Ubuntu
nmap package

scanning as root user does not send out any network based requests (it will only scan your own computer...)

Bug #247474 reported by i am not what i am
4
Affects Status Importance Assigned to Milestone
nmap (Ubuntu)
Fix Released
Undecided
Unassigned

Bug Description

scanning as root user does not send out any network based requests (it will only scan your own computer...)
XY@YYYY:~$ sudo nmap X.blah (x.blah is another host on my network)

Starting Nmap 4.53 ( http://insecure.org ) at 2008-07-11 15:58 EST
Note: Host seems down. If it is really up, but blocking our ping probes, try -PN
Nmap done: 1 IP address (0 hosts up) scanned in 0.288 seconds

 sudo nmap XXX.XX.XXX.XXX/24 -sV -O -p- -T 5

Starting Nmap 4.53 ( http://insecure.org ) at 2008-07-11 15:58 EST
Interesting ports on YYYY(this computer) (XXX.XXX.XXX.XXX):
Not shown: 65525 closed ports (i have removed some of the ports that are open from this report for privacy.)
PORT STATE SERVICE VERSION
Device type: general purpose
Running: Linux 2.6.X
OS details: Linux 2.6.17 - 2.6.18
Uptime: XXXX days (since XXX XXX XXX 2008)
Network Distance: 0 hops
Service Info: OS: Linux

Wireshark logs indicate that nmap only requested my computers arp / ip on the network and did not attempt to scan anything else. There were 4 hosts on the network at this time.

I was using an ipv6 tunnel via the tspc package. I do not know what impact this might have had. It should have none this is ipv4...
I did also try -PN like was suggested, which did not alter the result.

See original description
i am not what i am (iamnotwhatiam-deactivatedaccount)
description: updated
Revision history for this message
Marcus Asshauer (mcas) wrote :

Thank you for reporting this bug. Please add your ubuntu version. Are you using a firewall on your computer? If yes, do you block some outgoing traffic?

Changed in nmap:
status: New → Incomplete
Revision history for this message
i am not what i am (iamnotwhatiam-deactivatedaccount) wrote :

I do not use any firewalls. This is hardy 8.04. A scan not as the root user (not using sudo) works perfectly.

Revision history for this message
smaug (smaug-smaug-int) wrote :

I suppose thats's because nmap sometimes chooses incorrect interface to use.

My routing table:
#v+
10.0.0.1 dev tun0 proto kernel scope link src 10.1.2.1
10.1.2.0/25 dev wlan0 proto kernel scope link src 10.1.2.1
10.1.2.0/24 dev vbox proto kernel scope link src 10.1.2.1
192.168.0.0/16 via 10.0.0.1 dev tun0
10.0.0.0/14 via 10.0.0.1 dev tun0
default via 10.1.2.5 dev wlan0
#v-

So 'sudo nmap 10.1.2.5' should use wlan0 interface, but uses vbox interface instead
#v+
21:34 ~@pazur% sudo nmap 10.1.2.5

Starting Nmap 4.53 ( http://insecure.org ) at 2008-07-15 21:54 CEST
Note: Host seems down. If it is really up, but blocking our ping probes, try -PN
Nmap done: 1 IP address (0 hosts up) scanned in 0.281 seconds
21:54 ~@pazur% sudo ifconfig vbox down
21:54 ~@pazur% sudo nmap 10.1.2.5

Starting Nmap 4.53 ( http://insecure.org ) at 2008-07-15 21:54 CEST
pcap_open_live(vbox, 100, 0, 200) FAILED. Reported error: bind: Network is down. Will wait 5 seconds then retry.
#v-

Ubuntu 8.04.1

Revision history for this message
Patrick Brueckner (madmuffin) wrote :

Thank you for taking the time to report this bug and helping to make Ubuntu better. You reported this bug a while ago and there hasn't been any activity in it recently. We were wondering if this is still an issue for you. Can you try with the latest Ubuntu release? Thanks in advance.

Revision history for this message
smaug (smaug-smaug-int) wrote :

It seems to me that nmap version in interpid isn't affected by this bug.

Revision history for this message
Chuck Short (zulcss) wrote :

Closing then.

Regards
chuck

Changed in nmap (Ubuntu):
status: Incomplete → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.