Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: host discovery fails - Nmap, tap interface and OpenVPN

From: Agapito Malteni <sruloasegreto () aol com>
Date: Tue, 3 Apr 2012 18:29:45 +0200
Thanks for the reply David,

Here is the output of the preceding commands.
There is no difference in the output between run them first/after a OS ping
command.



ipconfig output (tap device)

   Address IPv4. . . . . . . . . . . . . : 192.168.5.1
   Subnet mask . . . . . . . . . . . . . : 255.255.255.0
   Default gateway . . . . . . . . . . . :



route print
     192.168.6.0    255.255.255.0       192.168.5.99      192.168.5.1     31
     192.168.7.0    255.255.255.0       192.168.5.99      192.168.5.1     31
       192.168.5.0    255.255.255.0         On-link       192.168.5.1    286
      192.168.5.99  255.255.255.255         On-link       192.168.5.1    286
     192.168.5.255  255.255.255.255         On-link       192.168.5.1    286



nmap --iflist


Interfaces

eth13 (eth13) 192.168.5.1/24    ethernet    up   1500 XX:XX:XX:XX:XX:XX


Dev    WinDevice
eth13 \Device\NPF_{XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX}


Routes
192.168.5.1/32      eth13 192.168.5.1
192.168.5.0/24      eth13 192.168.5.1
192.168.6.0/24      eth13 192.168.5.99
192.168.7.0/24      eth13 192.168.5.99



Only a thing I have discovered just now.
If I configure a default gateway on the tap device (with a huge metric in
manner that the real gateway continue working) the ipconfig command returns
this:

   Address IPv4. . . . . . . . . . . . . : 192.168.5.1
   Subnet mask . . . . . . . . . . . . . : 255.255.255.0
   Default gateway . . . . . . . . . . . :192.168.5.99


And nmap doesn't experience this huge issue, so the problem doesn't occur
and the host discovery nmap works perfectly even if the OS ping command
hadn't been run before.


Please explain this strange behavior.

Il giorno 03 aprile 2012 03:00, David Fifield <david () bamsoftware com> ha
scritto:


On Fri, Mar 30, 2012 at 04:32:36PM +0200, Agapito Malteni wrote:

Hi,


I'm using nmap (version 5.51) on Windows 7 64bit. I'm connected to a vpn
(OpenVPN in tap ethernet bridging mode)
A virtual device (tap) is used by Nmap and I'm scanning targets belonging
to a vpn.


Here is my network configuration (only meaningful)

Tap device

   Address IPv4. . . . . . . . . . . . . : 192.168.5.1
   Subnet mask . . . . . . . . . . . . . : 255.255.255.0
   Default gateway . . . . . . . . . . . :


route print
Network address             Mask          Gateway             Interface
    Metrics
       192.168.6.0    255.255.255.0       192.168.5.99      192.168.5.1
31
       192.168.7.0    255.255.255.0       192.168.5.99      192.168.5.1
31


The preceding routes are injected by the OpenVPN server. My IP is on
network 192.168.5.0 and can reach networks 192.168.6.0,192.168.7.0
via gateway 192.168.5.99.


Can you show us "ipconfig", "route print", and "nmap --iflist" both
before and after doing the OS ping? You can cut out any parts that you
don't think are unnecessary.

Somehow Nmap seems to think that the target is on a routed network in
the first case, and correctly determines that it is on the same subnet
in the second case. This usually has to do with interfaces, not routes.
But seeing the --iflist output will help us find out what's happening.

David Fifield


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: