (8/8 incomplete): 8/*/*/*/*/* 10.00/75/* 100000/-1/-1

Current sending rates: 51.28 packets / s, 2153.85 bytes / s.

Overall sending rates: 51.28 packets / s, 2153.85 bytes / s.

SENT (0.3280s) ARP who-has 10.1.1.1 tell 10.1.1.XX

**TIMING STATS** (0.3280s): IP, probes
active/freshportsleft/retry_stack/outstanding/retranwait/onbench,
cwnd/ssthresh/delay, timeout/srtt/rttvar/

   Groupstats (8/8 incomplete): 8/*/*/*/*/* 10.00/75/* 100000/-1/-1

Current sending rates: 36.00 packets / s, 1512.00 bytes / s.

Overall sending rates: 36.00 packets / s, 1512.00 bytes / s.

SENT (0.3440s) ARP who-has 10.1.1.0 tell 10.1.1.XX

SENT (0.3440s) ARP who-has 10.1.1.2 tell 10.1.1.XX

SENT (0.3440s) ARP who-has 10.1.1.3 tell 10.1.1.XX

SENT (0.3440s) ARP who-has 10.1.1.4 tell 10.1.1.XX

SENT (0.3440s) ARP who-has 10.1.1.5 tell 10.1.1.XX

SENT (0.3440s) ARP who-has 10.1.1.6 tell 10.1.1.XX

SENT (0.3440s) ARP who-has 10.1.1.7 tell 10.1.1.XX

**TIMING STATS** (0.3440s): IP, probes
active/freshportsleft/retry_stack/outstanding/retranwait/onbench,
cwnd/ssthresh/delay, timeout/srtt/rttvar/

   Groupstats (8/8 incomplete): 8/*/*/*/*/* 10.00/75/* 100000/-1/-1

Current sending rates: 60.15 packets / s, 2526.32 bytes / s.

Overall sending rates: 60.15 packets / s, 2526.32 bytes / s.

**TIMING STATS** (0.4370s): IP, probes
active/freshportsleft/retry_stack/outstanding/retranwait/onbench,
cwnd/ssthresh/delay, timeout/srtt/rttvar/

   Groupstats (8/8 incomplete): 7/*/*/*/*/* 10.00/75/* 100000/-1/-1

Current sending rates: 44.57 packets / s, 1871.87 bytes / s.

Overall sending rates: 44.57 packets / s, 1871.87 bytes / s.

ultrascan_host_probe_update called for machine 10.1.1.1 state UNKNOWN ->
HOST_DOWN (trynum 1 time: 125000)

Moving 10.1.1.1 to completed hosts list with 1 outstanding probe.

**TIMING STATS** (0.4530s): IP, probes
active/freshportsleft/retry_stack/outstanding/retranwait/onbench,
cwnd/ssthresh/delay, timeout/srtt/rttvar/

   Groupstats (7/8 incomplete): 0/*/*/*/*/* 10.00/75/* 100000/-1/-1

Current sending rates: 42.67 packets / s, 1792.00 bytes / s.

Overall sending rates: 42.67 packets / s, 1792.00 bytes / s.

ultrascan_host_probe_update called for machine 10.1.1.0 state UNKNOWN ->
HOST_DOWN (trynum 1 time: 125000)

ultrascan_host_probe_update called for machine 10.1.1.2 state UNKNOWN ->
HOST_DOWN (trynum 1 time: 125000)

ultrascan_host_probe_update called for machine 10.1.1.3 state UNKNOWN ->
HOST_DOWN (trynum 1 time: 125000)

ultrascan_host_probe_update called for machine 10.1.1.4 state UNKNOWN ->
HOST_DOWN (trynum 1 time: 125000)

ultrascan_host_probe_update called for machine 10.1.1.5 state UNKNOWN ->
HOST_DOWN (trynum 1 time: 125000)

ultrascan_host_probe_update called for machine 10.1.1.6 state UNKNOWN ->
HOST_DOWN (trynum 1 time: 125000)

ultrascan_host_probe_update called for machine 10.1.1.7 state UNKNOWN ->
HOST_DOWN (trynum 1 time: 125000)

Moving 10.1.1.0 to completed hosts list with 1 outstanding probe.

Moving 10.1.1.2 to completed hosts list with 1 outstanding probe.

Moving 10.1.1.3 to completed hosts list with 1 outstanding probe.

Moving 10.1.1.4 to completed hosts list with 1 outstanding probe.

Moving 10.1.1.5 to completed hosts list with 1 outstanding probe.

Moving 10.1.1.6 to completed hosts list with 1 outstanding probe.

Moving 10.1.1.7 to completed hosts list with 1 outstanding probe.

Completed ARP Ping Scan at 15:10, 0.39s elapsed (8 total hosts)

Overall sending rates: 40.92 packets / s, 1718.67 bytes / s.

pcap stats: 26 packets received by filter, 0 dropped by kernel.

mass_rdns: Using DNS server 10.1.1.YY

mass_rdns: Using DNS server 10.1.1.ZZ

mass_rdns: Using DNS server 10.1.1.YY

mass_rdns: Using DNS server 10.1.1.ZZ

Nmap scan report for 10.1.1.0 [host down, received no-response]

Nmap scan report for 10.1.1.1 [host down, received no-response]

Nmap scan report for 10.1.1.2 [host down, received no-response]

Nmap scan report for 10.1.1.3 [host down, received no-response]

Nmap scan report for 10.1.1.4 [host down, received no-response]

Nmap scan report for 10.1.1.5 [host down, received no-response]

Nmap scan report for 10.1.1.6 [host down, received no-response]

Nmap scan report for 10.1.1.7 [host down, received no-response]

No data files read.

Nmap done: 8 IP addresses (0 hosts up) scanned in 0.47 seconds

           Raw packets sent: 16 (672B) | Rcvd: 0 (0B)




-----Original Message-----
From: David Fifield [mailto:david () bamsoftware com] 
Sent: Tuesday, March 09, 2010 2:01 PM
To: Norris Carden
Cc: nmap-dev () insecure org
Subject: Re: new Win install fails beyond localhost

On Tue, Mar 09, 2010 at 09:29:35AM -0600, Norris Carden wrote:

I just installed nmap-5.21-setup.exe on a Win2k3 server. Installation

of

all parts appears to be fine. Nmap executes with no errors.

Nmap is only able to see the local host's IP. Nmap gets no response

from

any other system on the network.

System has not been rebooted since installation. GFI Languard is also
installed, but not running. Network connectivity is fine as I only

have

access to this server via RDP. Dual NICs are teamed... three network
connections exist.. the third is the team. WinPcap was uninstalled and
WinPcap_4_1_1.exe downloaded from npcap.org and reinstalled.

My account does have admin privileges.


Can you scan hosts outside your local network, like scanme.nmap.org?
Perhaps there is a problem with ARP ping over the teamed interface.

If you can, please post the output from scanning one of the
non-responsive hosts, using the -d3 option to get debugging information.
You can remove or change any private IP addresses.

Also please send the output of

nmap --iflist

David Fifield



_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

Current thread:

new Win install fails beyond localhost Norris Carden (Mar 09)
- Re: new Win install fails beyond localhost David Fifield (Mar 09)
  - RE: new Win install fails beyond localhost Norris Carden (Mar 09)
    - Re: new Win install fails beyond localhost David Fifield (Mar 09)
    - RE: [BULK] Re: new Win install fails beyond localhost Norris Carden (Mar 09)
    - RE: [BULK] Re: new Win install fails beyond localhost Norris Carden (Mar 10)
    - Re: new Win install fails beyond localhost David Fifield (Mar 12)