VorpalBlade
commented
2 months ago Also tried this on a stock Ubuntu 24.04 system (kernel 6.8.0-41-generic) with the exact result: netdiscover bypasses opensnitch.
Open VorpalBlade opened 2 months ago
VorpalBlade
commented
2 months ago Also tried this on a stock Ubuntu 24.04 system (kernel 6.8.0-41-generic) with the exact result: netdiscover bypasses opensnitch.
VorpalBlade
commented
2 months ago I straced the netdiscover and it seems to use many types of sockets: AF_PACKET, AF_NETLINK, AF_BLUETOOTH (???). All of them are SOCK_RAW.
The strange thing then is that netdiscover gets past, while nmap gets blocked?
gustavo-iniguez-goya
commented
2 months ago Hi @VorpalBlade ,
Yeah, it seems to use RAW sockets to send ARP requests: netdiscover - active/passive ARP reconnaissance tool
We don't work at that level.
Please, check the FAQ and Known Problems pages before creating the bug report:
https://github.com/evilsocket/opensnitch/wiki/FAQs
GUI related issues: https://github.com/evilsocket/opensnitch/wiki/GUI-known-problems
Daemon related issues:
opensnitchd -check-requirementsto see if your kernel is compatible.: All greenDescribe the bug It seems
netdiscoverpasses under the radar of opensnitch. I'm not actually sure what type of sockets netdiscover uses, so I don't know if this is expected.Include the following information:
Linux athena 6.10.8-zen1-1-zen #1 ZEN SMP PREEMPT_DYNAMIC Wed, 04 Sep 2024 15:18:31 +0000 x86_64 GNU/LinuxTo Reproduce Steps to reproduce the behavior:
pacman -S netdiscoverPost error logs: I don't see any relevant error logs in this case.
Expected behavior (optional) Netdiscover shouldn't be able to bypass opensnitch.
Screenshots If applicable, add screenshots or videos to help explain your problem. It may help to understand the issue much better.
Additional context Add any other context about the problem here.