Nmap Development mailing list archives
Re: nmap on OpenBSD 4.5 -stable and OpenBSD -current (4.6)
From: Vijay Sankar <vsankar () foretell ca>
Date: Wed, 22 Jul 2009 06:40:19 -0500
Thanks very much. Here are the captures. nmap.cap is root doing "nmap -v -A server2.sankars.local" nmap-send-ip.cap is root doing "nmap -v --send-ip -A server2.sankars.localnmap-user.cap is my unprivileged user account doing "nmap -v -A server2.sankars.local"
There were checksum errors with packets sent out through nmap. Just in case my network set up had something to do with the errors, I tried accessing a VM using rdesktop (Windows 2003 running on qemu on server2.sankars.local) as well as an ssh session to server2.sankars.local. There were checksum errors in both those cases as well. The two servers are on two different gigabit switches. If appropriate, I can test this on two servers connected to the same switch. Please let me know if there is anything else I can do to help.
Brandon Enright wrote:
Hi Vijay, sorry I'm typing this on a phone. This sounds like a problem with Nmap not interpreting the ARP response properly. Others have reported similar problems with non-Linux OSes recently. Would you be willing to capture the ARP request and ARP reponse with tcpdump for us? There is a chance our ARP response identification and parsing code needs improvement.BrandonSent from my phone. If you would like a digital signature for this email let me know and I will sign it later.On Jul 22, 2009, at 4:50, Vijay Sankar <vsankar () foretell ca> wrote:Hi,Just thought I would report the following in case there are any simple things I can do to help out. If there is, please let me know.I am not able to run nmap as root (--send-ip works, however) on OpenBSD 4.5 -stable. Compiled it with a ./configure, make and make install. Zenmap works very well with OpenBSD's Python 2.5.4 package. Also tried OpenBSD -current as of 1430 hours CDT July 22, 2009 with the same results.As a regular user, server11$ nmap -v -A server2.sankars.local Starting Nmap 5.00 ( http://nmap.org ) at 2009-07-21 23:28 CDT NSE: Loaded 30 scripts for scanning. Initiating Ping Scan at 23:28 Scanning 10.0.0.102 [2 ports] Completed Ping Scan at 23:28, 0.00s elapsed (1 total hosts) Initiating Parallel DNS resolution of 1 host. at 23:28 Completed Parallel DNS resolution of 1 host. at 23:28, 0.00s elapsed Initiating Connect Scan at 23:28 Scanning server2.sankars.local (10.0.0.102) [1000 ports] Discovered open port 22/tcp on 10.0.0.102 Discovered open port 139/tcp on 10.0.0.102 Discovered open port 445/tcp on 10.0.0.102 Discovered open port 6000/tcp on 10.0.0.102Increasing send delay for 10.0.0.102 from 0 to 5 due to 44 out of 146 dropped probes since last increase.Completed Connect Scan at 23:29, 18.11s elapsed (1000 total ports) Initiating Service scan at 23:29 Scanning 4 services on server2.sankars.local (10.0.0.102) Completed Service scan at 23:29, 11.02s elapsed (4 services on 1 host) NSE: Script scanning 10.0.0.102. NSE: Starting runlevel 1 scan Initiating NSE at 23:29 Completed NSE at 23:29, 0.47s elapsed NSE: Starting runlevel 2 scan Initiating NSE at 23:29 Completed NSE at 23:29, 0.02s elapsed NSE: Script Scanning completed. Host server2.sankars.local (10.0.0.102) is up (0.00013s latency). Interesting ports on server2.sankars.local (10.0.0.102): Not shown: 996 closed ports PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 5.2 (protocol 2.0)| ssh-hostkey: 1024 85:fd:f8:d7:23:2b:35:cc:88:6c:69:01:51:53:70:24 (DSA)|_ 2048 43:4c:30:6b:16:f6:25:7d:ed:34:af:2a:42:88:8a:69 (RSA) 139/tcp open netbios-ssn Samba smbd 3.X (workgroup: MYGROUP) 445/tcp open netbios-ssn Samba smbd 3.X (workgroup: MYGROUP) 6000/tcp open X11 (access denied) Service Info: OS: Unix Host script results: |_ nbstat: ERROR: Name query failed: ERROR | smb-os-discovery: Unix | LAN Manager: Samba 3.0.33 | Name: MYGROUP\Unknown |_ System time: 2009-07-21 23:29:14 UTC-5 Read data files from: /usr/local/share/nmapService detection performed. Please report any incorrect results at http://nmap.org/submit/ .Nmap done: 1 IP address (1 host up) scanned in 29.78 seconds As root, server11# nmap -v -A server2.sankars.local Starting Nmap 5.00 ( http://nmap.org ) at 2009-07-21 23:43 CDT NSE: Loaded 30 scripts for scanning. Initiating ARP Ping Scan at 23:43 Scanning 10.0.0.102 [1 port] Completed ARP Ping Scan at 23:43, 0.23s elapsed (1 total hosts) Read data files from: /usr/local/share/nmapNote: Host seems down. If it is really up, but blocking our ping probes, try -PNNmap done: 1 IP address (0 hosts up) scanned in 0.58 seconds Raw packets sent: 2 (84B) | Rcvd: 0 (0B) server11# nmap -v -PN server2.sankars.local Starting Nmap 5.00 ( http://nmap.org ) at 2009-07-21 23:43 CDT NSE: Loaded 0 scripts for scanning. Initiating ARP Ping Scan at 23:43 Scanning 10.0.0.102 [1 port] Completed ARP Ping Scan at 23:43, 0.23s elapsed (1 total hosts) Read data files from: /usr/local/share/nmap Nmap done: 1 IP address (0 hosts up) scanned in 0.28 seconds Raw packets sent: 2 (84B) | Rcvd: 0 (0B) server11# nmap -v --send-ip -A server2.sankars.local Starting Nmap 5.00 ( http://nmap.org ) at 2009-07-21 23:34 CDT NSE: Loaded 30 scripts for scanning. Initiating Ping Scan at 23:34 Scanning 10.0.0.102 [4 ports] Completed Ping Scan at 23:34, 2.01s elapsed (1 total hosts) Initiating Parallel DNS resolution of 1 host. at 23:34 Completed Parallel DNS resolution of 1 host. at 23:34, 0.00s elapsed Initiating SYN Stealth Scan at 23:34 Scanning server2.sankars.local (10.0.0.102) [1000 ports] Discovered open port 445/tcp on 10.0.0.102Increasing send delay for 10.0.0.102 from 0 to 5 due to 11 out of 12 dropped probes since last increase.Discovered open port 139/tcp on 10.0.0.102 Discovered open port 22/tcp on 10.0.0.102Increasing send delay for 10.0.0.102 from 5 to 10 due to max_successful_tryno increase to 4 Increasing send delay for 10.0.0.102 from 10 to 20 due to max_successful_tryno increase to 5 Increasing send delay for 10.0.0.102 from 20 to 40 due to 11 out of 17 dropped probes since last increase. Increasing send delay for 10.0.0.102 from 40 to 80 due to max_successful_tryno increase to 6 Increasing send delay for 10.0.0.102 from 80 to 160 due to max_successful_tryno increase to 7 Increasing send delay for 10.0.0.102 from 160 to 320 due to max_successful_tryno increase to 8 SYN Stealth Scan Timing: About 10.37% done; ETC: 23:39 (0:04:28 remaining) SYN Stealth Scan Timing: About 19.47% done; ETC: 23:39 (0:04:12 remaining) SYN Stealth Scan Timing: About 28.57% done; ETC: 23:40 (0:03:48 remaining) SYN Stealth Scan Timing: About 37.67% done; ETC: 23:40 (0:03:20 remaining) SYN Stealth Scan Timing: About 