Open youngjew opened 4 years ago
I found an interesting thing. There is code string from templ-pkt.c "\x02\x04\x05\xb4" / added options [mss 1460] / But. This tcp segment does not send. 0x0020: 5002 ffff fba2 0000 P.......
I'm not sure this is at all related to your issue (it probably isn't) but if you weren't aware, the pfring userspace library packages include their own libpcap shared and static libraries. Depending on how you installed pfring, these may be in /usr/lib, /usr/local/lib, or anywhere else if you specified a custom location. It's possible masscan is loading the vanilla libpcap shared library from e.g. /usr/lib while the pfring libpcap is in /usr/local/lib
You could probably test pretty easily to see if this is related at all by verifying the location of the pfring libpcap library (find /usr /lib -name libpcap\*so
) and if you see two different copies, (let's say you find one in /usr/lib, one in /usr/local/lib) try setting LD_LIBRARY_PATH=/usr/local/lib
when running masscan.
Sorry if this isn't helpful but it's something that came to mind as a possible issue
Hello, I found a very strange scanner behavior (as it turned out, zmap is also prone to this problem)
It all started with the fact that I purchased a virtual server (KVM vps) ( of course for hosts scanning). The first thing I discovered was the fact that there were no results in the scanner output! (found=0 on the big port and address ranges).
Different configuration options --router-ip -router-mac --adapter-ip --adapter-mac not affect situation. On tcpdump log it is clearly seen that the masscan tcp packets are not being returned. (received back). I tried to customize pf_ring, but it is not working with virtio without special configuration from provider KVM. So, i tried different libpcap builds, nothing helps.
Which way to think?, Im asking for help :\
Different logs:
Starting masscan 1.0.6 (http://bit.ly/14GZzcT) at 2019-09-17 11:44:49 GMT THREAD: xmit: starting thread #0 -- forced options: -sS -Pn -n --randomize-hosts -v --send-eth Initiating SYN Stealth Scan Scanning 1 hosts [2 ports/host] THREAD: status: starting thread maxrate = 100.00 THREAD: recv: starting thread #0 0:00:00 remaining, found=0 THREAD: recv: starting main loop THREAD: xmit done, waiting for receive thread to realize this ^Cwaiting several seconds to exit...
But...
Starting Nmap 7.40 ( https://nmap.org ) at 2019-09-17 14:48 MSK Initiating Parallel DNS resolution of 1 host. at 14:48 Completed Parallel DNS resolution of 1 host. at 14:48, 0.71s elapsed Initiating SYN Stealth Scan at 14:48 Scanning xx.xx.xx.xx [2 ports] Discovered open port 13391/tcp on xx.xx.xx.xx Completed SYN Stealth Scan at 14:48, 3.56s elapsed (2 total ports) Nmap scan report for xx.xx.xx.xx Host is up, received user-set (0.25s latency). Scanned at 2019-09-17 14:48:27 MSK for 4s PORT STATE SERVICE REASON 13390/tcp filtered unknown no-response 13391/tcp open unknown syn-ack ttl 115
Read data files from: /usr/bin/../share/nmap Nmap done: 1 IP address (1 host up) scanned in 4.34 seconds Raw packets sent: 3 (132B) | Rcvd: 1 (44B)