Using nmap for network scan

[vince_122]

Hi !

I'm trying to use nmap to make some scans on my private network over my CT (Debian 7).

Unfortunately, with this command :
nmap 192.168.0.0/24 -n -sU -p161 -T5 --max_retries=1 --host_timeout=150ms --max_rtt_timeout=10ms

I get this error :

Starting Nmap 6.00 ( http://nmap.org ) at 2013-03-22 16:42 UTC
route_dst_netlink: can't find interface "venet0"

I'm using the venet0:0 interface, and it seems to be an implementation problem from nmap.

Anyone got a solution to make it working over venet ?

Thx !
Vince.

 

[malakatronis]

Have you tried nmap -e venet0 or nmap -e venet0:0 ?

 

[vince_122]

Yes, I forgot to paste it :

:/# nmap 192.168.0.0/24 -n -sU -p161 -T5 --max_retries=1 --host_timeout=150ms --max_rtt_timeout=10ms -e venet0

Starting Nmap 6.00 ( http://nmap.org ) at 2013-03-25 10:25 UTC
I cannot figure out what source address to use for device venet0, does it even exist?
QUITTING!

n:/# nmap 192.168.0.0/24 -n -sU -p161 -T5 --max_retries=1 --host_timeout=150ms --max_rtt_timeout=10ms -e venet0:0

Starting Nmap 6.00 ( http://nmap.org ) at 2013-03-25 10:25 UTC
I cannot figure out what source address to use for device venet0:0, does it even exist?
QUITTING!

 

[malakatronis]

What's the output of nmap --iflist ?

 

[vince_122]

So weird..

:/# nmap --iflist


Starting Nmap 6.00 ( http://nmap.org ) at 2013-03-25 10:33 UTC
INTERFACES: NONE FOUND(!)
ROUTES: NONE FOUND(!)

 

[malakatronis]

It's weird indeed.

What about --unprivileged option?

 

[vince_122]

I can see something better !

nmap 192.168.0.0/24 -n -p161 --max_retries=1 --host_timeout=150ms --max_rtt_timeout=100ms --unprivileged

Is working !

but the original (with udp):

nmap 192.168.0.0/24 -n -sU -p161 --max_retries=1 --host_timeout=150ms --max_rtt_timeout=100ms --unprivileged

Isn't working

You requested a scan type which requires root privileges.
QUITTING!

So why does it working with this "unprivileged" option ?

 

[malakatronis]

I don't really know. I suspect it has something to do with the fact that you're running it inside a container.

Maybe you need to give some permissions to the CT. Try

vzctl set VMID --capability net_admin:on --save

(from Proxmox node).

 

[vince_122]

I stopped the CT, applied config, but nothing new..

Thanks for trying !!

 

[malakatronis]

And what about...

vzctl set VMID --capability net_admin:on,net_raw:on,net_broadcast:on,net_bind_service:on --save

(run nmap without the --unprivileged option)

Just out of curiosity.

 

[vince_122]

Nothing !

nmap 192.168.0.0/24 -n -p161 --max_retries=1 --host_timeout=150ms --max_rtt_timeout=100ms


Starting Nmap 6.00 ( http://nmap.org ) at 2013-03-25 11:21 UTC
route_dst_netlink: can't find interface "venet0"

Even with -e venet0 or venet0:0

 

[maddler]

Hello, have you made any progress on this?
I keep getting the same error even from the host OS.

EDIT: I've just been able to perform a scan using nmap 6.40 built from sources (http://nmap.org/download.html)

Cheers,
William