Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

host discovery fails - Nmap, tap interface and OpenVPN

From: Agapito Malteni <sruloasegreto () aol com>
Date: Fri, 30 Mar 2012 16:32:36 +0200
Hi,


I'm using nmap (version 5.51) on Windows 7 64bit. I'm connected to a vpn
(OpenVPN in tap ethernet bridging mode)
A virtual device (tap) is used by Nmap and I'm scanning targets belonging
to a vpn.


Here is my network configuration (only meaningful)

Tap device

   Address IPv4. . . . . . . . . . . . . : 192.168.5.1
   Subnet mask . . . . . . . . . . . . . : 255.255.255.0
   Default gateway . . . . . . . . . . . :


route print
Network address             Mask          Gateway             Interface
    Metrics
       192.168.6.0    255.255.255.0       192.168.5.99      192.168.5.1
31
       192.168.7.0    255.255.255.0       192.168.5.99      192.168.5.1
31


The preceding routes are injected by the OpenVPN server. My IP is on
network 192.168.5.0 and can reach networks 192.168.6.0,192.168.7.0
via gateway 192.168.5.99.


The first time when I connected to the tunnel OpenVPN an host discovery
failed (command nmap -PE -sn -n 192.168.6.0/30 didn't discover any host
although I knew one (192.168.6.1) was active).
The issue doesn't happen if before running nmap I run a ping command
against the active host from the Windows cmd. Indeed, after that, nmap
reveals succesfully the host.


Debugging with Wireshark I noticed that during the first attempt of host
discovery of Nmap, Nmap didn't send any ARP request (although the ARP cache
related to the tap interface was empty) with content the IP of the gateway
(192.168.5.99), and it sent ping trying to find others without any
response. Instead during the ping performed by the Windows cmd I noticed
that ARP request were successfully sent and after that the pings were sent
succesfully.


So in summary with my configuration Nmap doesn't work until a Windows cmd
ping will be run.



I've found other similar issues on the net:

    https://www.virtualbox.org/ticket/2899
    http://seclists.org/nmap-dev/2008/q1/81




Agapito Malteni


Best regards
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: