Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Nmap bug - Doesn't folow static route (plain text)

From: Ninel Piroi <ninel.piroi () igpf ro>
Date: Fri, 18 Dec 2009 12:59:06 +0200
Hi,
I use Nmap frequently at home and at work, before being useful in many situations and I want to thank you for this sweet product. Recently I discovered that when using static routes to subnet, Nmap does not follow the route, but looking directly into local broadcast (ARP) 

Ex:
[Nmap Host] <-10.1.0.0/20-> [GW1] <-192.168.1.0/24-> [GW2] <-10.1.3.0/24-> [Target Host] 

[Nmap Host]
IP  :    10.1.0.15/20
GW1: 10.1.0.1
Static Route:  10.1.3.0/24 gw 10.1.0.1

[Target Host]
IP:      10.1.3.9/24
GW2: 10.1.3.1

> nmap --packet-trace -sS 10.1.3.9
Starting Nmap 5.00 ( http://nmap.org ) at 2009-12-18 08:41 GTB Standard Time
SENT (0.6720s) ARP who-has 10.1.3.9 tell 10.1.0.15
SENT (0.7820s) ARP who-has 10.1.3.9 tell 10.1.0.15
Note: Host seems down. If it is really up, but blocking our ping probes, try -PN 
Nmap done: 1 IP address (0 hosts up) scanned in 0.91 seconds

> nmap --iflist
Starting Nmap 5.00 ( http://nmap.org ) at 2009-12-18 08:41 GTB Standard Time
************************INTERFACES************************
DEV  (SHORT) IP/MASK       TYPE     UP MAC
eth0 (eth0)  10.1.0.15/20 ethernet up 00:1A:DC:3E:34:AC
lo0  (lo0)   127.0.0.1/8   loopback up
DEV    WINDEVICE
eth0   \Device\NPF_{00744106-FFB1-473B-AED9-3CD94673D5AA}
lo0 <none>
<none> \Device\NPF_GenericDialupAdapter
**************************ROUTES**************************
DST/MASK           DEV  GATEWAY
10.1.0.15/32      lo0  127.0.0.1
10.255.255.255/32  eth0 10.1.0.15
255.255.255.255/32 eth0 10.1.0.15
10.1.3.0/0         eth0 10.1.0.1
10.1.0.0/0         eth0 10.1.0.15
127.0.0.0/0        lo0  127.0.0.1
224.0.0.0/0        eth0 10.1.0.15
0.0.0.0/0          eth0 10.1.0.1

> ping -n 1 10.1.3.9
Pinging 10.1.3.9 with 32 bytes of data:
Reply from 10.1.3.9: bytes=32 time<1ms TTL=253
Ping statistics for 10.1.3.9:
    Packets: Sent = 1, Received = 1, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms

Best Regards,
Piroi Ninel

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: