Home page logo

nmap-dev logo Nmap Development mailing list archives

Re: Please help with long standing nmap issue
From: David Fifield <david () bamsoftware com>
Date: Fri, 3 Apr 2009 10:13:21 -0600

On Thu, Apr 02, 2009 at 10:16:27PM -0600, David Fifield wrote:
On Mon, Mar 30, 2009 at 07:57:22AM +0100, Rob Nicholls wrote:
I assume from the tracking software you mentioned that you're using OSX? I
think we decided it's a peculiarity of the OS rather than a problem with
nmap: http://seclists.org/nmap-dev/2008/q4/0634.html

I believe David's suggestion was to give the admin group read and write
permissions to /dev/bfp* and run nmap as a non-root user that's in the admin

That explains why --iflist isn't working as non-root. There is another
issue, which is that ping scan is working as non-root but not as root:

M:~ jp$ sudo nmap -O -v

Starting Nmap 4.85BETA4 ( http://nmap.org ) at 2009-03-29 16:33 MDT
Warning: Unable to open interface vmnet8 -- skipping it.
Warning: Unable to open interface vmnet1 -- skipping it.
Initiating Ping Scan at 16:33
Scanning 254 hosts [2 ports/host]
Ping Scan Timing: About 31.50% done; ETC: 16:35 (0:01:07 remaining)
Ping Scan Timing: About 60.04% done; ETC: 16:35 (0:00:41 remaining)
Completed Ping Scan at 16:35, 103.72s elapsed (254 total hosts)
Read data files from: /usr/local/share/nmap
Nmap done: 254 IP addresses (0 hosts up) scanned in 104.06 seconds
          Raw packets sent: 1016 (34.544KB) | Rcvd: 885 (72.047KB)

M:~ jp$ nmap -sP

Starting Nmap 4.85BETA4 ( http://nmap.org ) at 2009-03-29 16:38 MDT
Host appears to be up.
Host appears to be up.
Host appears to be up.

Jerry, can you run these commands and send me the log files?:

      sudo nmap -sP -d --packet-trace -oN root.nmap
      nmap -sP -d --packet-trace -oN nonroot.nmap
      sudo nmap -sP -d --packet-trace --unprivileged -oN root-unprivileged.nmap

Thanks, now that I have seen to log files I know what the problem is.
The machines on your network respond to a SYN to port 80 (which is what
the non-root ping scan does), but not an ACK to port 80 nor an ICMP echo
(which is what the root ping scan does). In your network you should use
the -PS option to find up hosts. Just combine it with the options you
were already using:

M:~ jp$ sudo nmap -PS -O -v

David Fifield

Sent through the nmap-dev mailing list
Archived at http://SecLists.Org

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]