mailing list archives
Re: Problems with nmap with openvz or bridge interfaces
From: David Fifield <david () bamsoftware com>
Date: Wed, 20 Jun 2012 19:54:14 -0700
On Mon, Jun 18, 2012 at 05:06:05PM +0100, Djalal Harouni wrote:
First, the solution for OpenVZ containers:
One should setup a veth interface  which is like an ethernet device,
and should support all Nmap features...
On Thu, Jun 14, 2012 at 01:17:22PM -0500, Daniel Miller wrote:
I was chatting with Leonardo Amaral on IRC, and he was experiencing the
same problem. I suggested the patch from
http://seclists.org/nmap-dev/2012/q2/584 and that solved it for the
bridge, but not the openvz interface. nmap --iflist was showing
"INTERFACES: NONE FOUND(!)". I've CC'd him so he can reply with more
These are virtual network interfaces of type "void" 
OpenVZ containers use them for their venet interfaces , they do not
support mac addresses, nor arp...
Adding and using the following, like in the previous patch should let Nmap
#define ARP_HRD_VOID 0xFFFF /* Void type, nothing is known */
Please note that: that memcpy() for venet is nop since they do not
support MAC addresses.
However I'm sure that this will faile at least for:
(1) Privileged scans will fail for venet interfaces and other IPv6 tricks.
(2) Can't list Nmap routes correctly due to another bug which I'm tracking.
This is related to the IPv6 merge 'r23778' and some parts that were
Why should it fail, just because of a lack of a MAC address? That should
be fine; we use raw sockets, not Ethernet, by default on Linux.
Sent through the nmap-dev mailing list
Archived at http://seclists.org/nmap-dev/