mailing list archives
Re: Please help with long standing nmap issue
From: David Fifield <david () bamsoftware com>
Date: Fri, 3 Apr 2009 10:13:21 -0600
On Thu, Apr 02, 2009 at 10:16:27PM -0600, David Fifield wrote:
On Mon, Mar 30, 2009 at 07:57:22AM +0100, Rob Nicholls wrote:
I assume from the tracking software you mentioned that you're using OSX? I
think we decided it's a peculiarity of the OS rather than a problem with
I believe David's suggestion was to give the admin group read and write
permissions to /dev/bfp* and run nmap as a non-root user that's in the admin
That explains why --iflist isn't working as non-root. There is another
issue, which is that ping scan is working as non-root but not as root:
M:~ jp$ sudo nmap -O -v 192.168.226.1-254
Starting Nmap 4.85BETA4 ( http://nmap.org ) at 2009-03-29 16:33 MDT
Warning: Unable to open interface vmnet8 -- skipping it.
Warning: Unable to open interface vmnet1 -- skipping it.
Initiating Ping Scan at 16:33
Scanning 254 hosts [2 ports/host]
Ping Scan Timing: About 31.50% done; ETC: 16:35 (0:01:07 remaining)
Ping Scan Timing: About 60.04% done; ETC: 16:35 (0:00:41 remaining)
Completed Ping Scan at 16:35, 103.72s elapsed (254 total hosts)
Read data files from: /usr/local/share/nmap
Nmap done: 254 IP addresses (0 hosts up) scanned in 104.06 seconds
Raw packets sent: 1016 (34.544KB) | Rcvd: 885 (72.047KB)
M:~ jp$ nmap -sP 192.168.226.1-254
Starting Nmap 4.85BETA4 ( http://nmap.org ) at 2009-03-29 16:38 MDT
Host 192.168.226.1 appears to be up.
Host 192.168.226.2 appears to be up.
Host 192.168.226.10 appears to be up.
Jerry, can you run these commands and send me the log files?:
sudo nmap -sP -d --packet-trace 192.168.226.1-254 -oN root.nmap
nmap -sP -d --packet-trace 192.168.226.1-254 -oN nonroot.nmap
sudo nmap -sP -d --packet-trace --unprivileged 192.168.226.1-254 -oN root-unprivileged.nmap
Thanks, now that I have seen to log files I know what the problem is.
The machines on your network respond to a SYN to port 80 (which is what
the non-root ping scan does), but not an ACK to port 80 nor an ICMP echo
(which is what the root ping scan does). In your network you should use
the -PS option to find up hosts. Just combine it with the options you
were already using:
M:~ jp$ sudo nmap -PS -O -v 192.168.226.1-254
Sent through the nmap-dev mailing list
Archived at http://SecLists.Org