Re: OS X 10.6 diagnosis: pcap timeout and bpf device access

[Walt Scrivens <walts () gate net>]

David,
As I said in my earlier e-mail, I compiled for 32 bit configuration and nmap seemed to work OK.

I just installed Apple's latest update, 10.6.2, and re-complied without the 32-bit switches; nmap now seems to work 
properly!

Walt

=====================
TestComputer:nmap walts$ ./configure
checking build system type... i386-apple-darwin10.2.0
checking host system type... i386-apple-darwin10.2.0
checking for gcc... gcc
.
.
.
Configuration complete.  Type make (or gmake on some *BSD machines) to compile.
TestComputer:nmap walts$ make
Compiling liblua
make[1]: `liblua.a' is up to date.
Compiling libdnet
Making all in include
make  all-recursive
Making all in dnet
make[4]: Nothing to be done for `all'.
Making all in src
make[2]: Nothing to be done for `all'.
make[2]: Nothing to be done for `all-am'.
Compiling libnbase
cd nbase && make
make[1]: Nothing to be done for `all'.
Compiling libnsock
cd nsock/src && make
cd ../../nbase && make
make[2]: Nothing to be done for `all'.
cd ncat && make
Compiling libnsock
cd ../nsock/src && make
cd ../../nbase && make
make[3]: Nothing to be done for `all'.
make nmap build-zenmap build-ndiff
make[1]: `nmap' is up to date.
cd zenmap && /usr/bin/python setup.py build 
running build
running build_py
running build_scripts
cd ndiff && /usr/bin/python setup.py build 
running build
running build_scripts
TestComputer:nmap walts$ sudo nmap -sP -d9 scanme.nmap.org
Password:

Starting Nmap 5.00 ( http://nmap.org ) at 2009-11-10 10:26 EST
The max # of sockets we are using is: 0
--------------- Timing report ---------------
  hostgroups: min 1, max 100000
  rtt-timeouts: init 1000, min 100, max 10000
  max-scan-delay: TCP 1000, UDP 1000, SCTP 1000
  parallelism: min 0, max 0
  max-retries: 10, host-timeout: 0
  min-rate: 0, max-rate: 0
---------------------------------------------
Warning: File ./nse_main.lua exists, but Nmap is using /usr/local/share/nmap/nse_main.lua for security and consistency 
reasons.  set NMAPDIR=. to give priority to files in your local directory (may affect the other data files too).
Fetchfile found /usr/local/share/nmap/nse_main.lua
Fetchfile found /usr/local/share/nmap/nselib/
Fetchfile found /usr/local/share/nmap/scripts/script.db
NSE: Loaded 0 scripts for scanning.
Warning: Unable to open interface vmnet1 -- skipping it.
Warning: Unable to open interface vmnet8 -- skipping it.
Initiating Ping Scan at 10:26
Scanning 64.13.134.52 [4 ports]
Pcap filter: dst host 192.168.1.144 and (icmp or ((tcp or udp or sctp) and (src host 64.13.134.52)))
Packet capture filter (device en1): dst host 192.168.1.144 and (icmp or ((tcp or udp or sctp) and (src host 
64.13.134.52)))
SENT (0.5780s) ICMP 192.168.1.144 > 64.13.134.52 echo request (type=8/code=0) ttl=50 id=36516 iplen=7168 
SENT (0.5780s) TCP 192.168.1.144:33028 > 64.13.134.52:443 S ttl=53 id=53135 iplen=11264  seq=2901364014 win=2048 <mss 
1460>
SENT (0.5780s) TCP 192.168.1.144:33028 > 64.13.134.52:80 A ttl=49 id=50743 iplen=10240  seq=2901364014 win=2048 
ack=3621513297 
SENT (0.5780s) ICMP 192.168.1.144 > 64.13.134.52 Timestamp request (type=13/code=0) ttl=59 id=31798 iplen=10240 
**TIMING STATS** (0.5780s): IP, probes active/freshportsleft/retry_stack/outstanding/retranwait/onbench, 
cwnd/ssthresh/delay, timeout/srtt/rttvar/
   Groupstats (1/1 incomplete): 4/*/*/*/*/* 10.00/75/* 1000000/-1/-1
   64.13.134.52: 4/0/0/4/0/0 10.00/75/0 1000000/-1/-1
Current sending rates: 1725.63 packets / s, 65573.77 bytes / s.
Overall sending rates: 1725.63 packets / s, 65573.77 bytes / s.
RCVD (0.5900s) ICMP 172.16.0.254 > 192.168.1.144 network 64.13.134.52 unreachable (type=3/code=0) ttl=254 id=50922 
iplen=56 
Found 64.13.134.52 in incomplete hosts list.
Got destination unreachable for 64.13.134.52
ultrascan_host_probe_update called for machine 64.13.134.52 state UNKNOWN -> HOST_DOWN (trynum 0 time: 20468)
Timeout vals: srtt: -1 rttvar: -1 to: 1000000 delta 11413 ==> srtt: 11413 rttvar: 11413 to: 100000
Timeout vals: srtt: -1 rttvar: -1 to: 1000000 delta 11413 ==> srtt: 11413 rttvar: 11413 to: 100000
**TIMING STATS** (0.5990s): IP, probes active/freshportsleft/retry_stack/outstanding/retranwait/onbench, 
cwnd/ssthresh/delay, timeout/srtt/rttvar/
   Groupstats (1/1 incomplete): 3/*/*/*/*/* 11.00/75/* 100000/11413/11413
   64.13.134.52: 3/0/0/3/0/0 11.00/75/0 100000/11413/11413
Current sending rates: 175.25 packets / s, 6659.66 bytes / s.
Overall sending rates: 175.25 packets / s, 6659.66 bytes / s.
**TIMING STATS** (0.6800s): IP, probes active/freshportsleft/retry_stack/outstanding/retranwait/onbench, 
cwnd/ssthresh/delay, timeout/srtt/rttvar/
   Groupstats (1/1 incomplete): 0/*/*/*/*/* 11.00/75/* 100000/11413/11413
   64.13.134.52: 0/0/0/3/3/0 11.00/75/0 100000/11413/11413
Current sending rates: 38.50 packets / s, 1463.07 bytes / s.
Overall sending rates: 38.50 packets / s, 1463.07 bytes / s.
RCVD (0.7260s) ICMP 64.13.134.52 > 192.168.1.144 echo reply (type=0/code=0) ttl=54 id=16587 iplen=28 
Found 64.13.134.52 in incomplete hosts list.
We got a ping packet back from 64.13.134.52: id = 54203 seq = 0 checksum = 11332
ultrascan_host_probe_update called for machine 64.13.134.52 state HOST_DOWN -> HOST_UP (trynum 0 time: 152279)
Timeout vals: srtt: 11413 rttvar: 11413 to: 100000 delta 136849 ==> srtt: 28519 rttvar: 42772 to: 199607
Timeout vals: srtt: 11413 rttvar: 11413 to: 100000 delta 136849 ==> srtt: 28519 rttvar: 42772 to: 199607
Changing ping technique for 64.13.134.52 to icmp type 8 code 0
Moving 64.13.134.52 to completed hosts list with 0 outstanding probes.
Changing global ping host to 64.13.134.52.
Completed Ping Scan at 10:26, 0.15s elapsed (1 total hosts)
Overall sending rates: 25.89 packets / s, 984.00 bytes / s.
pcap stats: 952 packets received by filter, 0 dropped by kernel.
mass_rdns: Using DNS server 192.168.1.1
NSOCK (0.7900s) UDP connection requested to 192.168.1.1:53 (IOD #1) EID 8
NSOCK (0.7900s) Read request from IOD #1 [192.168.1.1:53] (timeout: -1ms) EID 18
Initiating Parallel DNS resolution of 1 host. at 10:26
mass_rdns: TRANSMITTING for <64.13.134.52> (server <192.168.1.1>)
NSOCK (0.7900s) Write request for 43 bytes to IOD #1 EID 27 [192.168.1.1:53]: 
.>...........52.134.13.64.in-addr.arpa.....
NSOCK (0.7900s) nsock_loop() started (timeout=500ms). 3 events pending
NSOCK (0.7900s) Callback: CONNECT SUCCESS for EID 8 [192.168.1.1:53]
NSOCK (0.7900s) Callback: WRITE SUCCESS for EID 27 [192.168.1.1:53]
NSOCK (0.9740s) Callback: READ SUCCESS for EID 18 [192.168.1.1:53] (168 bytes)
NSOCK (0.9740s) Read request from IOD #1 [192.168.1.1:53] (timeout: -1ms) EID 34
CAPACITY <192.168.1.1> = 12
mass_rdns: OK MATCHED <64.13.134.52> to <scanme.nmap.org>
mass_rdns: 0.24s 0/1 [#: 1, OK: 0, NX: 0, DR: 0, SF: 0, TR: 1]
Completed Parallel DNS resolution of 1 host. at 10:26, 0.18s elapsed
DNS resolution of 1 IPs took 0.24s. Mode: Async [#: 1, OK: 1, NX: 0, DR: 0, SF: 0, TR: 1, CN: 0]
Host scanme.nmap.org (64.13.134.52) is up, received echo-reply (0.029s latency).
No data files read.
Nmap done: 1 IP address (1 host up) scanned in 0.97 seconds
           Raw packets sent: 4 (152B) | Rcvd: 2 (84B)
TestComputer:nmap walts$ 

On Nov 9, 2009, at 12:54 AM, David Fifield wrote:
> I committed the O_RDWR change. With that, a temporary workaround for
> this problem is to compile in 32-bit mode by configuring like this:
>
> ./configure CFLAGS="-m32" CXXFLAGS="-m32" LDFLAGS="-m32"
>
> I'm going to try reinstalling MacPorts under 10.6 and see if I can make
> a release like that. If not, I'll revert back to my 10.5 installation
> for the next release.
>
> David Fifield
> _______________________________________________
> Sent through the nmap-dev mailing list
> http://cgi.insecure.org/mailman/listinfo/nmap-dev
> Archived at http://seclists.org/nmap-dev/

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/