Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 16 Jun 2004 15:14:38 -0400
From:      Chuck Swiger <cswiger@mac.com>
To:        Oliver Eikemeier <eikemeier@fillmore-labs.com>
Cc:        Alex Povolotsky <tarkhil@webmail.sub.ru>
Subject:   Re: nmap not scanning networks?
Message-ID:  <40D09C1E.7040806@mac.com>
In-Reply-To: <9671B9BE-BFC7-11D8-9250-00039312D914@fillmore-labs.com>
References:  <9671B9BE-BFC7-11D8-9250-00039312D914@fillmore-labs.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
Oliver Eikemeier wrote:
[ ... ]
> Have you checked the firewall rules and routing tables on your machines?

Yes, there's nothing unusual there, on a 4.10 system:

4-sec# nmap -sT -p 21 192.168.1.1
Starting nmap 3.50 ( http://www.insecure.org/nmap/ ) at 2004-06-16 15:09 EDT
Interesting ports on linksys.local (192.168.1.1):
PORT   STATE  SERVICE
21/tcp closed ftp

Nmap run completed -- 1 IP address (1 host up) scanned in 0.353 seconds
5-sec# nmap -sT -p 21 192.168.1.2
Starting nmap 3.50 ( http://www.insecure.org/nmap/ ) at 2004-06-16 15:09 EDT
Interesting ports on sec.local (192.168.1.2):
PORT   STATE  SERVICE
21/tcp closed ftp

Nmap run completed -- 1 IP address (1 host up) scanned in 0.347 seconds
6-sec# nmap -sT -p 21 192.168.1.1-10
Starting nmap 3.50 ( http://www.insecure.org/nmap/ ) at 2004-06-16 15:09 EDT
sendto in send_ip_raw: sendto(4, packet, 28, 0, 192.168.1.1, 16) => Permission 
denied
Sleeping 15 seconds then retrying
^Ccaught SIGINT signal, cleaning up

7-sec# ipfw -a l
00100   9904  1842768 allow ip from any to any via lo0
00200      0        0 deny ip from any to 127.0.0.0/8
00300      1       28 deny ip from 127.0.0.0/8 to any
65000 121699 39609455 allow ip from any to any
65535      0        0 allow ip from any to any

8-sec# netstat -nr
Routing tables

Internet:
Destination        Gateway            Flags    Refs      Use  Netif Expire
default            192.168.1.1        UGSc       74     9267   fxp0
10.1.3/24          link#2             UC          0        0   sis0
127.0.0.1          127.0.0.1          UH          6     4946    lo0
192.168.1.0        ff:ff:ff:ff:ff:ff  UHLWb       0        4   fxp0 =>
192.168.1          link#1             UC          5        0   fxp0
192.168.1.1        00:20:78:d2:03:05  UHLW       75    18323   fxp0   1185
192.168.1.2        00:a0:c9:de:ca:0e  UHLW        1        6    lo0
192.168.1.3        00:10:4b:21:89:f2  UHLW        4     8462   fxp0   1197
192.168.1.7        00:40:63:c5:4e:39  UHLW        1     2207   fxp0    596

> Do you have the same problems with non-private IP ranges?

Good question.  No, I didn't seem to have any problems scanning non-private IP 
ranges.

-- 
-Chuck

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?40D09C1E.7040806>