Nmap Development mailing list archives
bug - scan fails first time, runs 2nd
From: "^..^" <zenfish () gmail com>
Date: Tue, 21 Aug 2012 16:59:47 -0700
(I searched and didn't find anything about this, but didn't see anything; mea culpa if it's something obvious. I heavily modify my systems, but since this is a new OS (mountain lion) I haven't had a chance to bork it too badly yet. I think.) Synopsis: When using Apple's Mountain Lion and nmap 6.0.1, a FQDN as a previously unresolved target on the mac it will do nothing (no output, no packets out.) A repeated exact same scan will work the 2nd time. IPs, CIDR blocks and other targeting thingees seem to work just fine. Problem: It might be intermittent. I noticed some strangeness and usually nmap doesn't work, but then when testing the damn thing it does from time to timeā¦ this could be due to all my various services on my network talking to some external machine (I didn't feel like shutting everything down just to test.) In any case, if of use. Some output/tests - sh-3.2# uname -a Darwin fierce 12.0.0 Darwin Kernel Version 12.0.0: Sun Jun 24 23:00:16 PDT 2012; root:xnu-2050.7.9~1/RELEASE_X86_64 x86_64 sh-3.2# nmap -p 80 ae-7-7.car1.Boston1.Level3.net Starting Nmap 6.01 ( http://nmap.org ) at 2012-08-21 16:41 PDT Note: Host seems down. If it is really up, but blocking our ping probes, try -Pn Nmap done: 1 IP address (0 hosts up) scanned in 0.50 seconds sh-3.2# nmap -p 80 ae-7-7.car1.Boston1.Level3.net Starting Nmap 6.01 ( http://nmap.org ) at 2012-08-21 16:41 PDT Nmap scan report for ae-7-7.car1.Boston1.Level3.net (4.69.132.241) Host is up (0.099s latency). PORT STATE SERVICE 80/tcp closed http Packet sniffing at the same time reveals nothing except the DNS query going out (192.168.0.6 is the mountain lion system); the first few lines are the request from the first run, the 2nd set of packets are nmap talking to host above: # tshark src host 192.168.0.6 Capturing on en0 0.000000 192.168.0.6 -> 192.168.0.55 DNS 83 Standard query 0x5689 A internalcheck.apple.com 1.079708 192.168.0.6 -> 192.168.0.55 DNS 90 Standard query 0x82fe A ae-7-7.car1.Boston1.Level3.net 1.134572 Apple_0b:0b:bd -> Broadcast ARP 42 Who has 4.69.132.241? Tell 192.168.0.6 1.337248 Apple_0b:0b:bd -> Broadcast ARP 42 Who has 4.69.132.241? Tell 192.168.0.6 2.400217 192.168.0.6 -> 4.69.132.241 ICMP 42 Echo (ping) request id=0x438d, seq=0/0, ttl=45 2.400224 192.168.0.6 -> 4.69.132.241 TCP 58 48694 > https [SYN] Seq=0 Win=1024 Len=0 MSS=1460 2.400226 192.168.0.6 -> 4.69.132.241 TCP 54 48694 > http [ACK] Seq=1 Ack=1 Win=1024 Len=0 2.400230 192.168.0.6 -> 4.69.132.241 ICMP 54 Timestamp request id=0x1347, seq=0/0, ttl=45 2.507217 192.168.0.6 -> 8.8.8.8 DNS 85 Standard query 0xebc0 PTR 241.132.69.4.in-addr.arpa 2.536883 192.168.0.6 -> 4.69.132.241 TCP 58 [TCP Port numbers reused] 48694 > http [SYN] Seq=0 Win=1024 Len=0 MSS=1460 dan ^..^ _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- bug - scan fails first time, runs 2nd ^..^ (Aug 21)
- Re: bug - scan fails first time, runs 2nd ^..^ (Aug 22)
- Re: bug - scan fails first time, runs 2nd David Fifield (Sep 06)
- Re: bug - scan fails first time, runs 2nd ^..^ (Aug 22)