Nmap Development mailing list archives
Re: Issue with nmap identifying aliased interfaces
From: Daniel Miller <bonsaiviking () gmail com>
Date: Sat, 14 Dec 2013 07:42:13 -0600
I can confirm this on Linux Mint. At least one problem seems to be the use of the /proc/net/dev file for gathering interfaces, since that file doesn't show aliases. I don't have time to debug more, but I will try to help as time permits. Dan On Fri, Dec 13, 2013 at 11:56 AM, Donovan Lampa <donovan.lampa () gmail com> wrote:
Hey all, In nmap 6.40, I'm having some issues with nmap being able to identify aliased interfaces correctly. On Centos5 I have an alias interface configured: [root@localhost nmap-6.40-install]# /sbin/ifconfig eth0 Link encap:Ethernet HWaddr 00:0C:29:DD:6A:5E inet addr:172.16.209.139 Bcast:172.16.209.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:98468 errors:0 dropped:0 overruns:0 frame:0 TX packets:85230 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:46335310 (44.1 MiB) TX bytes:6116459 (5.8 MiB) eth0:0 Link encap:Ethernet HWaddr 00:0C:29:DD:6A:5E inet addr:172.16.209.140 Bcast:172.16.255.255 Mask:255.255.0.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:2169 errors:0 dropped:0 overruns:0 frame:0 TX packets:2169 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:2333206 (2.2 MiB) TX bytes:2333206 (2.2 MiB) Nmap seems to identify it as a primary interface instead of an alias even though it has the same mac address. It just seems to truncate the ':0' [root@localhost nmap-6.40-install]# bin/nmap --iflist Starting Nmap 6.40 ( http://nmap.org ) at 2013-12-13 11:50 CST ************************INTERFACES************************ DEV (SHORT) IP/MASK TYPE UP MTU MAC lo (lo) 127.0.0.1/8 loopback up 16436 eth0 (eth0) 172.16.209.139/24 ethernet up 1500 00:0C:29:DD:6A:5E eth0 (eth0) 172.16.209.140/16 ethernet up 1500 00:0C:29:DD:6A:5E **************************ROUTES************************** DST/MASK DEV METRIC GATEWAY 172.16.209.0/24 eth0 0 172.16.0.0/16 eth0 0 169.254.0.0/16 eth0 0 0.0.0.0/0 eth0 0 172.16.209.2 This has some undesirable results when specifying the interface and source address for specific types of scans [root@localhost nmap-6.40-install]# bin/nmap -e eth0:0 -S 172.16.209.140 10.70.244.44 WARNING: If -S is being used to fake your source address, you may also have to use -e <interface> and -Pn . If you are using it to specify your real source address, you can ignore this warning. Starting Nmap 6.40 ( http://nmap.org ) at 2013-12-13 11:54 CST Could not find interface eth0:0 which was specified by -e Earlier versions of nmap (i.e. the one provided by Centos Base) don't seem to have this issue. [root@localhost nmap-6.40-install]# nmap --iflist Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-12-13 11:51 CST ************************INTERFACES************************ DEV (SHORT) IP/MASK TYPE UP MAC lo (lo) 127.0.0.1/8 loopback up eth0 (eth0) 172.16.209.139/24 ethernet up 00:0C:29:DD:6A:5E eth0:0 (eth0) 172.16.209.140/16 ethernet up 00:0C:29:DD:6A:5E **************************ROUTES************************** DST/MASK DEV GATEWAY 172.16.209.0/0 eth0 172.16.0.0/0 eth0 169.254.0.0/0 eth0 0.0.0.0/0 eth0 172.16.209.2 [root@localhost nmap-6.40-install]# nmap -e eth0:0 -S 172.16.209.140 10.70.244.44 WARNING: If -S is being used to fake your source address, you may also have to use -e <interface> and -P0 . If you are using it to specify your real source address, you can ignore this warning. Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-12-13 11:55 CST Stats: 0:00:12 elapsed; 0 hosts completed (1 up), 1 undergoing SYN Stealth Scan SYN Stealth Scan Timing: About 85.87% done; ETC: 11:55 (0:00:01 remaining) Interesting ports on scantest-centos5-01.tw-test.net (10.70.244.44): Not shown: 1678 closed ports PORT STATE SERVICE 22/tcp open ssh 80/tcp open http Nmap finished: 1 IP address (1 host up) scanned in 13.911 seconds I think I've tracked it down to the collect_dnet_interfaces loop in libnetutil/netutil.cc but I'm kind of stumped there. Am I missing something? Doing something wrong? Any thoughts? -Donovan _______________________________________________ Sent through the dev mailing list http://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
_______________________________________________ Sent through the dev mailing list http://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Issue with nmap identifying aliased interfaces Donovan Lampa (Dec 13)
- Re: Issue with nmap identifying aliased interfaces Daniel Miller (Dec 14)
- Re: Issue with nmap identifying aliased interfaces Donovan Lampa (Dec 17)
- Re: Issue with nmap identifying aliased interfaces Daniel Miller (Dec 14)