|

nmap mac osx 10.6.1 Network scans only return results for local host

View: New views

4 Messages — Rating Filter: Alert me

	nmap mac osx 10.6.1 Network scans only return results for local host by David Radunsky :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Good Day, Thanks in advance for your assistance. nmap is an invaluable tool! After upgrading to Snow Leopard all scans return only information about my machine. Session information follows. Wireshark seems to be working, but I don't have a lot of traffic on my small net to test. The nmap scan leaves off the firewall at 242.1, and a printer at 242.4. I have tried reinstalling using the mpkg for V5. I have been searching the net and the insecure archives and haven't found anything helpful. Any help would be appreciated. rendel:~ dlr$ sudo nmap -T4 -A -v -PE -PA21,23,80,3389 192.168.242.0/24 Starting Nmap 5.00 ( http://nmap.org ) at 2009-11-09 20:18 EST NSE: Loaded 30 scripts for scanning. Initiating ARP Ping Scan at 20:18 Scanning 220 hosts [1 port/host] Completed ARP Ping Scan at 20:18, 4.46s elapsed (220 total hosts) Initiating Parallel DNS resolution of 1 host. at 20:18 Completed Parallel DNS resolution of 1 host. at 20:18, 0.02s elapsed Initiating ARP Ping Scan at 20:18 Scanning 35 hosts [1 port/host] Completed ARP Ping Scan at 20:18, 0.82s elapsed (35 total hosts) Initiating SYN Stealth Scan at 20:18 Scanning 192.168.242.220 [1000 ports] Discovered open port 5900/tcp on 192.168.242.220 Discovered open port 445/tcp on 192.168.242.220 Discovered open port 139/tcp on 192.168.242.220 Discovered open port 88/tcp on 192.168.242.220 Discovered open port 3300/tcp on 192.168.242.220 Discovered open port 548/tcp on 192.168.242.220 Discovered open port 6000/tcp on 192.168.242.220 Completed SYN Stealth Scan at 20:18, 7.97s elapsed (1000 total ports) Initiating Service scan at 20:18 Scanning 7 services on 192.168.242.220 Completed Service scan at 20:20, 106.03s elapsed (7 services on 1 host) Initiating OS detection (try #1) against 192.168.242.220 NSE: Script scanning 192.168.242.220. NSE: Starting runlevel 1 scan Initiating NSE at 20:20 Completed NSE at 20:20, 0.04s elapsed NSE: Starting runlevel 2 scan Initiating NSE at 20:20 Completed NSE at 20:20, 0.02s elapsed NSE: Script Scanning completed. Host 192.168.242.220 is up (0.00011s latency). Interesting ports on 192.168.242.220: Not shown: 956 closed ports, 37 filtered ports PORT STATE SERVICE VERSION 88/tcp open kerberos-sec Mac OS X kerberos-sec 139/tcp open netbios-ssn Samba smbd 3.X (workgroup: WORKGROUP) 445/tcp open netbios-ssn Samba smbd 3.X (workgroup: WORKGROUP) 548/tcp open afp? 3300/tcp open unknown 5900/tcp open vnc Apple remote desktop vnc 6000/tcp open X11 (access denied) 1 service unrecognized despite returning data. If you know the service/ version, please submit the following fingerprint at http://www.insecure.org/cgi-bin/servicefp-submit.cgi : SF-Port548-TCP:V=5.00%I=7%D=11/9%Time=4AF8BF6B%P=i386-apple- darwin9.7.0%r( SF:SSLSessionReq,17B,"\x01\x03\0\0Q\xec\xff\xff\0\0\x01k\0\0\0\0\0\x1a \0\( SF:\0E\0\0\x8f\xfb\x07grendel\0z\0\x8a\0\xf0\x01b \rMacBookPro3,1\x04\x06AF SF:P3\.3\x06AFP3\.2\x06AFP3\. 