Re: Nmap under OpenVZ venet?

[NStorm <nstorm0.0 () privatdemail net>]

On Monday 13 May 2013 09:34:51 David Fifield wrote:
> On Tue, Mar 12, 2013 at 08:55:30AM +0400, NStorm wrote:
> > On Thursday 07 March 2013 14:54:06 David Fifield wrote:
> > > On Wed, Mar 06, 2013 at 09:11:55AM +0400, NStorm wrote:
> > > > Long version:
> > > >
> > > > I've read a bits regarding the issues with venet devices on list
> > > > archives (http://seclists.org/nmap-dev/2012/q2/808).
> > > > Seems like there is no solution yet. I've tried this myself and got
> > > > interesting results. Seems like if I run it from normal user it works
> > > > fine: $ nmap -A -v host.domain
> > > >
> > > > Starting Nmap 6.25 ( http://nmap.org ) at 2013-03-06 07:28 MSK
> > > > NSE: Loaded 106 scripts for scanning.
> > > > NSE: Script Pre-scanning.
> > > > Initiating Ping Scan at 07:28
> > > > Scanning host.domain (X.X.X.X) [2 ports]
> > > > Completed Ping Scan at 07:28, 1.36s elapsed (1 total hosts)
> > > > Initiating Parallel DNS resolution of 1 host. at 07:28
> > > > Completed Parallel DNS resolution of 1 host. at 07:28, 0.05s elapsed
> > > > Initiating Connect Scan at 07:28
> > > > Scanning host.domain (X.X.X.X) [1000 ports]
> > > > Discovered open port 53/tcp on ...
> > > >
> > > > And scan completes as normal.
> > > > But if I try to run the same thing, from same host just under root
> > > > priveledges (either from sudo or directly from shell) it seems to go
> > > > weird:
> > > >
> > > > Initiating ARP Ping Scan at 07:27
> > > > Scanning host.domain (X.X.X.X) [1 port]
> > > > Completed ARP Ping Scan at 07:27, 0.42s elapsed (1 total hosts)
> > > > Nmap scan report for host.domain (X.X.X.X) [host down]
> > >
> > > Can you send me your
> > >
> > >   nmap --route-dst X.X.X.X
> > >   nmap --iflist
> > >
> > > (As root.)
> >
> > Its really not related to the setup I guess, because I've tested that on
> > 4 different hosts. Be it rented VPS from a provider with real Internet
> > IP on venet0 or my own container behind a private network. Here is the
> > list from my
>
> > private container:
> Thanks for your help with this problem. I committed a change in r30893
> that considers devices with NOARP not to be Ethernet devices. If you are
> able to build from Subversion, please try it and let us know if it
> works.
>
> David Fifield

Hello.

Checked out revision 30907.
Seems to be working fine now (on a host with venet NOARP device):
# nmap --iflist
Starting Nmap 6.26SVN ( http://nmap.org ) at 2013-05-20 11:06 MSK
************************INTERFACES************************
DEV    (SHORT)  IP/MASK         TYPE     UP MTU   MAC
lo     (lo)     127.0.0.1/8     loopback up 16436
lo     (lo)     ::1/128         loopback up 16436
venet0 (venet0) 192.168.9.39/32 other    up 1500

**************************ROUTES**************************
DST/MASK    DEV    METRIC GATEWAY
127.0.0.0/8 lo     0      127.0.0.1
0.0.0.0/0   venet0 2
::1/128     lo     0

# nmap -A -v 8.8.8
...
Scanning 8.8.8.8 [4 ports]
Completed Ping Scan at 11:06, 0.06s elapsed (1 total hosts)
...

Thanks for the fix!

// NStorm
_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/