Home page logo
/

nmap-dev logo Nmap Development mailing list archives

Re: Nmap got a wrong result in windows 2003
From: David Fifield <david () bamsoftware com>
Date: Thu, 22 Nov 2012 09:39:43 -0800

On Thu, Nov 22, 2012 at 04:02:17PM +0800, rirong zhu wrote:
Are you sure that the IP address is not an address used by localhost?
What is the output of these commands?
        nmap --route-dst 61.146.152.25
        nmap --iflist

C:\Documents and Settings\Administrator> nmap --route-dst 61.146.152.25
61.146.152.25
lo0 lo0 srcaddr 115.236.23.45 nexthop 115.236.23.33

C:\Documents and Settings\Administrator> nmap --iflist

Starting Nmap 6.01 ( http://nmap.org ) at 2012-11-22 15:56 中国标准时间
************************INTERFACES************************
DEV  (SHORT) IP/MASK            TYPE     UP MTU  MAC
eth0 (eth0)  192.168.1.45/24    ethernet up 1500 78:2B:CB:14:95:81
eth1 (eth1)  115.236.23.45/29   ethernet up 1500 78:2B:CB:14:95:82
eth1 (eth1)  124.160.125.118/29 ethernet up 1500 78:2B:CB:14:95:82
lo0  (lo0)   127.0.0.1/0        loopback up 1520

**************************ROUTES**************************
DST/MASK           DEV  GATEWAY
255.255.255.255/32 eth1 115.236.23.45
124.255.255.255/32 eth1 115.236.23.45
115.236.23.45/32   lo0  127.0.0.1
115.255.255.255/32 eth1 115.236.23.45
255.255.255.255/32 eth0 192.168.1.45
124.160.125.118/32 lo0  127.0.0.1
192.168.1.45/32    lo0  127.0.0.1
192.168.1.255/32   eth0 192.168.1.45
124.160.125.112/29 eth1 124.160.125.118
115.236.23.32/28   eth1 115.236.23.45
192.168.1.0/24     eth0 192.168.1.45
127.0.0.0/8        lo0  127.0.0.1
224.0.0.0/4        eth1 115.236.23.45
224.0.0.0/4        eth0 192.168.1.45
0.0.0.0/0          lo0  115.236.23.33

The last line shows an unusual configuration. Your default route goes
through the localhost interface lo0, yet it has a gateway that is not
localhost. You might be able to solve this problem by changing your
network configuration.

You can also try the workaround of adding
        -e eth0
to your Nmap command.

Otherwise, we might haver to change some code in
sysroutes_dnet_find_interfaces. We already follow a chain of route
entries for routes without an assigned interface; perhaps we have to do
it to override an assigned interface (in this case lo0) too. The default
route,
0.0.0.0/0          lo0  115.236.23.33
has a gateway that matches this route entry on eth1:
115.236.23.32/28   eth1 115.236.23.45
which in turn matches exactly the address of eth0:
eth0 (eth0)  192.168.1.45/24    ethernet up 1500 78:2B:CB:14:95:81
115.236.23.45/32   lo0  127.0.0.1
It seems to me that route_dst should choose eth0 in this case, but it is
a tricky and unusual one.

Are you able to change your networking configuration to solve this
problem? Is the "-e eth0" workaround sufficient?

One other thing: please send the output of
        route print
It is possible that Nmap is reading the routing table incorrectly.

David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault