Nmap Development mailing list archives
nmap bug on OSX 10.8.2
From: sj2k () mac com
Date: Fri, 26 Oct 2012 17:50:55 +0100
Hi guys, Summary: running latest nmap on OSX 10.8.2. When I scan a hostname or IP the first time, it tries to do an ARP scan and dies. If I re-run the command immediately afterwards, it works as normal. Here's a sample fail case below. TLDR; This makes me laugh... Warning: Hostname yahoo.com resolves to 3 IPs. Using 72.30.38.140. Initiating ARP Ping Scan at 17:41 <-- ??? route-dst sometimes thinks 'direct' and sometimes outputs the correct IP and next hop. It's a weird one. Any ideas? Thanks! // SJ --- $ sudo nmap -sS -T4 -Pn -vv -p80 -d5 yahoo.com Starting Nmap 6.01 ( http://nmap.org ) at 2012-10-26 17:41 BST Fetchfile found /usr/local/bin/../share/nmap/nmap-services Fetchfile found /usr/local/bin/../share/nmap/nmap.xsl The max # of sockets we are using is: 0 --------------- Timing report --------------- hostgroups: min 1, max 100000 rtt-timeouts: init 500, min 100, max 1250 max-scan-delay: TCP 10, UDP 1000, SCTP 10 parallelism: min 0, max 0 max-retries: 6, host-timeout: 0 min-rate: 0, max-rate: 0 --------------------------------------------- Warning: Hostname yahoo.com resolves to 3 IPs. Using 72.30.38.140. Fetchfile found /usr/local/bin/../share/nmap/nmap-payloads Initiating ARP Ping Scan at 17:41 Scanning yahoo.com (72.30.38.140) [1 port] Packet capture filter (device en0): arp and arp[18:4] = 0xC42C0326 and arp[22:2] = 0xB99A SENT (0.1216s) ARP who-has 72.30.38.140 tell 192.168.0.100 **TIMING STATS** (0.1217s): IP, probes active/freshportsleft/retry_stack/outstanding/retranwait/onbench, cwnd/ssthresh/delay, timeout/srtt/rttvar/ Groupstats (1/1 incomplete): 1/*/*/*/*/* 10.00/75/* 200000/-1/-1 72.30.38.140: 1/0/0/1/0/0 10.00/75/0 200000/-1/-1 Current sending rates: 1897.53 packets / s, 79696.39 bytes / s. Overall sending rates: 1897.53 packets / s, 79696.39 bytes / s. SENT (0.3256s) ARP who-has 72.30.38.140 tell 192.168.0.100 **TIMING STATS** (0.3256s): IP, probes active/freshportsleft/retry_stack/outstanding/retranwait/onbench, cwnd/ssthresh/delay, timeout/srtt/rttvar/ Groupstats (1/1 incomplete): 1/*/*/*/*/* 10.00/75/* 200000/-1/-1 72.30.38.140: 1/0/0/2/0/0 10.00/75/0 200000/-1/-1 Current sending rates: 9.78 packets / s, 410.78 bytes / s. Overall sending rates: 9.78 packets / s, 410.78 bytes / s. **TIMING STATS** (0.5299s): IP, probes active/freshportsleft/retry_stack/outstanding/retranwait/onbench, cwnd/ssthresh/delay, timeout/srtt/rttvar/ Groupstats (1/1 incomplete): 0/*/*/*/*/* 10.00/75/* 200000/-1/-1 72.30.38.140: 0/0/0/2/1/0 10.00/75/0 200000/-1/-1 Current sending rates: 4.89 packets / s, 205.50 bytes / s. Overall sending rates: 4.89 packets / s, 205.50 bytes / s. ultrascan_host_probe_update called for machine 72.30.38.140 state UNKNOWN -> HOST_DOWN (trynum 1 time: 215187) Moving 72.30.38.140 to completed hosts list with 1 outstanding probe. * ARP Completed ARP Ping Scan at 17:41, 0.42s elapsed (1 total hosts) Overall sending rates: 4.77 packets / s, 200.15 bytes / s. pcap stats: 2 packets received by filter, 0 dropped by kernel. mass_rdns: Using DNS server 8.8.8.8 Nmap scan report for yahoo.com (72.30.38.140) [host down, received no-response] Other addresses for yahoo.com (not scanned): 98.138.253.109 98.139.183.24 Read from /usr/local/bin/../share/nmap: nmap-payloads nmap-services. Nmap done: 1 IP address (0 hosts up) scanned in 0.54 seconds Raw packets sent: 2 (56B) | Rcvd: 0 (0B) -------- $ nmap -d5 --route-dst yahoo.com 72.30.38.140 en0 en0 srcaddr 192.168.0.100 direct Starting Nmap 6.01 ( http://nmap.org ) at 2012-10-26 17:44 BST Fetchfile found /usr/local/bin/../share/nmap/nmap-services PORTS: Using top 1000 ports found open (TCP:1000, UDP:0, SCTP:0) Fetchfile found /usr/local/bin/../share/nmap/nmap.xsl The max # of sockets we are using is: 0 --------------- Timing report --------------- hostgroups: min 1, max 100000 rtt-timeouts: init 1000, min 100, max 10000 max-scan-delay: TCP 1000, UDP 1000, SCTP 1000 parallelism: min 0, max 0 max-retries: 10, host-timeout: 0 min-rate: 0, max-rate: 0 --------------------------------------------- Read from /usr/local/bin/../share/nmap: nmap-services. WARNING: No targets were specified, so 0 hosts scanned. Nmap done: 0 IP addresses (0 hosts up) scanned in 0.45 seconds =========== This is immediately afterwards when it works fine... nmap -d5 --route-dst yahoo.com 72.30.38.140 en0 en0 srcaddr 192.168.0.100 nexthop 192.168.0.1 Starting Nmap 6.01 ( http://nmap.org ) at 2012-10-26 17:48 BST Fetchfile found /usr/local/bin/../share/nmap/nmap-services PORTS: Using top 1000 ports found open (TCP:1000, UDP:0, SCTP:0) Fetchfile found /usr/local/bin/../share/nmap/nmap.xsl The max # of sockets we are using is: 0 --------------- Timing report --------------- hostgroups: min 1, max 100000 rtt-timeouts: init 1000, min 100, max 10000 max-scan-delay: TCP 1000, UDP 1000, SCTP 1000 parallelism: min 0, max 0 max-retries: 10, host-timeout: 0 min-rate: 0, max-rate: 0 --------------------------------------------- Read from /usr/local/bin/../share/nmap: nmap-services. WARNING: No targets were specified, so 0 hosts scanned. Nmap done: 0 IP addresses (0 hosts up) scanned in 0.08 seconds _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- nmap bug on OSX 10.8.2 sj2k (Oct 29)
- Re: nmap bug on OSX 10.8.2 David Fifield (Dec 29)