1\x06AFPX03\x05\tDHCAST128\x04DHX2\x06Recon1\ SF:rClient\x20Krb\x20v2\x0fNo\x20User\x20Authent \0\0\0\0\0\0\x10\0\x80\0\0 SF:\x1bc\x9fF\xb9\x07\x08\x02\xc0\xa8\xf2\xdc\x02\$\x08\x02\n \xd37\x02\x02 SF:\$\x08\x02\n%\x81\x02\x02\$\x14\x07\xfe\x80\0\0\0\0\0\0\x02\x1bc\xff \xf SF:e\x9fF\xb9\x02\$\x14\x07\xfe\x80\0\0\0\0\0\0\x02\x1cB\xff\xfe \0\0\x08\x SF:02\$\x14\x07\xfe\x80\0\0\0\0\0\0\x02\x1cB\xff\xfe\0\0\t\x02\$ \x11\x0419 SF:2\.168\.242\.220\x01oafpserver/LKDC:SHA1\. 2C5EA9D1B40B10FC06EA6B02DFD40 SF:DEDEA608E0F@LKDC:SHA1\.2C5EA9D1B40B10FC06EA6B02DFD40DEDEA608E0F \0\0\x07 SF:grendel")%r(SSLv23SessionReq,17B,"\x01\x03\0\x80Q\xec\xff\xff \0\0\x01k\ SF:0\0\0\0\0\x1a\0\(\0E\0\0\x8f\xfb\x07grendel\0z\0\x8a\0\xf0\x01b \rMacBoo SF:kPro3,1\x04\x06AFP3\.3\x06AFP3\.2\x06AFP3\. 1\x06AFPX03\x05\tDHCAST128\x SF:04DHX2\x06Recon1\rClient\x20Krb\x20v2\x0fNo\x20User\x20Authent \0\0\0\0\ SF:0\0\x10\0\x80\0\0\x1bc\x9fF\xb9\x07\x08\x02\xc0\xa8\xf2\xdc\x02\$ \x08\x SF:02\n\xd37\x02\x02\$\x08\x02\n%\x81\x02\x02\$\x14\x07\xfe \x80\0\0\0\0\0\ SF:0\x02\x1bc\xff\xfe\x9fF\xb9\x02\$\x14\x07\xfe \x80\0\0\0\0\0\0\x02\x1cB\ SF:xff\xfe\0\0\x08\x02\$\x14\x07\xfe\x80\0\0\0\0\0\0\x02\x1cB\xff\xfe \0\0\ SF:t\x02\$\x11\x04192\.168\.242\.220\x01oafpserver/LKDC:SHA1\. 2C5EA9D1B40B SF:10FC06EA6B02DFD40DEDEA608E0F@LKDC:SHA1\. 2C5EA9D1B40B10FC06EA6B02DFD40DE SF:DEA608E0F\0\0\x07grendel")%r(WMSRequest,17B,"\x01\x03\0NQ\xec\xff \xff\0 SF:\0\x01k\0\0\0\0\0\x1a\0\(\0E\0\0\x8f\xfb\x07grendel\0z\0\x8a \0\xf0\x01b SF:\rMacBookPro3,1\x04\x06AFP3\.3\x06AFP3\.2\x06AFP3\. 1\x06AFPX03\x05\tDHC SF:AST128\x04DHX2\x06Recon1\rClient\x20Krb\x20v2\x0fNo\x20User \x20Authent\ SF:0\0\0\0\0\0\x10\0\x80\0\0\x1bc\x9fF\xb9\x07\x08\x02\xc0\xa8\xf2\xdc \x02 SF:\$\x08\x02\n\xd37\x02\x02\$\x08\x02\n%\x81\x02\x02\$\x14\x07\xfe \x80\0\ SF:0\0\0\0\0\x02\x1bc\xff\xfe\x9fF\xb9\x02\$\x14\x07\xfe \x80\0\0\0\0\0\0\x SF:02\x1cB\xff\xfe\0\0\x08\x02\$\x14\x07\xfe\x80\0\0\0\0\0\0\x02\x1cB \xff\ SF:xfe\0\0\t\x02\$\x11\x04192\.168\.242\.220\x01oafpserver/LKDC:SHA1\. 2C5E SF:A9D1B40B10FC06EA6B02DFD40DEDEA608E0F@LKDC:SHA1\. 2C5EA9D1B40B10FC06EA6B0 SF:2DFD40DEDEA608E0F\0\0\x07grendel"); Device type: general purpose Running: Apple Mac OS X 10.5.X OS details: Apple Mac OS X 10.5 - 10.5.6 (Leopard) (Darwin 9.0.0 - 9.6.0) Uptime guess: 58.464 days (since Sat Sep 12 10:12:03 2009) Network Distance: 0 hops TCP Sequence Prediction: Difficulty=252 (Good luck!) IP ID Sequence Generation: Randomized Service Info: OSs: Mac OS X, Unix Host script results: \| nbstat: NetBIOS name: GRENDEL, NetBIOS user: <unknown>, NetBIOS MAC: <unknown> \| Name: GRENDEL<03> Flags: <unique><active> \| Name: GRENDEL<20> Flags: <unique><active> \| Name: GRENDEL<00> Flags: <unique><active> \| Name: \x01\x02__MSBROWSE__\x02<01> Flags: <group><active> \| Name: WORKGROUP<1d> Flags: <unique><active> \| Name: WORKGROUP<1e> Flags: <group><active> \|_ Name: WORKGROUP<00> Flags: <group><active> \| smb-os-discovery: Unix \| LAN Manager: Samba 3.0.28a-apple \| Name: WORKGROUP\Unknown \|_ System time: 2009-11-09 20:20:17 UTC-5 Read data files from: /usr/local/share/nmap OS and Service detection performed. Please report any incorrect results at http://nmap.org/submit/ . Nmap done: 256 IP addresses (1 host up) scanned in 121.62 seconds Raw packets sent: 2121 (93.162KB) \| Rcvd: 2600 (111.452KB) -- David Radunsky Advanced System Consultant International Data Consultants 13302 SW 128 St Miami, FL 33186 c 786 261-9593 o 305 253-7677 f 305 253-7657 _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/ PastedGraphic-1.tiff (68K) Download Attachment
	Fwd: nmap mac osx 10.6.1 Network scans only return results for local host by David Radunsky :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Good Day, So I must be loosing my mind. If I run without root privilege I get the scan I was expecting. I thought I needed root to do a full scan. I do get a report that I am not root so it won't use ICMP. I apologize for pestering. Thank you. -- David Radunsky Advanced System Consultant International Data Consultants 13302 SW 128 St Miami, FL 33186 c 786 261-9593 o 305 253-7677 f 305 253-7657 Begin forwarded message: > From: David Radunsky <DRadunsky@...> > Date: November 9, 2009 8:30:49 PM EST > To: "nmap-dev@..." <nmap-dev@...> > Subject: nmap mac osx 10.6.1 Network scans only return results for > local host > > Good Day, > > Thanks in advance for your assistance. nmap is an invaluable tool! > > After upgrading to Snow Leopard all scans return only information > about my machine. Session information follows. Wireshark seems to be > working, but I don't have a lot of traffic on my small net to test. > The nmap scan leaves off the firewall at 242.1, and a printer at > 242.4. > > I have tried reinstalling using the mpkg for V5. > > I have been searching the net and the insecure archives and haven't > found anything helpful. Any help would be appreciated. > > rendel:~ dlr$ sudo nmap -T4 -A -v -PE -PA21,23,80,3389 > 192.168.242.0/24 > > Starting Nmap 5.00 ( http://nmap.org ) at 2009-11-09 20:18 EST > NSE: Loaded 30 scripts for scanning. > Initiating ARP Ping Scan at 20:18 > Scanning 220 hosts [1 port/host] > Completed ARP Ping Scan at 20:18, 4.46s elapsed (220 total hosts) > Initiating Parallel DNS resolution of 1 host. at 20:18 > Completed Parallel DNS resolution of 1 host. at 20:18, 0.02s elapsed > Initiating ARP Ping Scan at 20:18 > Scanning 35 hosts [1 port/host] > Completed ARP Ping Scan at 20:18, 0.82s elapsed (35 total hosts) > Initiating SYN Stealth Scan at 20:18 > Scanning 192.168.242.220 [1000 ports] > Discovered open port 5900/tcp on 192.168.242.220 > Discovered open port 445/tcp on 192.168.242.220 > Discovered open port 139/tcp on 192.168.242.220 > Discovered open port 88/tcp on 192.168.242.220 > Discovered open port 3300/tcp on 192.168.242.220 > Discovered open port 548/tcp on 192.168.242.220 > Discovered open port 6000/tcp on 192.168.242.220 > Completed SYN Stealth Scan at 20:18, 7.97s elapsed (1000 total ports) > Initiating Service scan at 20:18 > Scanning 7 services on 192.168.242.220 > Completed Service scan at 20:20, 106.03s elapsed (7 services on 1 > host) > Initiating OS detection (try #1) against 192.168.242.220 > NSE: Script scanning 192.168.242.220. > NSE: Starting runlevel 1 scan > Initiating NSE at 20:20 > Completed NSE at 20:20, 0.04s elapsed > NSE: Starting runlevel 2 scan > Initiating NSE at 20:20 > Completed NSE at 20:20, 0.02s elapsed > NSE: Script Scanning completed. > Host 192.168.242.220 is up (0.00011s latency). > Interesting ports on 192.168.242.220: > Not shown: 956 closed ports, 37 filtered ports > PORT STATE SERVICE VERSION > 88/tcp open kerberos-sec Mac OS X kerberos-sec > 139/tcp open netbios-ssn Samba smbd 3.X (workgroup: WORKGROUP) > 445/tcp open netbios-ssn Samba smbd 3.X (workgroup: WORKGROUP) > 548/tcp open afp? > 3300/tcp open unknown > 5900/tcp open vnc Apple remote desktop vnc > 6000/tcp open X11 (access denied) > 1 service unrecognized despite returning data. If you know the > service/ > version, please submit the following fingerprint at http://www.insecure.org/cgi-bin/servicefp-submit.cgi > : > SF-Port548-TCP:V=5.00%I=7%D=11/9%Time=4AF8BF6B%P=i386-apple- > darwin9.7.0%r( > SF:SSLSessionReq,17B,"\x01\x03\0\0Q\xec\xff\xff\0\0\x01k\0\0\0\0\0\x1a > \0\( > SF:\0E\0\0\x8f\xfb\x07grendel\0z\0\x8a\0\xf0\x01b > \rMacBookPro3,1\x04\x06AF > SF:P3\.3\x06AFP3\.2\x06AFP3\. > 1\x06AFPX03\x05\tDHCAST128\x04DHX2\x06Recon1\ > SF:rClient\x20Krb\x20v2\x0fNo\x20User\x20Authent > \0\0\0\0\0\0\x10\0\x80\0\0 > SF:\x1bc\x9fF\xb9\x07\x08\x02\xc0\xa8\xf2\xdc\x02\$\x08\x02\n > \xd37\x02\x02 > SF:\$\x08\x02\n%\x81\x02\x02\$\x14\x07\xfe\x80\0\0\0\0\0\0\x02\x1bc > \xff > \xf > SF:e\x9fF\xb9\x02\$\x14\x07\xfe\x80\0\0\0\0\0\0\x02\x1cB\xff\xfe > \0\0\x08\x > SF:02\$\x14\x07\xfe\x80\0\0\0\0\0\0\x02\x1cB\xff\xfe\0\0\t\x02\$ > \x11\x0419 > SF:2\.168\.242\.220\x01oafpserver/LKDC:SHA1\. > 2C5EA9D1B40B10FC06EA6B02DFD40 > SF:DEDEA608E0F@LKDC:SHA1\.2C5EA9D1B40B10FC06EA6B02DFD40DEDEA608E0F > \0\0\x07 > SF:grendel")%r(SSLv23SessionReq,17B,"\x01\x03\0\x80Q\xec\xff\xff > \0\0\x01k\ > SF:0\0\0\0\0\x1a\0\(\0E\0\0\x8f\xfb\x07grendel\0z\0\x8a\0\xf0\x01b > \rMacBoo > SF:kPro3,1\x04\x06AFP3\.3\x06AFP3\.2\x06AFP3\. > 1\x06AFPX03\x05\tDHCAST128\x > SF:04DHX2\x06Recon1\rClient\x20Krb\x20v2\x0fNo\x20User\x20Authent > \0\0\0\0\ > SF:0\0\x10\0\x80\0\0\x1bc\x9fF\xb9\x07\x08\x02\xc0\xa8\xf2\xdc\x02\$ > \x08\x > SF:02\n\xd37\x02\x02\$\x08\x02\n%\x81\x02\x02\$\x14\x07\xfe > \x80\0\0\0\0\0\ > SF:0\x02\x1bc\xff\xfe\x9fF\xb9\x02\$\x14\x07\xfe > \x80\0\0\0\0\0\0\x02\x1cB\ > SF:xff\xfe\0\0\x08\x02\$\x14\x07\xfe\x80\0\0\0\0\0\0\x02\x1cB\xff\xfe > \0\0\ > SF:t\x02\$\x11\x04192\.168\.242\.220\x01oafpserver/LKDC:SHA1\. > 2C5EA9D1B40B > SF:10FC06EA6B02DFD40DEDEA608E0F@LKDC:SHA1\. > 2C5EA9D1B40B10FC06EA6B02DFD40DE > SF:DEA608E0F\0\0\x07grendel")%r(WMSRequest,17B,"\x01\x03\0NQ\xec\xff > \xff\0 > SF:\0\x01k\0\0\0\0\0\x1a\0\(\0E\0\0\x8f\xfb\x07grendel\0z\0\x8a > \0\xf0\x01b > SF:\rMacBookPro3,1\x04\x06AFP3\.3\x06AFP3\.2\x06AFP3\. > 1\x06AFPX03\x05\tDHC > SF:AST128\x04DHX2\x06Recon1\rClient\x20Krb\x20v2\x0fNo\x20User > \x20Authent\ > SF:0\0\0\0\0\0\x10\0\x80\0\0\x1bc\x9fF\xb9\x07\x08\x02\xc0\xa8\xf2\xdc > \x02 > SF:\$\x08\x02\n\xd37\x02\x02\$\x08\x02\n%\x81\x02\x02\$\x14\x07\xfe > \x80\0\ > SF:0\0\0\0\0\x02\x1bc\xff\xfe\x9fF\xb9\x02\$\x14\x07\xfe > \x80\0\0\0\0\0\0\x > SF:02\x1cB\xff\xfe\0\0\x08\x02\$\x14\x07\xfe\x80\0\0\0\0\0\0\x02\x1cB > \xff\ > SF:xfe\0\0\t\x02\$\x11\x04192\.168\.242\.220\x01oafpserver/LKDC:SHA1\. > 2C5E > SF:A9D1B40B10FC06EA6B02DFD40DEDEA608E0F@LKDC:SHA1\. > 2C5EA9D1B40B10FC06EA6B0 > SF:2DFD40DEDEA608E0F\0\0\x07grendel"); > Device type: general purpose > Running: Apple Mac OS X 10.5.X > OS details: Apple Mac OS X 10.5 - 10.5.6 (Leopard) (Darwin 9.0.0 - > 9.6.0) > Uptime guess: 58.464 days (since Sat Sep 12 10:12:03 2009) > Network Distance: 0 hops > TCP Sequence Prediction: Difficulty=252 (Good luck!) > IP ID Sequence Generation: Randomized > Service Info: OSs: Mac OS X, Unix > > Host script results: > \| nbstat: NetBIOS name: GRENDEL, NetBIOS user: <unknown>, NetBIOS > MAC: <unknown> > \| Name: GRENDEL<03> Flags: <unique><active> > \| Name: GRENDEL<20> Flags: <unique><active> > \| Name: GRENDEL<00> Flags: <unique><active> > \| Name: \x01\x02__MSBROWSE__\x02<01> Flags: <group><active> > \| Name: WORKGROUP<1d> Flags: <unique><active> > \| Name: WORKGROUP<1e> Flags: <group><active> > \|_ Name: WORKGROUP<00> Flags: <group><active> > \| smb-os-discovery: Unix > \| LAN Manager: Samba 3.0.28a-apple > \| Name: WORKGROUP\Unknown > \|_ System time: 2009-11-09 20:20:17 UTC-5 > > Read data files from: /usr/local/share/nmap > OS and Service detection performed. Please report any incorrect > results at http://nmap.org/submit/ . > Nmap done: 256 IP addresses (1 host up) scanned in 121.62 seconds > Raw packets sent: 2121 (93.162KB) \| Rcvd: 2600 (111.452KB) > > > > -- > > David Radunsky > Advanced System Consultant > International Data Consultants > > 13302 SW 128 St > Miami, FL 33186 > > c 786 261-9593 > o 305 253-7677 > f 305 253-7657 > > > > _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/ smime.p7s (2K) Download Attachment
	Re: nmap mac osx 10.6.1 Network scans only return results for local host by Tom Sellers :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message David Radunsky wrote: > Good Day, > > Thanks in advance for your assistance. nmap is an invaluable tool! > > After upgrading to Snow Leopard all scans return only information > about my machine. Session information follows. Wireshark seems to be > working, but I don't have a lot of traffic on my small net to test. > The nmap scan leaves off the firewall at 242.1, and a printer at 242.4. <snip> David, We, as well as some other projects, have been seeing some odd behavior with Snow Leopard. Could you please try running your scan as a normal user instead of root and let us know if the result changes? You will likely have to drop the -PE to do this. Also, Apple released 10.6.2 today. They may have addressed the bpf problem with that update. Tom _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
	Re: Fwd: nmap mac osx 10.6.1 Network scans only return results for local host by David Fifield :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message On Mon, Nov 09, 2009 at 09:07:31PM -0500, David Radunsky wrote: > So I must be loosing my mind. If I run without root privilege I get the > scan I was expecting. I thought I needed root to do a full scan. > > I do get a report that I am not root so it won't use ICMP. > > I apologize for pestering. You didn't do anything wrong--Nmap is supposed to work running as root, just as you did it. There is a bug in Mac OS X 10.6 that keeps it from working, that we've only recently started to figure out. http://seclists.org/nmap-dev/2009/q4/277 If you're using using the 5.00 .dmg installer, you can work around the problem by running tcpdump in the background before you start your scan. sudo tcpdump -i en0 -n You may have to change the "en0" to another interface depending on which addresses you're scanning. David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/