Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Nmap Development: Re: Libtool, static libraries, and NSE modules

Re: Libtool, static libraries, and NSE modules

From: Vijay Sankar <vsankar_at_foretell.ca>
Date: Tue, 23 Oct 2007 05:52:10 -0500

On October 22, 2007 05:19:40 pm David Fifield wrote:
> On Mon, Oct 22, 2007 at 09:52:06PM -0500, Vijay Sankar wrote:
> > I had the following problem on OpenBSD 4.1.
> >
> > nmap -sS -P0 -vv 192.168.10.5
> >
> > OR
> >
> > nmap -A -P0 -vv 192.168.10.5
> >
> > gives me:
> >
> > Starting Nmap 4.22SOC7 ( http://insecure.org ) at 2007-10-22 20:43 CDT
> > Warning: File ./nmap-services exists, but Nmap is
> > using /usr/local/share/nmap/nmap-services for security and consistency
> > reasons. set NMAPDIR=. to give priority to files in your local directory
> > (may affect the other data files too).
> > Initiating ARP Ping Scan at 20:43
> > Scanning 192.168.10.5 [1 port]
> > Completed ARP Ping Scan at 20:43, 0.23s elapsed (1 total hosts)
> > Read data files from: /usr/local/share/nmap
> > Nmap done: 1 IP address (0 hosts up) scanned in 0.337 seconds
> > Raw packets sent: 2 (84B) | Rcvd: 0 (0B)
> >
> > However the following works
> >
> > nmap -sT -P0 -vv 192.168.10.5
>
> Nmap does an ARP scan of directly connected Ethernet hosts even if -P0
> is used. See http://insecure.org/nmap/man/man-host-discovery.html. But I
> don't know why the ARP scan would fail when the connect scan works.
> Please send the output of
>
> nmap -sS -P0 -d2 --packet-trace 192.168.10.5
>
> David Fifield
>
> _______________________________________________
> Sent through the nmap-dev mailing list
> http://cgi.insecure.org/mailman/listinfo/nmap-dev
> Archived at http://SecLists.Org
>
> !DSPAM:1,471d7bdd38536107113666!

With -sT, even though it correctly detected all open ports, I got a warning
(mass_dns: warning: got a READ:ERROR in read_evt_handler()). May be something
is wrong with my DNS set up. To reduce wasting your time, I will repeat these
on a different set of machines and report back by tomorrow.

vijay# nmap -sS -P0 -d2 --packet-trace 192.168.10.5

Starting Nmap 4.22SOC7 ( http://insecure.org ) at 2007-10-23 05:32 CDT
Warning: File ./nmap-services exists, but Nmap is
using /usr/local/share/nmap/nmap-services for security and consistency
reasons. set NMAPDIR=. to give priority to files in your local directory
(may affect the other data files too).
Fetchfile found /usr/local/share/nmap/nmap-services

The max # of sockets we are using is: 0
--------------- Timing report ---------------
  hostgroups: min 1, max 100000
  rtt-timeouts: init 1000, min 100, max 10000
  max-scan-delay: TCP 1000, UDP 1000
  parallelism: min 0, max 0
  max-retries: 10, host-timeout: 0
---------------------------------------------
Initiating ARP Ping Scan at 05:32
Scanning 192.168.10.5 [1 port]
Packet capture filter (device dc0): arp and ether dst host 00:04:5A:5F:B8:3C
SENT (0.1220s) ARP who-has 192.168.10.5 tell 192.168.10.60
SENT (0.2260s) ARP who-has 192.168.10.5 tell 192.168.10.60
ultrascan_host_probe_update called for machine 192.168.10.5 state UNKNOWN ->
HOST_DOWN (trynum 1 time: 130770)
Completed ARP Ping Scan at 05:32, 0.24s elapsed (1 total hosts)
mass_rdns: Using DNS server 10.0.0.103
mass_rdns: Using DNS server 10.0.0.102
Read from /usr/local/share/nmap: nmap-services.
Nmap done: 1 IP address (0 hosts up) scanned in 0.358 seconds
           Raw packets sent: 2 (84B) | Rcvd: 0 (0B)

-sT works here still.

vijay# nmap -sT -P0 -d2 192.168.10.5

The max # of sockets we are using is: 0
--------------- Timing report ---------------
  hostgroups: min 1, max 100000
  rtt-timeouts: init 1000, min 100, max 10000
  max-scan-delay: TCP 1000, UDP 1000
  parallelism: min 0, max 0
  max-retries: 10, host-timeout: 0
---------------------------------------------
mass_rdns: Using DNS server 10.0.0.103
mass_rdns: Using DNS server 10.0.0.102
Initiating Parallel DNS resolution of 1 host. at 05:44
mass_dns: warning: got a READ:ERROR in read_evt_handler()
mass_dns: warning: got a READ:ERROR in read_evt_handler()
. .
.
.
.
.
processData took 152ms
Completed Connect Scan at 05:40, 8.42s elapsed (1705 total ports)
Host 192.168.10.5 appears to be up ... good.
Interesting ports on 192.168.10.5:
Not shown: 1701 filtered ports
Reason: 1701 no-responses
PORT STATE SERVICE REASON
22/tcp open ssh syn-ack
80/tcp open http syn-ack
443/tcp open https syn-ack
8080/tcp open http-proxy syn-ack
Final times for host: srtt: 345 rttvar: 1715 to: 100000

Read from /usr/local/share/nmap: nmap-services.
Nmap done: 1 IP address (1 host up) scanned in 14.996 seconds

Thanks very much,

Vijay 

-- 
Vijay Sankar, M.Eng., P.Eng.
President & CEO
ForeTell Technologies Limited
59 Flamingo Avenue, Winnipeg, MB Canada R3J 0X6
Phone: +1 204 885 9535, E-Mail: vsankar_at_foretell.ca
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
Received on Oct 23 2007
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos