Open dadrian opened 10 years ago
Well, there appears to be a bug with "output-format = list". At least on my machine, I see now output with that configured. I don't know what, I'll debug.
Also, I see no target ranges specified, and I assume the "adapter-ip = XXX.XXX.XXX.XXX" is you editing the output of the echo command. Did you make any other changes?
On Wednesday, July 2, 2014 5:42 PM, David Adrian notifications@github.com wrote:
$ sudo ./bin/masscan -c scan.conf --echo exclude.txt: excluding 807 ranges from file rate = 100.00 randomize-hosts = true seed = 13536124560216773452 shard = 1/1
adapter = dna1 adapter-ip = XXX.XXX.XXX.XXX adapter-mac = 8b:36:9f:23:ab:22 router-mac = 4c:66:f2:28:fd:3f
output-format = list show = open,, output-filename = scan.out rotate = 0 rotate-dir = . rotate-offset = 0 rotate-filesize = 0 pcap =
ports = 80 capture = cert nocapture = html nocapture = heartbleed min-packet = 60 Works fine without pf_ring on a regular interface. Other pf_ring applications work. — Reply to this email directly or view it on GitHub.
Try running with debug info enabled -dddddddddd. That should give low-level info about opening the PF_RING drivers.
On , Robert Graham robert_david_graham@yahoo.com wrote:
Oh, wait, never mind about "output-format = list". I was reading the config wrong.
On , Robert Graham robert_david_graham@yahoo.com wrote:
Well, there appears to be a bug with "output-format = list". At least on my machine, I see now output with that configured. I don't know what, I'll debug.
Also, I see no target ranges specified, and I assume the "adapter-ip = XXX.XXX.XXX.XXX" is you editing the output of the echo command. Did you make any other changes?
On Wednesday, July 2, 2014 5:42 PM, David Adrian notifications@github.com wrote:
$ sudo ./bin/masscan -c scan.conf --echo exclude.txt: excluding 807 ranges from file rate = 100.00 randomize-hosts = true seed = 13536124560216773452 shard = 1/1
adapter = dna1 adapter-ip = XXX.XXX.XXX.XXX adapter-mac = 8b:36:9f:23:ab:22 router-mac = 4c:66:f2:28:fd:3f
output-format = list show = open,, output-filename = scan.out rotate = 0 rotate-dir = . rotate-offset = 0 rotate-filesize = 0 pcap =
ports = 80 capture = cert nocapture = html nocapture = heartbleed min-packet = 60 Works fine without pf_ring on a regular interface. Other pf_ring applications work. — Reply to this email directly or view it on GitHub.
Oh, wait, never mind about "output-format = list". I was reading the config wrong.
On , Robert Graham robert_david_graham@yahoo.com wrote:
Well, there appears to be a bug with "output-format = list". At least on my machine, I see now output with that configured. I don't know what, I'll debug.
Also, I see no target ranges specified, and I assume the "adapter-ip = XXX.XXX.XXX.XXX" is you editing the output of the echo command. Did you make any other changes?
On Wednesday, July 2, 2014 5:42 PM, David Adrian notifications@github.com wrote:
$ sudo ./bin/masscan -c scan.conf --echo exclude.txt: excluding 807 ranges from file rate = 100.00 randomize-hosts = true seed = 13536124560216773452 shard = 1/1
adapter = dna1 adapter-ip = XXX.XXX.XXX.XXX adapter-mac = 8b:36:9f:23:ab:22 router-mac = 4c:66:f2:28:fd:3f
output-format = list show = open,, output-filename = scan.out rotate = 0 rotate-dir = . rotate-offset = 0 rotate-filesize = 0 pcap =
ports = 80 capture = cert nocapture = html nocapture = heartbleed min-packet = 60 Works fine without pf_ring on a regular interface. Other pf_ring applications work. — Reply to this email directly or view it on GitHub.
I just edited the IP. I've been manually specifying a /24 as the target on the command line.
It looks like it's ignoring transmits?
$ sudo ./bin/masscan -c scan.conf -ddddddddddddddddd XXX.XXX.XXX.0/24
exclude.txt: excluding 807 ranges from file
pfring: initializing subsystem
pfring: looking for 'libpfring.so'
pfring: found 'libpfring.so'!
pfring: successfully loaded PF_RING API
pfring: found 'ixgbe' driver
pfring: found 'pf_ring' driver
pfring: found 'pf_ring' driver module
initializing adapter
pfring:'dna1': opening...
pfring:'dna1': successfully opened
pfring: version 5.6.1
pfring:'dna1': setting direction
pfring:'dna1': direction success
pfring:'dna1': activating
pfring:'dna1': successfully enabled
rawsock: ignoring transmits
rawsock: initialization done
adapter initialization done.
Starting masscan 1.0.3 (http://bit.ly/14GZzcT) at 2014-07-02 23:41:47 GMT
-- forced options: -sS -Pn -n --randomize-hosts -v --send-eth
Initiating SYN Stealth Scan
Scanning 256 hosts [1 port/host]
xmit: starting transmit thread #0
recv: start receive thread #0
maxrate = 100.00, 0.00% done, 0:00:00 remaining, found=0
xmit: starting main loop: [0..256]
begin receive thread
Transmit thread done, waiting for receive thread to realize this
recv: end receive thread #0one, waiting 0-secs, found=0
xmit: stopping transmit thread #0
EXITING main thread00.00% done, waiting 0-secs, found=0
Hmm. This may be the flushing bug.
PF_RING queues up packets to be sent, then send them as a group. Unless I flush the queue at the end of a scan, the last few packets get queued but not sent. Since your range is tiny, I think they are all getting queued by not sent.
I fixed this bug once. It may have come back. Unfortunately, PF_RING supporting isn't part of the regression test.
Try a larger scan and see what happens.
On Wednesday, July 2, 2014 7:43 PM, David Adrian notifications@github.com wrote:
It looks like it's ignoring transmits? $ sudo ./bin/masscan -c scan.conf -ddddddddddddddddd XXX.XXX.XXX.0/24 exclude.txt: excluding 807 ranges from file pfring: initializing subsystem pfring: looking for 'libpfring.so' pfring: found 'libpfring.so'! pfring: successfully loaded PF_RING API pfring: found 'ixgbe' driver pfring: found 'pf_ring' driver pfring: found 'pf_ring' driver module initializing adapter pfring:'dna1': opening... pfring:'dna1': successfully opened pfring: version 5.6.1 pfring:'dna1': setting direction pfring:'dna1': direction success pfring:'dna1': activating pfring:'dna1': successfully enabled rawsock: ignoring transmits rawsock: initialization done adapter initialization done. Starting masscan 1.0.3 (http://bit.ly/14GZzcT) at 2014-07-02 23:41:47 GMT -- forced options: -sS -Pn -n --randomize-hosts -v --send-eth Initiating SYN Stealth Scan Scanning 256 hosts [1 port/host] xmit: starting transmit thread #0 recv: start receive thread #0 maxrate = 100.00, 0.00% done, 0:00:00 remaining, found=0 xmit: starting main loop: [0..256] begin receive thread Transmit thread done, waiting for receive thread to realize this recv: end receive thread #0one, waiting 0-secs, found=0 xmit: stopping transmit thread #0 EXITING main thread00.00% done, waiting 0-secs, found=0 — Reply to this email directly or view it on GitHub.
It looks like it was related to the flushing - I was able to get results scanning a /16.
Works fine without pf_ring on a regular interface. Other pf_ring applications work.