PaulDotCom mailing list archives

Re: dnet: Failed to open device vmnet8

From: Matt Summers <matt () fireantsecurity co uk>
Date: Thu, 28 Feb 2013 18:20:00 +0000

 Hi Chris,

 Just tested a subnet scan with one VM guest running (Windows XP). You can
see from the output it picked the host machine up as well since my VMNET8
has an IP on that subnet too.

 matt@sol:Downloads$nmap 192.168.13.0/24
 Starting Nmap 5.51 ( http://nmap.org [1] ) at 2013-02-28 17:59 GMT
 Nmap scan report for 192.168.13.1
 Host is up (0.000064s latency).
 Not shown: 994 closed ports
 PORT     STATE    SERVICE
 ----SNIP----

 Nmap scan report for 192.168.13.128
 Host is up (0.00032s latency).
 Not shown: 995 closed ports
 PORT     STATE SERVICE
 135/tcp  open  msrpc
 139/tcp  open  netbios-ssn
 445/tcp  open  microsoft-ds
 1025/tcp open  NFS-or-IIS
 5000/tcp open  upnp

 Nmap done: 256 IP addresses (2 hosts up) scanned in 27.38 seconds

 This is the output of my networking file which is in
/Library/Preferences/VMware Fusion

 VERSION=1,0
 answer VNET_1_DHCP yes
 answer VNET_1_DHCP_CFG_HASH 526407BC29680A1FFD7FC8F44F1F6C4269A45EC7
 answer VNET_1_HOSTONLY_NETMASK 255.255.255.0
 answer VNET_1_HOSTONLY_SUBNET 172.16.213.0
 answer VNET_1_VIRTUAL_ADAPTER yes
 answer VNET_1_VIRTUAL_ADAPTER_ADDR 172.16.213.1
 answer VNET_8_DHCP yes
 answer VNET_8_DHCP_CFG_HASH BCB73E874694E78D6E370F5A20422624409D8DC9
 answer VNET_8_HOSTONLY_NETMASK 255.255.255.0
 answer VNET_8_HOSTONLY_SUBNET 192.168.13.0
 answer VNET_8_NAT yes
 answer VNET_8_VIRTUAL_ADAPTER yes
 answer VNET_8_VIRTUAL_ADAPTER_ADDR 192.168.13.1
 add_bridge_mapping en1 2

 and my dhcp.conf in vmnet8

 host vmnet8 {
         hardware ethernet 00:50:56:C0:00:08;
         fixed-address 192.168.13.1;
         option domain-name-servers 0.0.0.0;
         option domain-name "";
         option routers 0.0.0.0;
 }

 On Thu 28/02/13 17:45 , "Chris Campbell" chris () ctcampbell com sent:
 Does that work for a subnet scan or are you using a single IP? I suspect
there is some internal routing at play here and for your command the real
NIC is being used rather than nmap directly sourcing traffic from the
vmnet interface. 

 On 28 Feb 2013, at 13:31, Matt Summers  wrote:

 @Chris - You can nmap the vnmnet interfaces from your host to your guest.
Even though this is not a real interface.

 I did a quick test on Fusion 4.1.4 with and nmap 5:

 nmap specific ports and works fine
 nmap -O -F -Pn and it gives me "Warning: Unable to open interface vmnet8
-- skipping it." but completes scan but does not return the OS

 On Thu 28/02/13 12:58 , Carlos Perez carlos_perez () darkoperator com sent:
 Yep it is a known problem, only full tcp scans work anything else fails
when it host to VM 

 Sent from my iPhone
 On Feb 28, 2013, at 5:11 AM, Chris Campbell  wrote:

 Vmnet interfaces aren't real devices so you can't use nmap on them. 

 Chris Campbell------------------------07742123443
 On 28 Feb 2013, at 06:02, Mike Perez  wrote:

 I tried searching the net and nmap's forums, but I'm running nmap under
OSX and using Fusion and receive trying to scan:
 new-host:~ oia$ sudo nmap -O -F 192.168.210.153/24 [2] 
 Starting Nmap 6.25 ( http://nmap.org [3] ) at 2013-02-28 00:22 ESTdnet:
Failed to open device vmnet8QUITTING!new-host:~ oia$ 
  Anyone seen this before?
 Thanks,Mike _______________________________________________
 Pauldotcom mailing list
 Pauldotcom () mail pauldotcom com
 http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom [4]
 Main Web Site: http://pauldotcom.com [5]
_______________________________________________
 Pauldotcom mailing list
 Pauldotcom () mail pauldotcom com
 http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom [6]
 Main Web Site: http://pauldotcom.com [7]
_______________________________________________
 Pauldotcom mailing list
 Pauldotcom () mail pauldotcom com
 http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
[8]">http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom [9]
 Main Web Site: http://pauldotcom.com [10]">http://pauldotcom.com [11]

 _______________________________________________
 Pauldotcom mailing list
 Pauldotcom () mail pauldotcom com
 http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom [12]
 Main Web Site:  http://pauldotcom.com [13] 

Links:
------
[1] http://nmap.org
[2] http://192.168.210.153/24
[3] http://nmap.org
[4] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
[5] http://pauldotcom.com
[6] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
[7] http://pauldotcom.com
[8] http://webmail.easyspace.com/ http:=
[9] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
[10] http://webmail.easyspace.com/ http:=
[11] http://pauldotcom.com
[12] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
[13] http://pauldotcom.com

_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com

Current thread:

dnet: Failed to open device vmnet8 Mike Perez (Feb 27)
- Re: dnet: Failed to open device vmnet8 Anastasios Monachos (Feb 28)
- Re: dnet: Failed to open device vmnet8 Chris Campbell (Feb 28)
  - Re: dnet: Failed to open device vmnet8 Carlos Perez (Feb 28)
- <Possible follow-ups>
- Re: dnet: Failed to open device vmnet8 Matt Summers (Feb 28)
- Re: dnet: Failed to open device vmnet8 Matt Summers (Feb 28)
  - Re: dnet: Failed to open device vmnet8 Chris Campbell (Feb 28)
- Re: dnet: Failed to open device vmnet8 Mike Perez (Feb 28)
- Re: dnet: Failed to open device vmnet8 Matt Summers (Feb 28)