Re: Issues with privileged scan of LAN on Mac OS X

[Jesper Kückelhahn <dev.kyckel () gmail com>]

Hi,

Thanks for the reply. I've looked in to it some more, and it seems to only be an issue with guest OS's running in a 
virtual environment. I've setup a physical machine on my network, and there are no issues scanning this, so I'm 
assuming the issue is with the virtualisation software I'm using. 


- Jesper

On Jan 27, 2013, at 7:06 PM, David Fifield <david () bamsoftware com> wrote:

> On Sun, Jan 27, 2013 at 01:01:04PM +0100, Jesper Kückelhahn wrote:
> > I'm seeing some strange behaviour when running privileged scans
> > against hosts in my LAN. nmap marks the target as being down, but if I
> > run unprivileged, it works fine. This does not happen when scanning
> > external targets. I've checked out previous revisions (back to
> > r30000), to see if it might be a patch that broke something, but I
> > haven't found any differences. Could this issue be caused by a change
> > in OS X ? Unfortunately, I don't have access to previous versions (I'm
> > on 10.8.2), so I can't test if this is the case.
>
> It looks like something to do with ARP host discovery. ARP host
> discovery is only done when privileged, and only for targets on the same
> subnet. A workaround that disables ARP host discovery is to use the
> --send-ip option.
>
> Try these commands too.
>       netstat -rn
>       nmap --route-dst 192.168.1.23
> OS X has been known to change the routing table on the fly, so you
> should check the routing table before and after a scan to see if it
> changes.
>
> David Fifield

_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/