Home page logo

nmap-dev logo Nmap Development mailing list archives

Re: Nmap got a wrong result in windows 2003
From: David Fifield <david () bamsoftware com>
Date: Thu, 22 Nov 2012 09:39:43 -0800

On Thu, Nov 22, 2012 at 04:02:17PM +0800, rirong zhu wrote:
Are you sure that the IP address is not an address used by localhost?
What is the output of these commands?
        nmap --route-dst
        nmap --iflist

C:\Documents and Settings\Administrator> nmap --route-dst
lo0 lo0 srcaddr nexthop

C:\Documents and Settings\Administrator> nmap --iflist

Starting Nmap 6.01 ( http://nmap.org ) at 2012-11-22 15:56 中国标准时间
DEV  (SHORT) IP/MASK            TYPE     UP MTU  MAC
eth0 (eth0)    ethernet up 1500 78:2B:CB:14:95:81
eth1 (eth1)   ethernet up 1500 78:2B:CB:14:95:82
eth1 (eth1) ethernet up 1500 78:2B:CB:14:95:82
lo0  (lo0)        loopback up 1520

DST/MASK           DEV  GATEWAY eth1 eth1   lo0 eth1 eth0 lo0    lo0   eth0 eth1   eth1     eth0        lo0        eth1        eth0          lo0

The last line shows an unusual configuration. Your default route goes
through the localhost interface lo0, yet it has a gateway that is not
localhost. You might be able to solve this problem by changing your
network configuration.

You can also try the workaround of adding
        -e eth0
to your Nmap command.

Otherwise, we might haver to change some code in
sysroutes_dnet_find_interfaces. We already follow a chain of route
entries for routes without an assigned interface; perhaps we have to do
it to override an assigned interface (in this case lo0) too. The default
route,          lo0
has a gateway that matches this route entry on eth1:   eth1
which in turn matches exactly the address of eth0:
eth0 (eth0)    ethernet up 1500 78:2B:CB:14:95:81   lo0
It seems to me that route_dst should choose eth0 in this case, but it is
a tricky and unusual one.

Are you able to change your networking configuration to solve this
problem? Is the "-e eth0" workaround sufficient?

One other thing: please send the output of
        route print
It is possible that Nmap is reading the routing table incorrectly.

David Fifield
Sent through the nmap-dev mailing list
Archived at http://seclists.org/nmap-dev/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]