Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Nmap Development: Re[2]: nmap 4.22S0C7 multiple IP address on one NIC in Win2000

Re[2]: nmap 4.22S0C7 multiple IP address on one NIC in Win2000

From: <preacherandrew_at_mail.ru>
Date: Thu, 25 Oct 2007 10:33:26 +0400

Здравствуйте, Brandon.

Вы писали 24 октября 2007 г., 11:10:47:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1

> On Wed, 24 Oct 2007 10:51:51 +0400 plus or minus some time Андрей
> Коростелёв <preacherandrew_at_mail.ru> wrote:
> ...snip...
>> > So I would run
>> C:\>>nmap -e eth0 <other options> <target>
>> > to select that interface.
>>
>> > I rename my interfaces to reasonable things like 'eth0' instead of
>> > Windows default (in English anyway) 'LAN interface' or whatever.
>>
>> > -Jason
>>
>> Thanks you for tips.
>> I will run nmap as you say.
>> But if my comp have one NIC with two IP-addresses, I guess nmap should
>> run normal whithout additional options. And this situation is
>> considered in code, but it is appears code has small bug.
>>

> If you have multiple interfaces, each of which may have more than one IP
> than you'd need to use -e <interface> and -S <ip>. Nmap is probably not
> going to guess the IP you want but you can force it to use whatever IP
> you'd like with -S.

> Brandon

I have one interface with several IP (192.168.160.12, 192.168.230.107,
192.168.2.3, 192.168.1.15 - in this order in TCP/IP properties window).
All masks 255.255.255.0
I've tried -e <interface> and -S <ip>. But alas. Things more
complicated.

Here is my scenario.
I run: nmap -e eth0 -S 192.168.160.12 192.168.160.1
And my host and target host (192.168.160.1) is placed in same subnet.

1)When nmap starts grabbing my machine configuration, Windows API
function GetIpAddrTable report my IP addresses in such order:
192.168.2.3, ... (i don't know why GetIpAddrTable returns my
IP addresses in that order)
Now nmap uses ip 192.168.2.3 as main ip-address of my interface.

2) Then nmap try compare IP addess of my interface (192.168.2.3/24)
and destination IP (192.168.160.1). And nmap make decision that these
addresses not directly connected - from ip-addressing
point view it is correct.
From this point Nmap think that my interface and destination interface
NOT DIRECTLY CONNECTED.

3)Then nmap reach to processing -S option (in my case "-S 192.168.160.12").
Nmap try to find path from 192.168.160.12 to 192.168.160.1. But before
this point nmap already decided that source and destination NOT DIRECTLY
CONNECTED (see 2).
And now nmap think that 192.168.160.12 and 192.168.160.1 not directly
connected - this is contradiction.

4) When nmap try to find path from 192.168.160.12 to 192.168.160.1
(thinking that these ip addresses not directly connected) it
is crashed.

Andrew

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
Received on Oct 24 2007

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]