Nmap Development mailing list archives

Re: 'nmap -S <src_addr>' does not use 'iproute2' alternate routing table

From: David Fifield <david () bamsoftware com>
Date: Mon, 10 Sep 2012 13:33:27 -0700

On Mon, Sep 10, 2012 at 04:22:20PM -0400, starlight.2012q3 () binnacle cx wrote:

At 01:08 PM 9/10/2012 -0700, David Fifield wrote:

On Thu, Aug 23, 2012 at 09:53:24PM -0400, 
starlight.2012q3 () binnacle cx wrote:


$ ip rule show
0:      from all lookup local
32764:  from 172.29.86.4 lookup eth4  # SEARCH ETH4 TABLE
32765:  from 172.29.79.1 lookup eth5
32766:  from all lookup main
32767:  from all lookup default

$ ip route show table eth4
172.29.79.0/24 dev eth5  scope link
172.29.88.0/24 dev eth1  scope link
172.29.87.0/24 dev eth0  scope link
172.29.86.0/24 dev eth4  scope link  src 172.29.86.4
127.0.0.0/8 dev lo  scope link
default via 172.29.86.1 dev eth4     # ROUTE THIS WAY

$ ip route show table main
172.29.79.0/24 dev eth5  scope link  src 172.29.79.1
172.29.91.0/24 via 172.29.83.6 dev tun0
172.29.88.0/24 dev eth1  scope link  src 172.29.88.1
172.29.87.0/24 dev eth0  scope link  src 172.29.87.1
172.29.86.0/24 dev eth4  scope link  src 172.29.86.4
172.29.85.0/24 dev tun1  scope link  src 172.29.85.1
172.29.83.0/24 dev tun0  scope link  src 172.29.83.1
172.29.82.0/24 dev tun2  scope link  src 172.29.82.1
172.29.81.0/24 dev tun3  scope link  src 172.29.81.1
default via 172.29.79.2 dev eth5


Can you point out which parts of this configuration should cause 
a source address of 172.29.87.84 to route through eth4? The 
closest I can guess is from "ip rule show",

32764:  from 172.29.86.4 lookup eth4


Yes, this rule says search the 'eth4' table
when the source address is matched.  Is
before the catchall table entry 'main'.


But that address 172.29.86.4 doesn't match
the 172.29.86.84 used in your Nmap command.
Was that just a typo?


Yes, typo.  Should be

# nmap -e eth4 -S 172.29.86.84 <target>

Re-checked it just to be sure.  Traffic
goes out 'eth5' instead of 'eth4'
and is directed to the MAC address of
the 172.29.79.2 router IP.


I'm still confused. Did you typo the address again? 172.29.86.84 is the
same address you originally posted, and my guess is that you actually
meant 172.29.86.4. Otherwise why would the rule "from 172.29.86.4" match
172.29.86.84?

David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

Current thread:

'nmap -S <src_addr>' does not use 'iproute2' alternate routing table starlight . 2012q3 (Aug 23)
- Re: 'nmap -S <src_addr>' does not use 'iproute2' alternate routing table starlight . 2012q3 (Aug 28)
- Re: 'nmap -S <src_addr>' does not use 'iproute2' alternate routing table David Fifield (Sep 10)
  - Re: 'nmap -S <src_addr>' does not use 'iproute2' alternate routing table David Fifield (Sep 10)
    - Re: 'nmap -S <src_addr>' does not use 'iproute2' alternate routing table starlight . 2012q3 (Sep 10)
    - Re: 'nmap -S <src_addr>' does not use 'iproute2' alternate routing table David Fifield (Sep 10)
  - Re: 'nmap -S <src_addr>' does not use 'iproute2' alternate routing table starlight . 2012q3 (Sep 10)
    - Re: 'nmap -S <src_addr>' does not use 'iproute2' alternate routing table David Fifield (Sep 10)
    - Re: 'nmap -S <src_addr>' does not use 'iproute2' alternate routing table starlight . 2012q3 (Sep 10)