Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: scanning through linux virtual interface

From: Robin Wood <robin@digi.ninja>
Date: Thu, 12 Nov 2015 12:44:29 +0000
I was using the box as a temporary scanner so just grabbed the version
from the Debian Wheezy repo and didn't notice it was so old. I think
I'll find another box as I don't want to start installing build tools
or messing with repos.

Was it a bug that it would work as a normal user and not root or is
there something special about this setup?

Robin

On 12 November 2015 at 12:37, Daniel Miller <bonsaiviking () gmail com> wrote:

Neglected to CC the list, sorry.


---------- Forwarded message ----------
From: Daniel Miller <bonsaiviking () gmail com>
Date: Thu, Nov 12, 2015 at 6:36 AM
Subject: Re: scanning through linux virtual interface
To: Robin Wood <robin@digi.ninja>


Robin,

Please try a newer version of Nmap. We added support for venet interfaces in
6.20BETA1 back in November 2012. If 6.49BETA6 (or even 6.47) still doesn't
work, we'll do our best to fix it.

Dan

On Thu, Nov 12, 2015 at 6:15 AM, Robin Wood <robin@digi.ninja> wrote:


This just got a little odder, initially I was running the commands as
root and they all failed, I've just tried as a normal user and not
only did they work, I didn't need any extra parameters:

$ nmap  digi.ninja

Starting Nmap 6.00 ( http://nmap.org ) at 2015-11-12 07:14 EST
Nmap scan report for digi.ninja (217.147.177.157)
Host is up (0.014s latency).
Not shown: 996 closed ports
PORT    STATE SERVICE
22/tcp  open  ssh
25/tcp  open  smtp
80/tcp  open  http
443/tcp open  https

Nmap done: 1 IP address (1 host up) scanned in 1.32 seconds

$ sudo su -
[sudo] password for robin:
#  nmap  digi.ninja

Starting Nmap 6.00 ( http://nmap.org ) at 2015-11-12 07:14 EST
route_dst_netlink: can't find interface "venet0"

Think I've found a bug here!

Robin



On 12 November 2015 at 11:12, Robin Wood <robin@digi.ninja> wrote:

I'm on a box with two interfaces, venet0 and venet0:0, the first has a
localhost address, the second the external address of the server.

If I try a a basic scan I get this:

# nmap 1.2.3.4

Starting Nmap 6.00 ( http://nmap.org ) at 2015-11-12 06:06 EST
route_dst_netlink: can't find interface "venet0"

so I specify the virtual interface:

# nmap 1.2.3.4 -e venet0:0

Starting Nmap 6.00 ( http://nmap.org ) at 2015-11-12 06:07 EST
I cannot figure out what source address to use for device venet0:0,
does it even exist?
QUITTING!

trying to tell it what the source IP is:

# nmap 1.2.3.4 -e venet0:0 -S 2.3.4.5
WARNING:  If -S is being used to fake your source address, you may
also have to use -e <interface> and -Pn .  If you are using it to
specify your real source address, you can ignore this warning.

Starting Nmap 6.00 ( http://nmap.org ) at 2015-11-12 06:08 EST
Could not find interface venet0:0 which was specified by -e

Don't know if this matters, there is no default route which I'd expect
to break networking but the machine is working fine, I can ssh to it
and it has full internet access:

# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use
Iface
0.0.0.0         0.0.0.0         0.0.0.0         U     0      0        0
venet0

How can I get it to scan from this machine?

Robin

_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/





_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/

_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: