Nmap Development mailing list archives

Re: nmap and routing problems

From: Peter Gordon <peter () pg-consultants com>
Date: Thu, 19 Feb 2009 21:49:32 +0200

Here is the information you requested.
The essential difference between the two is that there is a bind in the
second example.


echo "HI" | nc  10.10.10.71 80
(UNKNOWN) [10.10.10.71] 80 (www) : Network is unreachable

strace -enetwork -f  nc  10.10.10.71 80
socket(PF_INET, SOCK_STREAM, IPPROTO_TCP) = 3
setsockopt(3, SOL_SOCKET, SO_REUSEADDR, [1], 4) = 0
connect(3, {sa_family=AF_INET, sin_port=htons(80),
sin_addr=inet_addr("10.10.10.71")}, 16) = -1 ENETUNREACH (Network is
unreachable)
(UNKNOWN) [10.10.10.71] 80 (www) : Network is unreachable


echo "HI" | nc -s 10.19.1.30 10.10.10.71 80
HTTP/1.1 400 Bad Request
Content-Type: text/html
Date: Thu, 19 Feb 2009 19:47:16 GMT
Connection: close
Content-Length: 35

strace -enetwork -f  nc  -s 10.19.1.30 10.10.10.71 80
socket(PF_INET, SOCK_STREAM, IPPROTO_TCP) = 3
setsockopt(3, SOL_SOCKET, SO_REUSEADDR, [1], 4) = 0
bind(3, {sa_family=AF_INET, sin_port=htons(0),
sin_addr=inet_addr("10.19.1.30")}, 16) = 0
connect(3, {sa_family=AF_INET, sin_port=htons(80),
sin_addr=inet_addr("10.10.10.71")}, 16) = 0


Peter



On Thu, 2009-02-19 at 12:13 -0700, David Fifield wrote:

On Thu, Feb 19, 2009 at 08:38:42PM +0200, Peter Gordon wrote:

Progress has been made !

I ran the latest version of nmap -4.85BETA3:
./nmap -e eth0 --unprivileged 10.10.10.71
and received the message "Host seems down".

The problem is with the socket connection. The -e flag doesn't seem to 
be doing anything. What it should be doing is a bind to the IP of the
requested port. 

Without -e option
connect(3, {sa_family=AF_INET, sin_port=htons(80),
sin_addr=inet_addr("10.10.10.71")}, 16) = -1 ENETUNREACH (Network is
unreachable)

With -e option
connect(3, {sa_family=AF_INET, sin_port=htons(80),
sin_addr=inet_addr("10.10.10.71")}, 16) = -1 ENETUNREACH (Network is
unreachable)


I'm surprised you can create any kind of socket connection at all. ping
might be a special case because it uses raw sockets. Are you able to
make a connection with Ncat?

      ncat 10.10.10.71 80
      ncat -s 10.19.1.30 10.10.10.71 80

Even if port 80 is not open, you should get back a "connection refused"
or "connection timeout", not "network is unreachable". Try running
strace with those commands and see what happens.

David Fifield

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org



_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org

Current thread:

nmap and routing problems Peter Gordon (Feb 18)
- Re: nmap and routing problems David Fifield (Feb 18)
  - Re: nmap and routing problems Peter Gordon (Feb 19)
    - Re: nmap and routing problems David Fifield (Feb 19)
    - Re: nmap and routing problems Peter Gordon (Feb 19)
    - Re: nmap and routing problems kx (Feb 19)
    - Re: nmap and routing problems David Fifield (Feb 19)
    - Re: nmap and routing problems David Fifield (Feb 19)
    - Re: nmap and routing problems Peter Gordon (Feb 19)