Nmap Development mailing list archives
RE: new Win install fails beyond localhost
From: "Norris Carden" <ncarden () ascendfcu org>
Date: Tue, 9 Mar 2010 15:30:30 -0600
Results as requested... thanks for pointing out these options.. nmap --iflist Starting Nmap 5.21 ( http://nmap.org ) at 2010-03-09 15:13 Central Standard Time ************************INTERFACES************************ DEV (SHORT) IP/MASK TYPE UP MAC eth0 (eth0) 10.1.1.XX/24 ethernet up 00:00:00:00:00:00 lo0 (lo0) 127.0.0.1/8 loopback up DEV WINDEVICE eth0 \Device\NPF_{XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX} lo0 <none> <none> \Device\NPF_{ZZZZZZZZ-ZZZZ-ZZZZ-ZZZZ-ZZZZZZZZZZZZ} <none> \Device\NPF_{YYYYYYYY-YYYY-YYYY-YYYY-YYYYYYYYYYYY} **************************ROUTES************************** DST/MASK DEV GATEWAY 10.255.255.255/32 eth0 10.1.1.1 10.1.1.XX/32 lo0 127.0.0.1 255.255.255.255/32 eth0 10.1.1.XX 10.1.1.0/0 eth0 10.1.1.XX 127.0.0.0/0 lo0 127.0.0.1 224.0.0.0/0 eth0 10.1.1.XX 0.0.0.0/0 eth0 10.1.1.1 nmap -sP -d3 -PE -PA21,23,80,3389 10.1.1.0/29 (this should find 6 responding IPs). ***WinIP*** trying to initialize WinPcap Winpcap present, dynamic linked to: WinPcap version 4.1.1 (packet.dll version 4.1.0.1753), based on libpcap version 1.0 branch 1_0_rel0b (20091008) NPF service is already running. Starting Nmap 5.21 ( http://nmap.org ) at 2010-03-09 15:10 Central Standard Time The max # of sockets we are using is: 0 --------------- Timing report --------------- hostgroups: min 1, max 100000 rtt-timeouts: init 1000, min 100, max 10000 max-scan-delay: TCP 1000, UDP 1000, SCTP 1000 parallelism: min 0, max 0 max-retries: 10, host-timeout: 0 min-rate: 0, max-rate: 0 --------------------------------------------- Initiating ARP Ping Scan at 15:10 Scanning 8 hosts [1 port/host] Pcap filter: arp and arp[18:4] = 0x0013210C and arp[22:2] = 0x7191 Packet capture filter (device eth0): arp and arp[18:4] = 0x0013210C and arp[22:2] = 0x7191 SENT (0.2180s) ARP who-has 10.1.1.1 tell 10.1.1.xx **TIMING STATS** (0.2180s): IP, probes active/freshportsleft/retry_stack/outstanding/retranwait/onbench, cwnd/ssthresh/delay, timeout/srtt/rttvar/ Groupstats (8/8 incomplete): 1/*/*/*/*/* 10.00/75/* 100000/-1/-1 Current sending rates: 7.14 packets / s, 300.00 bytes / s. Overall sending rates: 7.14 packets / s, 300.00 bytes / s. SENT (0.2340s) ARP who-has 10.1.1.4 tell 10.1.1.XX SENT (0.2340s) ARP who-has 10.1.1.5 tell 10.1.1.XX SENT (0.2340s) ARP who-has 10.1.1.6 tell 10.1.1.XX SENT (0.2340s) ARP who-has 10.1.1.7 tell 10.1.1.XX SENT (0.2340s) ARP who-has 10.1.1.0 tell 10.1.1.XX SENT (0.2340s) ARP who-has 10.1.1.2 tell 10.1.1.XX SENT (0.2340s) ARP who-has 10.1.1.3 tell 10.1.1.XX **TIMING STATS** (0.2340s): IP, probes active/freshportsleft/retry_stack/outstanding/retranwait/onbench, cwnd/ssthresh/delay, timeout/srtt/rttvar/ Groupstats (8/8 incomplete): 8/*/*/*/*/* 10.00/75/* 100000/-1/-1 Current sending rates: 51.28 packets / s, 2153.85 bytes / s. Overall sending rates: 51.28 packets / s, 2153.85 bytes / s. SENT (0.3280s) ARP who-has 10.1.1.1 tell 10.1.1.XX **TIMING STATS** (0.3280s): IP, probes active/freshportsleft/retry_stack/outstanding/retranwait/onbench, cwnd/ssthresh/delay, timeout/srtt/rttvar/ Groupstats (8/8 incomplete): 8/*/*/*/*/* 10.00/75/* 100000/-1/-1 Current sending rates: 36.00 packets / s, 1512.00 bytes / s. Overall sending rates: 36.00 packets / s, 1512.00 bytes / s. SENT (0.3440s) ARP who-has 10.1.1.0 tell 10.1.1.XX SENT (0.3440s) ARP who-has 10.1.1.2 tell 10.1.1.XX SENT (0.3440s) ARP who-has 10.1.1.3 tell 10.1.1.XX SENT (0.3440s) ARP who-has 10.1.1.4 tell 10.1.1.XX SENT (0.3440s) ARP who-has 10.1.1.5 tell 10.1.1.XX SENT (0.3440s) ARP who-has 10.1.1.6 tell 10.1.1.XX SENT (0.3440s) ARP who-has 10.1.1.7 tell 10.1.1.XX **TIMING STATS** (0.3440s): IP, probes active/freshportsleft/retry_stack/outstanding/retranwait/onbench, cwnd/ssthresh/delay, timeout/srtt/rttvar/ Groupstats (8/8 incomplete): 8/*/*/*/*/* 10.00/75/* 100000/-1/-1 Current sending rates: 60.15 packets / s, 2526.32 bytes / s. Overall sending rates: 60.15 packets / s, 2526.32 bytes / s. **TIMING STATS** (0.4370s): IP, probes active/freshportsleft/retry_stack/outstanding/retranwait/onbench, cwnd/ssthresh/delay, timeout/srtt/rttvar/ Groupstats (8/8 incomplete): 7/*/*/*/*/* 10.00/75/* 100000/-1/-1 Current sending rates: 44.57 packets / s, 1871.87 bytes / s. Overall sending rates: 44.57 packets / s, 1871.87 bytes / s. ultrascan_host_probe_update called for machine 10.1.1.1 state UNKNOWN -> HOST_DOWN (trynum 1 time: 125000) Moving 