Nmap Development mailing list archives
Re: Latest NMAP & the cisco VPN client...
From: kx <kxmail () gmail com>
Date: Fri, 9 Feb 2007 20:50:21 -0500
Colin, WinPcap can't transmit over a VPN. See: http://seclists.org/nmap-dev/2006/q3/0438.html You might try --unprivileged which should allow things like Connect scans to work. Cheers, kx On 2/9/07, Hines,Colin Mack <cmhines () ufl edu> wrote:
Running XP sp2 / all latest patches and IE7. Cisco VPN Client 4.6.02.0011 using ipsec/tcp Nmap for windows v4.20 downloaded today from insecure.org It seems that nmap is not correctly enumerating all the local routes provided by the cisco vpn client. Here is my current route print output... C:\Program Files\Nmap>route print ======================================================================== === Interface List 0x1 ........................... MS TCP Loopback interface 0x2 ...00 13 72 c6 f2 2b ...... Broadcom NetXtreme 57xx Gigabit Controller - Pac ket Scheduler Miniport 0x10004 ...00 05 9a 3c 78 00 ...... Cisco Systems VPN Adapter - Packet Scheduler Miniport ======================================================================== === ======================================================================== === Active Routes: Network Destination Netmask Gateway Interface Metric 0.0.0.0 0.0.0.0 10.241.22.1 10.241.23.222 20 10.5.135.0 255.255.255.0 10.228.255.129 10.228.255.129 1 10.5.176.0 255.255.240.0 10.228.255.129 10.228.255.129 1 10.5.192.0 255.255.240.0 10.228.255.129 10.228.255.129 1 10.227.208.0 255.255.255.0 10.228.255.129 10.228.255.129 1 10.228.255.0 255.255.255.0 10.228.255.129 10.228.255.129 1 10.228.255.128 255.255.255.128 10.228.255.129 10.228.255.129 10 10.228.255.129 255.255.255.255 127.0.0.1 127.0.0.1 10 10.241.22.0 255.255.254.0 10.241.23.222 10.241.23.222 20 10.241.22.0 255.255.254.0 10.228.255.129 10.228.255.129 1 10.241.23.7 255.255.255.255 10.241.23.222 10.241.23.222 1 10.241.23.222 255.255.255.255 127.0.0.1 127.0.0.1 20 10.255.255.255 255.255.255.255 10.228.255.129 10.228.255.129 10 10.255.255.255 255.255.255.255 10.241.23.222 10.241.23.222 20 127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1 128.227.0.144 255.255.255.240 10.228.255.129 10.228.255.129 1 128.227.21.0 255.255.255.192 10.228.255.129 10.228.255.129 1 128.227.75.224 255.255.255.240 10.228.255.129 10.228.255.129 1 128.227.128.0 255.255.255.0 10.228.255.129 10.228.255.129 1 128.227.138.0 255.255.255.0 10.228.255.129 10.228.255.129 1 128.227.156.0 255.255.255.0 10.228.255.129 10.228.255.129 1 128.227.166.117 255.255.255.255 10.241.22.1 10.241.23.222 1 128.227.187.192 255.255.255.192 10.228.255.129 10.228.255.129 1 128.227.208.0 255.255.255.0 10.228.255.129 10.228.255.129 1 224.0.0.0 240.0.0.0 10.228.255.129 10.228.255.129 10 224.0.0.0 240.0.0.0 10.241.23.222 10.241.23.222 20 255.255.255.255 255.255.255.255 10.228.255.129 10.228.255.129 1 255.255.255.255 255.255.255.255 10.241.23.222 10.241.23.222 1 Default Gateway: 10.241.22.1 ======================================================================== === Persistent Routes: None Now, here is my nmap --iflist output... C:\Program Files\Nmap>nmap --iflist Starting Nmap 4.20 ( http://insecure.org ) at 2007-02-09 11:12 Eastern Standard Time ************************INTERFACES************************ DEV (SHORT) IP/MASK TYPE UP MAC eth0 (eth0) 10.241.23.222/23 ethernet up 00:13:72:C6:F2:2B eth1 (eth1) 10.228.255.129/25 ethernet up 00:05:9A:3C:78:00 lo0 (lo0) 127.0.0.1/8 loopback up **************************ROUTES************************** DST/MASK DEV GATEWAY 255.255.255.255/32 eth1 10.228.255.129 128.227.166.117/32 eth0 10.241.22.1 10.255.255.255/32 eth0 10.241.23.222 10.255.255.255/32 eth1 10.228.255.129 10.241.23.222/32 lo0 127.0.0.1 10.241.23.7/32 eth0 10.241.23.222 10.228.255.129/32 lo0 127.0.0.1 255.255.255.255/32 eth0 10.241.23.222 128.227.75.224/4 eth1 10.228.255.129 128.227.0.144/4 eth1 10.228.255.129 128.227.21.0/2 eth1 10.228.255.129 128.227.187.192/2 eth1 10.228.255.129 10.228.255.128/1 eth1 10.228.255.129 128.227.208.0/0 eth1 10.228.255.129 10.5.135.0/0 eth1 10.228.255.129 10.227.208.0/0 eth1 10.228.255.129 10.228.255.0/0 eth1 10.228.255.129 128.227.156.0/0 eth1 10.228.255.129 128.227.128.0/0 eth1 10.228.255.129 128.227.138.0/0 eth1 10.228.255.129 10.241.22.0/0 eth1 10.228.255.129 10.241.22.0/0 eth0 10.241.23.222 10.5.176.0/0 eth1 10.228.255.129 10.5.192.0/0 eth1 10.228.255.129 127.0.0.0/0 lo0 127.0.0.1 224.0.0.0/0 eth1 10.228.255.129 224.0.0.0/0 eth0 10.241.23.222 0.0.0.0/0 eth0 10.241.22.1 As far as I can tell, it seems to be doing some wacky stuff with the network masks. We noticed this issue when trying to nmap 10.5.177.x boxes and it was not sending it over the vpn, but sending it over the local network, eth0. Thanks! Colin M. Hines Infrastructure Team -=- UF Bridges cmhines () ufl edu -=- 352.871.7000 _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Latest NMAP & the cisco VPN client... Hines,Colin Mack (Feb 09)
- Re: Latest NMAP & the cisco VPN client... kx (Feb 09)
- RE: Latest NMAP & the cisco VPN client... Wagner, Chris (GE Infra, Non-GE, US) (Feb 12)
- Re: Latest NMAP & the cisco VPN client... kx (Feb 09)