Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

nmap bug on OSX 10.8.2

From: sj2k () mac com
Date: Fri, 26 Oct 2012 17:50:55 +0100
Hi guys,

Summary: running latest nmap on OSX 10.8.2. When I scan a hostname or IP the first time, it tries to do an ARP scan and 
dies. If I re-run the command immediately afterwards, it works as normal. Here's a sample fail case below. 

TLDR; This makes me laugh...

Warning: Hostname yahoo.com resolves to 3 IPs. Using 72.30.38.140.
Initiating ARP Ping Scan at 17:41 <-- ???

route-dst sometimes thinks 'direct' and sometimes outputs the correct IP and next hop. It's a weird one. Any ideas?

Thanks!

// SJ

---

$ sudo nmap -sS -T4 -Pn -vv -p80 -d5 yahoo.com

Starting Nmap 6.01 ( http://nmap.org ) at 2012-10-26 17:41 BST
Fetchfile found /usr/local/bin/../share/nmap/nmap-services
Fetchfile found /usr/local/bin/../share/nmap/nmap.xsl
The max # of sockets we are using is: 0
--------------- Timing report ---------------
  hostgroups: min 1, max 100000
  rtt-timeouts: init 500, min 100, max 1250
  max-scan-delay: TCP 10, UDP 1000, SCTP 10
  parallelism: min 0, max 0
  max-retries: 6, host-timeout: 0
  min-rate: 0, max-rate: 0
---------------------------------------------
Warning: Hostname yahoo.com resolves to 3 IPs. Using 72.30.38.140.
Fetchfile found /usr/local/bin/../share/nmap/nmap-payloads
Initiating ARP Ping Scan at 17:41
Scanning yahoo.com (72.30.38.140) [1 port]
Packet capture filter (device en0): arp and arp[18:4] = 0xC42C0326 and arp[22:2] = 0xB99A
SENT (0.1216s) ARP who-has 72.30.38.140 tell 192.168.0.100
**TIMING STATS** (0.1217s): IP, probes active/freshportsleft/retry_stack/outstanding/retranwait/onbench, 
cwnd/ssthresh/delay, timeout/srtt/rttvar/
   Groupstats (1/1 incomplete): 1/*/*/*/*/* 10.00/75/* 200000/-1/-1
   72.30.38.140: 1/0/0/1/0/0 10.00/75/0 200000/-1/-1
Current sending rates: 1897.53 packets / s, 79696.39 bytes / s.
Overall sending rates: 1897.53 packets / s, 79696.39 bytes / s.
SENT (0.3256s) ARP who-has 72.30.38.140 tell 192.168.0.100
**TIMING STATS** (0.3256s): IP, probes active/freshportsleft/retry_stack/outstanding/retranwait/onbench, 
cwnd/ssthresh/delay, timeout/srtt/rttvar/
   Groupstats (1/1 incomplete): 1/*/*/*/*/* 10.00/75/* 200000/-1/-1
   72.30.38.140: 1/0/0/2/0/0 10.00/75/0 200000/-1/-1
Current sending rates: 9.78 packets / s, 410.78 bytes / s.
Overall sending rates: 9.78 packets / s, 410.78 bytes / s.
**TIMING STATS** (0.5299s): IP, probes active/freshportsleft/retry_stack/outstanding/retranwait/onbench, 
cwnd/ssthresh/delay, timeout/srtt/rttvar/
   Groupstats (1/1 incomplete): 0/*/*/*/*/* 10.00/75/* 200000/-1/-1
   72.30.38.140: 0/0/0/2/1/0 10.00/75/0 200000/-1/-1
Current sending rates: 4.89 packets / s, 205.50 bytes / s.
Overall sending rates: 4.89 packets / s, 205.50 bytes / s.
ultrascan_host_probe_update called for machine 72.30.38.140 state UNKNOWN -> HOST_DOWN (trynum 1 time: 215187)
Moving 72.30.38.140 to completed hosts list with 1 outstanding probe.
* ARP
Completed ARP Ping Scan at 17:41, 0.42s elapsed (1 total hosts)
Overall sending rates: 4.77 packets / s, 200.15 bytes / s.
pcap stats: 2 packets received by filter, 0 dropped by kernel.
mass_rdns: Using DNS server 8.8.8.8
Nmap scan report for yahoo.com (72.30.38.140) [host down, received no-response]
Other addresses for yahoo.com (not scanned): 98.138.253.109 98.139.183.24
Read from /usr/local/bin/../share/nmap: nmap-payloads nmap-services.
Nmap done: 1 IP address (0 hosts up) scanned in 0.54 seconds
           Raw packets sent: 2 (56B) | Rcvd: 0 (0B)

--------

$ nmap -d5 --route-dst yahoo.com
72.30.38.140
en0 en0 srcaddr 192.168.0.100 direct

Starting Nmap 6.01 ( http://nmap.org ) at 2012-10-26 17:44 BST
Fetchfile found /usr/local/bin/../share/nmap/nmap-services
PORTS: Using top 1000 ports found open (TCP:1000, UDP:0, SCTP:0)
Fetchfile found /usr/local/bin/../share/nmap/nmap.xsl
The max # of sockets we are using is: 0
--------------- Timing report ---------------
  hostgroups: min 1, max 100000
  rtt-timeouts: init 1000, min 100, max 10000
  max-scan-delay: TCP 1000, UDP 1000, SCTP 1000
  parallelism: min 0, max 0
  max-retries: 10, host-timeout: 0
  min-rate: 0, max-rate: 0
---------------------------------------------
Read from /usr/local/bin/../share/nmap: nmap-services.
WARNING: No targets were specified, so 0 hosts scanned.
Nmap done: 0 IP addresses (0 hosts up) scanned in 0.45 seconds

===========

This is immediately afterwards when it works fine...

 nmap -d5 --route-dst yahoo.com
72.30.38.140
en0 en0 srcaddr 192.168.0.100 nexthop 192.168.0.1

Starting Nmap 6.01 ( http://nmap.org ) at 2012-10-26 17:48 BST
Fetchfile found /usr/local/bin/../share/nmap/nmap-services
PORTS: Using top 1000 ports found open (TCP:1000, UDP:0, SCTP:0)
Fetchfile found /usr/local/bin/../share/nmap/nmap.xsl
The max # of sockets we are using is: 0
--------------- Timing report ---------------
  hostgroups: min 1, max 100000
  rtt-timeouts: init 1000, min 100, max 10000
  max-scan-delay: TCP 1000, UDP 1000, SCTP 1000
  parallelism: min 0, max 0
  max-retries: 10, host-timeout: 0
  min-rate: 0, max-rate: 0
---------------------------------------------
Read from /usr/local/bin/../share/nmap: nmap-services.
WARNING: No targets were specified, so 0 hosts scanned.
Nmap done: 0 IP addresses (0 hosts up) scanned in 0.08 seconds


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: