Author Topic: Nmap Is A Pain (Read 5839 times)

captg · « **on:** March 24, 2006, 02:31:53 pm »

sl5500, OZ 3.5.3, latest opie

I've tried every nmap I can find, most install fine without errors. I can scan localhost, but anything else nmap hangs at the first output line "starting nmap ...". I'm thinking it might be a memory issue, I'm using the zImage-collie-32-32-20050407102515.bin image. I've tried all interfaces, eth0, usb0, wlan0.

Got any other thoughts?

thanks,
--cg

bluedevils · « **Reply #1 on:** March 24, 2006, 03:35:09 pm »

and you can ping those targets?

koen · « **Reply #2 on:** March 24, 2006, 04:07:57 pm »

Quote

sl5500, OZ 3.5.3, latest opie

I've tried every nmap I can find, most install fine without errors. I can scan localhost, but anything else nmap hangs at the first output line "starting nmap ...". I'm thinking it might be a memory issue, I'm using the zImage-collie-32-32-20050407102515.bin image. I've tried all interfaces, eth0, usb0, wlan0.
[div align=\"right\"][a href=\"index.php?act=findpost&pid=120130\"][{POST_SNAPBACK}][/a][/div]

I've also had problems with nmap on my ipaq (with 128mb ram). A security minded friend of mine said that nmap seems to have some strage issues on ARM cpus, so fingers crossded for the next version.

captg · « **Reply #3 on:** March 24, 2006, 05:04:13 pm »

Quote

and you can ping those targets?
[div align=\"right\"][{POST_SNAPBACK}][/a][/div]

yeah, fails with -P0, -sP, -sS...

/proc for icmp is accept...for targets...

on the wire I see it ping the target, poke at some ports, then ask for layer 2/3 addressing and then flat dead no packets.

#nmap -sS -e eth0 192.168.0.25

Starting nmap 3.81 ( [a href=\"http://www.insecure.org/nmap/]http://www.insecure.org/nmap/[/url] ) at 2006-03-24 00:07 UTC

tcpdump -i eth0 host 192.168.0.25
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 68 bytes
00:06:54.667325 IP 192.168.0.130 > 192.168.0.25: icmp 8: echo request seq 7704
00:06:54.667807 IP 192.168.0.25 > 192.168.0.130: icmp 8: echo reply seq 7704
00:06:54.675431 IP 192.168.0.130.43380 > 192.168.0.25.www: . ack 3922069406 win 2048
00:06:54.796964 IP 192.168.0.130.43356 > 192.168.0.25.https: S 2125676669:2125676669(0) win 3072
00:06:54.803189 IP 192.168.0.130.43356 > 192.168.0.25.domain: S 2125676669:2125676669(0) win 3072
00:06:54.809508 IP 192.168.0.130.43356 > 192.168.0.25.auth: S 2125676669:2125676669(0) win 4096
00:06:54.815894 IP 192.168.0.130.43356 > 192.168.0.25.1723: S 2125676669:2125676669(0) win 2048
00:06:54.822430 IP 192.168.0.130.43356 > 192.168.0.25.ldap: S 2125676669:2125676669(0) win 2048
00:06:54.828755 IP 192.168.0.130.43356 > 192.168.0.25.telnet: S 2125676669:2125676669(0) win 4096
00:06:54.835261 IP 192.168.0.130.43356 > 192.168.0.25.3389: S 2125676669:2125676669(0) win 1024
00:06:54.841629 IP 192.168.0.130.43356 > 192.168.0.25.smtp: S 2125676669:2125676669(0) win 2048
00:06:54.847946 IP 192.168.0.130.43356 > 192.168.0.25.ssh: S 2125676669:2125676669(0) win 3072
00:06:54.854622 IP 192.168.0.130.43356 > 192.168.0.25.www: S 2125676669:2125676669(0) win 1024

00:07:16.254179 IP 192.168.0.130 > 192.168.0.25: icmp 8: echo request seq 59736
00:07:16.254814 IP 192.168.0.25 > 192.168.0.130: icmp 8: echo reply seq 59736
00:07:16.266435 IP 192.168.0.130.58233 > 192.168.0.25.www: . ack 2559982174 win 3072
00:07:16.394403 IP 192.168.0.130.58212 > 192.168.0.25.smtp: S 2450382704:2450382704(0) win 2048
00:07:16.400623 IP 192.168.0.130.58212 > 192.168.0.25.1723: S 2450382704:2450382704(0) win 3072
00:07:16.406919 IP 192.168.0.130.58212 > 192.168.0.25.ldap: S 2450382704:2450382704(0) win 1024
00:07:16.413628 IP 192.168.0.130.58212 > 192.168.0.25.domain: S 2450382704:2450382704(0) win 3072
00:07:16.419744 IP 192.168.0.130.58212 > 192.168.0.25.3389: S 2450382704:2450382704(0) win 4096
00:07:16.426406 IP 192.168.0.130.58212 > 192.168.0.25.www: S 2450382704:2450382704(0) win 2048
00:07:16.432755 IP 192.168.0.130.58212 > 192.168.0.25.auth: S 2450382704:2450382704(0) win 1024
00:07:16.439136 IP 192.168.0.130.58212 > 192.168.0.25.ftp: S 2450382704:2450382704(0) win 1024
00:07:16.445654 IP 192.168.0.130.58212 > 192.168.0.25.ssh: S 2450382704:2450382704(0) win 2048
00:07:16.458030 IP 192.168.0.130.58212 > 192.168.0.25.rtsp: S 2450382704:2450382704(0) win 3072
00:07:21.250052 arp who-has 192.168.0.25 tell 192.168.0.130
00:07:21.250616 arp reply 192.168.0.25 is-at 00:0c:29:1f:ae:92

The space between streams is a second run of nmap. I'm thinking maybe interface adjustments or something of that nature...

cg

captg · « **Reply #4 on:** March 26, 2006, 03:31:04 am »

Here's what Ive found for the sl5500 and nmap 3.81.

options -sS and -sT against a packet dropping firewall hangs nmap
option -sS against a packet rejecting firewall (xp) hangs nmap

no firewall on victim = works.

Any ideas?

--cg

Ferret-Simpson · « **Reply #5 on:** March 29, 2006, 05:49:44 pm »

I'm still on 3.00.

Not gonna change it, since it took 47 attempts to install it to start with.

News:

Author Topic: Nmap Is A Pain (Read 5839 times)