Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Nmap Development: RE: Execution problem : getinterfaces: Failed to open ethernet in terface (fxp9)

RE: Execution problem : getinterfaces: Failed to open ethernet in terface (fxp9)

From: Dom Devitto <Dom.Devitto_at_ntl.com>
Date: Mon, 9 Jan 2006 22:40:25 -0000

[ This is all quite OpenBSD-specific, but maybe it'll save someone a few ]
[ hours one day. Crossposted to misc_at_openbsd.org for extra karma ]

Hmmm,

Lots of digging later shows that:
a) ifconfig doesn't know about BPF devices, whatever the changelog says.

e.g.
# ifconfig bpf20 create
ifconfig: SIOCIFCREATE: Invalid argument

b) you don't need to increase the number of BPF devices in the kernel...
   but you MUST manually create the device-files in /dev.
   ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Ergo:
You need a bpf device in /dev for every interface on the system.
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

It appears that the OpenBSD kernel can dynamically create the bpf devices
internally, but the BPF interface still needs the device-files in order to
work, and the kernel doesn't do that for you. (or maybe trying to use BPF
device-files causes the OpenBSD kernel to dynamically create the BPF
pseudo-device)

By default, "MAKEDEV all" only creates 10 BPF device-files, but when you've
more than 10 interfaces, bpf(), and consequently nmap, breaks.

Oddly enough, nmap works after doing a "ifconfig interface DELETE", not
DESTROY - why removing IP addresses from interfaces means nmap requires less
BPF devices isn't very clear (to me), as you can obviously still use BPF
with an interface that has no assigned IP4/6 address. Weird.

Dom
Dom De Vitto CISSP MBCS BSc Desk: 01962 82 3363 / 716 3363
Security Consultant Mobile: 07855 805 271
Operational Security <mailto:Dom.DeVitto_at_ntl.com>
-----Original Message-----
From: Michael Coulter [mailto:mjc_at_bitz.ca]
Sent: 09 January 2006 02:10
To: Dom Devitto
Cc: nmap-dev_at_insecure.org
Subject: Re: Execution problem : getinterfaces: Failed to open ethernet in
terface (fxp9)

On Sat, Jan 07, 2006 at 11:49:48PM -0000, Dom Devitto wrote:

> really means - for 'clean' OpenBSD 3.8 at least:
>
> "You need more BPF devices, rebuild your kernel, and remake /dev, possibly
> changing MAKEDEV"

since 3.6 the kernel should not need to be rebuilt.

from http://www.openbsd.org/plus36.html

- Make bpf(4) devices clonable.

The contents of this email and any attachments are sent for the personal attention
of the addressee(s) only and may be confidential. If you are not the intended
addressee, any use, disclosure or copying of this email and any attachments is
unauthorised - please notify the sender by return and delete the message. Any
representations or commitments expressed in this email are subject to contract.
 
ntl Group Limited

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Received on Jan 09 2006

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos