Nmap Development mailing list archives
Problem routing nmap scans
From: graou () free fr
Date: Fri, 03 Aug 2012 13:10:39 +0200
Hi all I'm having troubles with nmap v6.01 and Windows 7 x64. Let's say i want to do a tcp syn scan to a host on a subnetwork (192.168.35.53:80). This host answers to ping : ---------------------
ping 192.168.35.53
Envoi d'une requête 'Ping' 192.168.35.53 avec 32 octets de données : Réponse de 192.168.35.53 : octets=32 temps=2 ms TTL=61 --------------------- This host is reachable via any browser. This host is also reachable via nmap tcp connect scan, when i disable host discovery : ---------------------
nmap -sT 192.168.35.53 -p 80 -Pn
Starting Nmap 6.01 ( http://nmap.org ) at 2012-08-03 10:35 Paris, Madrid (heure dÆÚtÚ) Nmap scan report for 192.168.35.53 Host is up (0.020s latency). PORT STATE SERVICE 80/tcp open http Nmap done: 1 IP address (1 host up) scanned in 0.14 seconds --------------------- But when i try tcp syn scan with or without host discovery, it won't work anymore (wireshark won't see any packets going out) : ---------------------
nmap -sS 192.168.35.53 -p 80
Starting Nmap 6.01 ( http://nmap.org ) at 2012-08-03 10:38 Paris, Madrid (heure dÆÚtÚ) Note: Host seems down. If it is really up, but blocking our ping probes, try -Pn Nmap done: 1 IP address (0 hosts up) scanned in 3.27 seconds
nmap -sS 192.168.35.53 -p 80 -Pn
Starting Nmap 6.01 ( http://nmap.org ) at 2012-08-03 10:39 Paris, Madrid (heure dÆÚtÚ) Nmap scan report for 192.168.35.53 Host is up. PORT STATE SERVICE 80/tcp filtered http Nmap done: 1 IP address (1 host up) scanned in 2.29 seconds --------------------- Here are my network interfaces : ---------------------
Nmap -iflist
Starting Nmap 6.01 ( http://nmap.org ) at 2012-08-03 11:14 Paris, Madrid (heure dÆÚtÚ) ************************INTERFACES************************ DEV (SHORT) IP/MASK TYPE UP MTU MAC eth0 (eth0) fe80::14a3:473b:906d:f489/64 ethernet down 1400 00:FF:E0:99:32:05 eth0 (eth0) 169.254.244.137/4 ethernet down 1400 00:FF:E0:99:32:05 eth1 (eth1) fe80::61c9:436e:95b4:4699/64 ethernet up 1500 F0:DE:F1:3C:52:EB eth1 (eth1) 172.22.32.9/27 ethernet up 1500 F0:DE:F1:3C:52:EB lo0 (lo0) ::1/128 loopback up -1 lo0 (lo0) 127.0.0.1/8 loopback up -1 tun0 (tun0) fe80::5efe:ac16:2009/128 point2point down 1280 tun1 (tun1) (null)/0 point2point down 1280 DEV WINDEVICE eth0 \Device\NPF_{47685897-037C-4039-877E-9A38087C913B} eth0 \Device\NPF_{47685897-037C-4039-877E-9A38087C913B} eth1 \Device\NPF_{2CE9107C-9829-4D85-8A6A-2135CF04A8FE} eth1 \Device\NPF_{2CE9107C-9829-4D85-8A6A-2135CF04A8FE} lo0 <none> lo0 <none> tun0 <none> tun1 <none> **************************ROUTES************************** DST/MASK DEV GATEWAY 172.22.32.31/32 eth0 255.255.255.255/32 eth0 127.0.0.1/32 eth0 127.255.255.255/32 eth0 255.255.255.255/32 eth0 172.22.32.9/32 eth0 255.255.255.255/32 eth0 172.22.32.0/27 eth0 127.0.0.0/8 eth0 224.0.0.0/4 eth0 224.0.0.0/4 eth0 224.0.0.0/4 eth0 0.0.0.0/0 eth0 172.22.32.30 --------------------- So i tried specifying the output interface, which i beleive is eth1. (eth0 is my Juniper Network Connect Virtual Adapter) : ---------------------
nmap -e eth1 -sS 192.168.35.53 -p 80
Starting Nmap 6.01 ( http://nmap.org ) at 2012-08-03 10:40 Paris, Madrid (heure dÆÚtÚ) nexthost: failed to determine route to 192.168.35.53 QUITTING! --------------------- Then i saw this line : ---------------------
Nmap -iflist
... 0.0.0.0/0 eth0 172.22.32.30 --------------------- how comes nmap route 0.0.0.0/0 map to eth0 (which is down - see iflist) ? how do i change this to eth1 ? _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Problem routing nmap scans graou (Aug 04)
- Re: Problem routing nmap scans David Fifield (Sep 29)