46.67% done; ETC: 23:40 (0:02:53 remaining)Discovered open port 6000/tcp on 10.0.0.102SYN Stealth Scan Timing: About 55.77% done; ETC: 23:40 (0:02:24 remaining) SYN Stealth Scan Timing: About 64.87% done; ETC: 23:40 (0:01:54 remaining) SYN Stealth Scan Timing: About 73.97% done; ETC: 23:40 (0:01:25 remaining) SYN Stealth Scan Timing: About 83.07% done; ETC: 23:40 (0:00:55 remaining)Completed SYN Stealth Scan at 23:40, 329.18s elapsed (1000 total ports) Initiating Service scan at 23:40 Scanning 4 services on server2.sankars.local (10.0.0.102) Completed Service scan at 23:40, 11.02s elapsed (4 services on 1 host)Initiating OS detection (try #1) against server2.sankars.local (10.0.0.102) adjust_timeouts2: packet supposedly had rtt of -519693 microseconds. Ignoring time.NSE: Script scanning 10.0.0.102. NSE: Starting runlevel 1 scan Initiating NSE at 23:40 Completed NSE at 23:40, 0.45s elapsed NSE: Starting runlevel 2 scan Initiating NSE at 23:40 Completed NSE at 23:40, 0.02s elapsed NSE: Script Scanning completed. Host server2.sankars.local (10.0.0.102) is up (-2.0s latency). Interesting ports on server2.sankars.local (10.0.0.102): Not shown: 996 closed ports PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 5.2 (protocol 2.0)| ssh-hostkey: 1024 85:fd:f8:d7:23:2b:35:cc:88:6c:69:01:51:53:70:24 (DSA)|_ 2048 43:4c:30:6b:16:f6:25:7d:ed:34:af:2a:42:88:8a:69 (RSA) 139/tcp open netbios-ssn Samba smbd 3.X (workgroup: MYGROUP) 445/tcp open netbios-ssn Samba smbd 3.X (workgroup: MYGROUP) 6000/tcp open X11 (access denied) MAC Address: 00:22:19:A8:C4:4F (Dell) Device type: general purpose Running: OpenBSD 3.X|4.X OS details: OpenBSD 3.9 - 4.4 Uptime guess: 0.000 days (since Tue Jul 21 23:40:26 2009) Network Distance: 1 hop TCP Sequence Prediction: Difficulty=245 (Good luck!) IP ID Sequence Generation: Randomized Service Info: OS: Unix Host script results: |_ nbstat: ERROR: Name query failed: ERROR | smb-os-discovery: Unix | LAN Manager: Samba 3.0.33 | Name: MYGROUP\Unknown |_ System time: 2009-07-21 23:40:31 UTC-5 Read data files from: /usr/local/share/nmapOS and Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .Nmap done: 1 IP address (1 host up) scanned in 348.49 seconds Raw packets sent: 1154 (53.448KB) | Rcvd: 1147 (47.460KB) Thanks very much, Vijay -- Vijay Sankar, M.Eng., P.Eng. ForeTell Technologies Limited 59 Flamingo Avenue, Winnipeg, MB, Canada R3J 0X6 Phone: (204) 885-9535, E-Mail: vsankar () foretell ca _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
-- Vijay Sankar, M.Eng., P.Eng. ForeTell Technologies Limited 59 Flamingo Avenue, Winnipeg, MB, Canada R3J 0X6 Phone: (204) 885-9535, E-Mail: vsankar () foretell ca
Attachment:
nmap.cap
Description:
Attachment:
nmap-send-ip.cap
Description:
Attachment:
nmap-user.cap
Description:
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- nmap on OpenBSD 4.5 -stable and OpenBSD -current (4.6) Vijay Sankar (Jul 21)
- Re: nmap on OpenBSD 4.5 -stable and OpenBSD -current (4.6) Brandon Enright (Jul 22)
- Re: nmap on OpenBSD 4.5 -stable and OpenBSD -current (4.6) Vijay Sankar (Jul 22)
- Re: nmap on OpenBSD 4.5 -stable and OpenBSD -current (4.6) David Fifield (Jul 22)
- Re: nmap on OpenBSD 4.5 -stable and OpenBSD -current (4.6) Vijay Sankar (Jul 22)
- Re: nmap on OpenBSD 4.5 -stable and OpenBSD -current (4.6) Brandon Enright (Jul 22)