Nmap Development mailing list archives
Re: Nmap under OpenVZ venet?
From: NStorm <nstorm0.0 () privatdemail net>
Date: Mon, 20 May 2013 11:13:00 +0400
On Monday 13 May 2013 09:34:51 David Fifield wrote:
On Tue, Mar 12, 2013 at 08:55:30AM +0400, NStorm wrote:On Thursday 07 March 2013 14:54:06 David Fifield wrote:On Wed, Mar 06, 2013 at 09:11:55AM +0400, NStorm wrote:Long version: I've read a bits regarding the issues with venet devices on list archives (http://seclists.org/nmap-dev/2012/q2/808). Seems like there is no solution yet. I've tried this myself and got interesting results. Seems like if I run it from normal user it works fine: $ nmap -A -v host.domain Starting Nmap 6.25 ( http://nmap.org ) at 2013-03-06 07:28 MSK NSE: Loaded 106 scripts for scanning. NSE: Script Pre-scanning. Initiating Ping Scan at 07:28 Scanning host.domain (X.X.X.X) [2 ports] Completed Ping Scan at 07:28, 1.36s elapsed (1 total hosts) Initiating Parallel DNS resolution of 1 host. at 07:28 Completed Parallel DNS resolution of 1 host. at 07:28, 0.05s elapsed Initiating Connect Scan at 07:28 Scanning host.domain (X.X.X.X) [1000 ports] Discovered open port 53/tcp on ... And scan completes as normal. But if I try to run the same thing, from same host just under root priveledges (either from sudo or directly from shell) it seems to go weird: Initiating ARP Ping Scan at 07:27 Scanning host.domain (X.X.X.X) [1 port] Completed ARP Ping Scan at 07:27, 0.42s elapsed (1 total hosts) Nmap scan report for host.domain (X.X.X.X) [host down]Can you send me your nmap --route-dst X.X.X.X nmap --iflist (As root.)Its really not related to the setup I guess, because I've tested that on 4 different hosts. Be it rented VPS from a provider with real Internet IP on venet0 or my own container behind a private network. Here is the list from myprivate container:Thanks for your help with this problem. I committed a change in r30893 that considers devices with NOARP not to be Ethernet devices. If you are able to build from Subversion, please try it and let us know if it works. David Fifield
Hello. Checked out revision 30907. Seems to be working fine now (on a host with venet NOARP device): # nmap --iflist Starting Nmap 6.26SVN ( http://nmap.org ) at 2013-05-20 11:06 MSK ************************INTERFACES************************ DEV (SHORT) IP/MASK TYPE UP MTU MAC lo (lo) 127.0.0.1/8 loopback up 16436 lo (lo) ::1/128 loopback up 16436 venet0 (venet0) 192.168.9.39/32 other up 1500 **************************ROUTES************************** DST/MASK DEV METRIC GATEWAY 127.0.0.0/8 lo 0 127.0.0.1 0.0.0.0/0 venet0 2 ::1/128 lo 0 # nmap -A -v 8.8.8 ... Scanning 8.8.8.8 [4 ports] Completed Ping Scan at 11:06, 0.06s elapsed (1 total hosts) ... Thanks for the fix! // NStorm _______________________________________________ Sent through the dev mailing list http://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Re: Nmap under OpenVZ venet? NStorm (Apr 17)
- <Possible follow-ups>
- Re: Nmap under OpenVZ venet? David Fifield (May 12)
- Re: Nmap under OpenVZ venet? NStorm (May 20)