Open cloudziu opened 4 years ago
Thanks for this report. It is possible that -sT
is not compatible with the -e
option, but I haven't checked. Can you please provide the output of the following commands so we can better diagnose?
nmap --version
nmap -e eth0 --route-dst 10.1.93.1
Hello @dmiller-nmap, thank you for your willingness to help ! !
# nmap --version
Nmap version 7.70 ( https://nmap.org )
Platform: x86_64-pc-linux-gnu
Compiled with: liblua-5.3.3 openssl-1.1.1d libssh2-1.8.0 libz-1.2.11 libpcre-8.39 libpcap-1.8.1 nmap-libdnet-1.12 ipv6
Compiled without:
Available nsock engines: epoll poll select
# nmap -e eth0 --route-dst 10.1.93.2 (10.1.93.2 is eht1 interface addr, so it could give false-positives, routing on loopback interface)
Starting Nmap 7.70 ( https://nmap.org ) at 2020-09-18 06:38 UTC
10.1.93.2
eth0 eth0 srcaddr 192.168.2.179 nexthop 192.168.2.1
WARNING: No targets were specified, so 0 hosts scanned.
Nmap done: 0 IP addresses (0 hosts up) scanned in 0.38 seconds
Additionally:
# nmap --route-dst 10.1.93.10
Starting Nmap 7.70 ( https://nmap.org ) at 2020-09-18 06:48 UTC
10.1.93.10
eth1 eth1 srcaddr 10.1.93.1 direct
WARNING: No targets were specified, so 0 hosts scanned.
Nmap done: 0 IP addresses (0 hosts up) scanned in 0.36 seconds
Like I said earlier, one of a thousand runs gives results from eth1. I'm not even sure if this is nmap problem, or there is SOMETHING in the environment that causes it. I will appreciate every hint !
Hello everyone
The case
Topology:
From host A I want to regularly scan for addresses within every private CIDR at eth0, by using nmap -e param.
BUT not the hosts from eth1 To ensure that this is working correctly, I intentionally configured a script that will search for CIDR from eth1 ( 10.1.93.0/24 ), but enforce nmap to use eth0. It is executed every 10 minutes. nmap command:
Script was running for last two weeks. Every nmap result showed
except one... That perfectly scanned endpoints from "eth0"
The worst part is that I have no idea what caused it. I was searching for something abnormal in Linux logs, and found nothing. I can't reproduce this in any way. Can ARP generated by nmap somehow ignore the -e param ?
thank you in advance