Nmap Development mailing list archives
Re: Issues with privileged scan of LAN on Mac OS X
From: Jesper Kückelhahn <dev.kyckel () gmail com>
Date: Mon, 28 Jan 2013 17:27:11 +0100
Hi Patrik, Yes, the guest is running on the same host that is conducting the scan. I used Parallels for visualisation with bridged network setup. - Jesper On Jan 28, 2013, at 3:26 AM, Patrik Karlsson <patrik () cqure net> wrote:
Jesper, Are you running the virtualized guests, that you're scanning, on the same host from which you are performing the scan? I've had som issues with this in the past and I've been using VirtualBox mainly. Haven't tried in a while now so I'm not sure what works and what doesn't. /Patrik On Sun, Jan 27, 2013 at 4:30 PM, Jesper Kückelhahn <dev.kyckel () gmail com> wrote: Hi, Thanks for the reply. I've looked in to it some more, and it seems to only be an issue with guest OS's running in a virtual environment. I've setup a physical machine on my network, and there are no issues scanning this, so I'm assuming the issue is with the virtualisation software I'm using. - Jesper On Jan 27, 2013, at 7:06 PM, David Fifield <david () bamsoftware com> wrote:On Sun, Jan 27, 2013 at 01:01:04PM +0100, Jesper Kückelhahn wrote:I'm seeing some strange behaviour when running privileged scans against hosts in my LAN. nmap marks the target as being down, but if I run unprivileged, it works fine. This does not happen when scanning external targets. I've checked out previous revisions (back to r30000), to see if it might be a patch that broke something, but I haven't found any differences. Could this issue be caused by a change in OS X ? Unfortunately, I don't have access to previous versions (I'm on 10.8.2), so I can't test if this is the case.It looks like something to do with ARP host discovery. ARP host discovery is only done when privileged, and only for targets on the same subnet. A workaround that disables ARP host discovery is to use the --send-ip option. Try these commands too. netstat -rn nmap --route-dst 192.168.1.23 OS X has been known to change the routing table on the fly, so you should check the routing table before and after a scan to see if it changes. David Fifield_______________________________________________ Sent through the dev mailing list http://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/ -- Patrik Karlsson http://www.cqure.net http://twitter.com/nevdull77
_______________________________________________ Sent through the dev mailing list http://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Issues with privileged scan of LAN on Mac OS X Jesper Kückelhahn (Jan 27)
- Re: Issues with privileged scan of LAN on Mac OS X David Fifield (Jan 27)
- Re: Issues with privileged scan of LAN on Mac OS X Jesper Kückelhahn (Jan 27)
- Re: Issues with privileged scan of LAN on Mac OS X Patrik Karlsson (Jan 27)
- Re: Issues with privileged scan of LAN on Mac OS X Jesper Kückelhahn (Jan 28)
- Re: Issues with privileged scan of LAN on Mac OS X Jesper Kückelhahn (Jan 27)
- Re: Issues with privileged scan of LAN on Mac OS X David Fifield (Jan 27)