Open altjx opened 1 year ago
Unfortunately I don't have a solution, experiencing the same issue so might go back to nmap for now, but the pfring error is probably related to https://github.com/robertdavidgraham/masscan#pf_ring
Most likely that error will exist if you haven't compiled with pfring support or support pfring in terms of hardware.
The pf_ring error is effectively informational and can be ignored, unless you installed PF_RING shared libraries and expected it to work- in which case you put them somewhere unusual and can fix by setting LD_LIBRARY_PATH to the location (e.g. /usr/local/lib)
Either way, it would not prevent masscan from functioning, it wouldn't just not be able to use direct memory access/zc
There's actually not any option to build with (or without) libpfring, in the same way there's not an option to include or exclude libpcap. It will always try to load them at runtime using dlopen(). So you'll always see this behavior
Sorry, can't help much other than to clear that up and rule out PF_RING as related
I see you're scanning a LAN - see #695
This won't work unless the gateway is willing to route the packet back in a "hairpin" style
Any assistance would be great. I've seen this issue a few times over the years, but just always flipped over to Nmap in those particular scenarios. However, I'm very curious to try nailing down what may be going on here.
In this particular scenario, I know this system has several ports opened -- 21/tcp, 23/tcp, 80/tcp, etc.; however, Masscan fails to ever identify any of these opened ports whereas I can confirm the ports are opened with other tools.
Masscan details:
Masscan version 1.3.2 ( https://github.com/robertdavidgraham/masscan ) Compiled on: Feb 2 2021 11:13:27 Compiler: gcc 10.2.1 20210110 OS: Linux CPU: unknown (64 bits) GIT version: unknown
Masscan output:
Nmap:
Telnet:
Changing the scan type (syn/connect/etc) doesn't seem to make a difference. Have also tried increasing/decreasing the rate as well.
The only thing that stands out to me is this line:
However, I'm not sure if this is truly what's causing it. Masscan is able to detect some ports opened on other systems, but misses majority of them. Anything else that stands out in the output that I should be diving deeper into, or is there anything else I may be missing? FWIW, this is being executed from within a docker container as well. Also, the systems that I'm scanning are on the same subnet as me.