10.1.1.1 to completed hosts list with 1 outstanding probe. **TIMING STATS** (0.4530s): IP, probes active/freshportsleft/retry_stack/outstanding/retranwait/onbench, cwnd/ssthresh/delay, timeout/srtt/rttvar/ Groupstats (7/8 incomplete): 0/*/*/*/*/* 10.00/75/* 100000/-1/-1 Current sending rates: 42.67 packets / s, 1792.00 bytes / s. Overall sending rates: 42.67 packets / s, 1792.00 bytes / s. ultrascan_host_probe_update called for machine 10.1.1.0 state UNKNOWN -> HOST_DOWN (trynum 1 time: 125000) ultrascan_host_probe_update called for machine 10.1.1.2 state UNKNOWN -> HOST_DOWN (trynum 1 time: 125000) ultrascan_host_probe_update called for machine 10.1.1.3 state UNKNOWN -> HOST_DOWN (trynum 1 time: 125000) ultrascan_host_probe_update called for machine 10.1.1.4 state UNKNOWN -> HOST_DOWN (trynum 1 time: 125000) ultrascan_host_probe_update called for machine 10.1.1.5 state UNKNOWN -> HOST_DOWN (trynum 1 time: 125000) ultrascan_host_probe_update called for machine 10.1.1.6 state UNKNOWN -> HOST_DOWN (trynum 1 time: 125000) ultrascan_host_probe_update called for machine 10.1.1.7 state UNKNOWN -> HOST_DOWN (trynum 1 time: 125000) Moving 10.1.1.0 to completed hosts list with 1 outstanding probe. Moving 10.1.1.2 to completed hosts list with 1 outstanding probe. Moving 10.1.1.3 to completed hosts list with 1 outstanding probe. Moving 10.1.1.4 to completed hosts list with 1 outstanding probe. Moving 10.1.1.5 to completed hosts list with 1 outstanding probe. Moving 10.1.1.6 to completed hosts list with 1 outstanding probe. Moving 10.1.1.7 to completed hosts list with 1 outstanding probe. Completed ARP Ping Scan at 15:10, 0.39s elapsed (8 total hosts) Overall sending rates: 40.92 packets / s, 1718.67 bytes / s. pcap stats: 26 packets received by filter, 0 dropped by kernel. mass_rdns: Using DNS server 10.1.1.YY mass_rdns: Using DNS server 10.1.1.ZZ mass_rdns: Using DNS server 10.1.1.YY mass_rdns: Using DNS server 10.1.1.ZZ Nmap scan report for 10.1.1.0 [host down, received no-response] Nmap scan report for 10.1.1.1 [host down, received no-response] Nmap scan report for 10.1.1.2 [host down, received no-response] Nmap scan report for 10.1.1.3 [host down, received no-response] Nmap scan report for 10.1.1.4 [host down, received no-response] Nmap scan report for 10.1.1.5 [host down, received no-response] Nmap scan report for 10.1.1.6 [host down, received no-response] Nmap scan report for 10.1.1.7 [host down, received no-response] No data files read. Nmap done: 8 IP addresses (0 hosts up) scanned in 0.47 seconds Raw packets sent: 16 (672B) | Rcvd: 0 (0B) -----Original Message----- From: David Fifield [mailto:david () bamsoftware com] Sent: Tuesday, March 09, 2010 2:01 PM To: Norris Carden Cc: nmap-dev () insecure org Subject: Re: new Win install fails beyond localhost On Tue, Mar 09, 2010 at 09:29:35AM -0600, Norris Carden wrote:
I just installed nmap-5.21-setup.exe on a Win2k3 server. Installation
of
all parts appears to be fine. Nmap executes with no errors. Nmap is only able to see the local host's IP. Nmap gets no response
from
any other system on the network. System has not been rebooted since installation. GFI Languard is also installed, but not running. Network connectivity is fine as I only
have
access to this server via RDP. Dual NICs are teamed... three network connections exist.. the third is the team. WinPcap was uninstalled and WinPcap_4_1_1.exe downloaded from npcap.org and reinstalled. My account does have admin privileges.
Can you scan hosts outside your local network, like scanme.nmap.org? Perhaps there is a problem with ARP ping over the teamed interface. If you can, please post the output from scanning one of the non-responsive hosts, using the -d3 option to get debugging information. You can remove or change any private IP addresses. Also please send the output of nmap --iflist David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- new Win install fails beyond localhost Norris Carden (Mar 09)
- Re: new Win install fails beyond localhost David Fifield (Mar 09)
- RE: new Win install fails beyond localhost Norris Carden (Mar 09)
- Re: new Win install fails beyond localhost David Fifield (Mar 09)
- RE: [BULK] Re: new Win install fails beyond localhost Norris Carden (Mar 09)
- RE: [BULK] Re: new Win install fails beyond localhost Norris Carden (Mar 10)
- Re: new Win install fails beyond localhost David Fifield (Mar 12)
- RE: new Win install fails beyond localhost Norris Carden (Mar 09)
- Re: new Win install fails beyond localhost David Fifield (Mar 09)