Nmap Development mailing list archives

Latest NMAP & the cisco VPN client...

From: "Hines,Colin Mack" <cmhines () UFL EDU>
Date: Fri, 9 Feb 2007 11:17:07 -0500

Running XP sp2 / all latest patches and IE7.

Cisco VPN Client 4.6.02.0011 using ipsec/tcp
Nmap for windows v4.20 downloaded today from insecure.org

It seems that nmap is not correctly enumerating all the local routes
provided by the cisco vpn client.  Here is my current route print
output...

C:\Program Files\Nmap>route print
========================================================================
===
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 13 72 c6 f2 2b ...... Broadcom NetXtreme 57xx Gigabit
Controller - Pac
ket Scheduler Miniport
0x10004 ...00 05 9a 3c 78 00 ...... Cisco Systems VPN Adapter - Packet
Scheduler
 Miniport
========================================================================
===
========================================================================
===
Active Routes:
Network Destination        Netmask          Gateway       Interface
Metric
          0.0.0.0          0.0.0.0      10.241.22.1   10.241.23.222
20
       10.5.135.0    255.255.255.0   10.228.255.129  10.228.255.129
1
       10.5.176.0    255.255.240.0   10.228.255.129  10.228.255.129
1
       10.5.192.0    255.255.240.0   10.228.255.129  10.228.255.129
1
     10.227.208.0    255.255.255.0   10.228.255.129  10.228.255.129
1
     10.228.255.0    255.255.255.0   10.228.255.129  10.228.255.129
1
   10.228.255.128  255.255.255.128   10.228.255.129  10.228.255.129
10
   10.228.255.129  255.255.255.255        127.0.0.1       127.0.0.1
10
      10.241.22.0    255.255.254.0    10.241.23.222   10.241.23.222
20
      10.241.22.0    255.255.254.0   10.228.255.129  10.228.255.129
1
      10.241.23.7  255.255.255.255    10.241.23.222   10.241.23.222
1
    10.241.23.222  255.255.255.255        127.0.0.1       127.0.0.1
20
   10.255.255.255  255.255.255.255   10.228.255.129  10.228.255.129
10
   10.255.255.255  255.255.255.255    10.241.23.222   10.241.23.222
20
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1
1
    128.227.0.144  255.255.255.240   10.228.255.129  10.228.255.129
1
     128.227.21.0  255.255.255.192   10.228.255.129  10.228.255.129
1
   128.227.75.224  255.255.255.240   10.228.255.129  10.228.255.129
1
    128.227.128.0    255.255.255.0   10.228.255.129  10.228.255.129
1
    128.227.138.0    255.255.255.0   10.228.255.129  10.228.255.129
1
    128.227.156.0    255.255.255.0   10.228.255.129  10.228.255.129
1
  128.227.166.117  255.255.255.255      10.241.22.1   10.241.23.222
1
  128.227.187.192  255.255.255.192   10.228.255.129  10.228.255.129
1
    128.227.208.0    255.255.255.0   10.228.255.129  10.228.255.129
1
        224.0.0.0        240.0.0.0   10.228.255.129  10.228.255.129
10
        224.0.0.0        240.0.0.0    10.241.23.222   10.241.23.222
20
  255.255.255.255  255.255.255.255   10.228.255.129  10.228.255.129
1
  255.255.255.255  255.255.255.255    10.241.23.222   10.241.23.222
1
Default Gateway:       10.241.22.1
========================================================================
===
Persistent Routes:
  None

Now, here is my nmap --iflist output... 

C:\Program Files\Nmap>nmap --iflist

Starting Nmap 4.20 ( http://insecure.org ) at 2007-02-09 11:12 Eastern
Standard
Time
************************INTERFACES************************
DEV  (SHORT) IP/MASK           TYPE     UP MAC
eth0 (eth0)  10.241.23.222/23  ethernet up 00:13:72:C6:F2:2B
eth1 (eth1)  10.228.255.129/25 ethernet up 00:05:9A:3C:78:00
lo0  (lo0)   127.0.0.1/8       loopback up

**************************ROUTES**************************
DST/MASK           DEV  GATEWAY
255.255.255.255/32 eth1 10.228.255.129
128.227.166.117/32 eth0 10.241.22.1
10.255.255.255/32  eth0 10.241.23.222
10.255.255.255/32  eth1 10.228.255.129
10.241.23.222/32   lo0  127.0.0.1
10.241.23.7/32     eth0 10.241.23.222
10.228.255.129/32  lo0  127.0.0.1
255.255.255.255/32 eth0 10.241.23.222
128.227.75.224/4   eth1 10.228.255.129
128.227.0.144/4    eth1 10.228.255.129
128.227.21.0/2     eth1 10.228.255.129
128.227.187.192/2  eth1 10.228.255.129
10.228.255.128/1   eth1 10.228.255.129
128.227.208.0/0    eth1 10.228.255.129
10.5.135.0/0       eth1 10.228.255.129
10.227.208.0/0     eth1 10.228.255.129
10.228.255.0/0     eth1 10.228.255.129
128.227.156.0/0    eth1 10.228.255.129
128.227.128.0/0    eth1 10.228.255.129
128.227.138.0/0    eth1 10.228.255.129
10.241.22.0/0      eth1 10.228.255.129
10.241.22.0/0      eth0 10.241.23.222
10.5.176.0/0       eth1 10.228.255.129
10.5.192.0/0       eth1 10.228.255.129
127.0.0.0/0        lo0  127.0.0.1
224.0.0.0/0        eth1 10.228.255.129
224.0.0.0/0        eth0 10.241.23.222
0.0.0.0/0          eth0 10.241.22.1


As far as I can tell, it seems to be doing some wacky stuff with the
network masks.  We noticed this issue when trying to nmap 10.5.177.x
boxes and it was not sending it over the vpn, but sending it over the
local network, eth0.

Thanks!

Colin M. Hines
Infrastructure Team  -=-  UF Bridges
cmhines () ufl edu  -=-  352.871.7000

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
Current thread:

Latest NMAP & the cisco VPN client... Hines,Colin Mack (Feb 09)
- Re: Latest NMAP & the cisco VPN client... kx (Feb 09)
  - RE: Latest NMAP & the cisco VPN client... Wagner, Chris (GE Infra, Non-GE, US) (Feb 12)