Nmap stops working after upgrade to 3.0

Discussion in 'General Questions' started by bkwhite, Jun 18, 2007.

  1. bkwhite

    bkwhite

    Messages:
    12
    This command worked prior to upgrading to 3.0. (under OS X)

    sudo nmap -A -v -P0 ###.###.###.###
    Password:

    Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2007-06-16 19:37 EDT
    getinterfaces: Failed to open ethernet interface (fw0). A possible cause on BSD operating systems is running out of BPF devices (see http://seclists.org/lists/nmap-dev/2...Mar/0014.html).
    QUITTING!


    after compiling and installing nmap 4.20

    sudo nmap -A -v -P0 ###.###.###.###
    Password:

    Starting Nmap 4.20 ( http://insecure.org ) at 2007-06-18 10:35 EDT
    getinterfaces: Failed to open ethernet interface (fw0). A possible cause on BSD operating systems is running out of BPF devices (see http://seclists.org/lists/nmap-dev/2006/Jan-Mar/0014.html).
    QUITTING!

    thank you
     
  2. serv

    serv Parallels Developers

    Messages:
    783
    bkwhite,

    Can you check that tcpdump works?
    sudo tcpdump -p -vv
     
  3. dkp

    dkp

    Messages:
    1,411
    It looks like it's defaulted to a firewire interface. Do you have your firewire port configured to use tcp/ip? If not then specify the interface you'd like to use with the -e option.
     
  4. bkwhite

    bkwhite

    Messages:
    12
  5. dkp

    dkp

    Messages:
    1,411
    I just built 4.20 from source on my MacBook Pro and it runs perfectly. I then installed Parallels 3.0 and it still works fine. Did you try building it? Takes about 5 minutes if that.

    Edit: In another thread a repeating problem has appeared involving the fw0 interface:
    http://forum.parallels.com/post68227-1.html

    I wonder what would happen with your nmap tool if you downed the fw0 interface on your Mac.
     
    Last edited: Jun 18, 2007
  6. serv

    serv Parallels Developers

    Messages:
    783
    bkwhite,

    The fun part is that tcpdump succeeds using BPF. Which means that nmap message about BPF is misleading, and the problem lies somewhere else. You've probably just misconfigured it.
    BTW, Parallels does not use BPF at all.
     
  7. bkwhite

    bkwhite

    Messages:
    12
    dkp: Yes I did compile, from source, nmap version 4.20 (earlier post), I also did the ifconfig fw0 down. I will check out the link thanks.

    serv: For me the funny/sad thing is the parallels upgrade to 3.0 is the only "configuring" I had done, between the workings of nmap. Then of course attempting to "fix" after the 3.0 upgrade.
     
  8. serv

    serv Parallels Developers

    Messages:
    783
    You can try commenting out Parallels kernel module loads in /Library/StartupItems/Parallels/Parallels to see which one makes any difference for nmap. Try Pvnvnic first, then Pvsnet. Note that you'll have to reboot for changes to take effect.
     
  9. bkwhite

    bkwhite

    Messages:
    12
    Serv: Thank you I'll give that a try.
     
  10. SteveBosell

    SteveBosell

    Messages:
    15
    My installation if nmap has also stopped working, same error message
    " A possible cause on BSD operating systems is running out of BPF devices "
     
  11. dkp

    dkp

    Messages:
    1,411
  12. jasonw

    jasonw

    Messages:
    90
    Me too!

    Code:
    jasonbookpro:~ jason$ sudo nmap 192.168.1.1
    
    Starting Nmap 4.21ALPHA4 ( http://insecure.org ) at 2007-06-21 06:47 EST
    getinterfaces: Failed to obtain MAC address for ethernet interface (fw0)
    QUITTING!
    jasonbookpro:~ jason$ sudo ifconfig fw0 down
    jasonbookpro:~ jason$ sudo nmap 192.168.1.1
    
    Starting Nmap 4.21ALPHA4 ( http://insecure.org ) at 2007-06-21 06:47 EST
    getinterfaces: Failed to open ethernet interface (fw0). A possible cause on BSD operating systems is running out of BPF devices (see http://seclists.org/lists/nmap-dev/2006/Jan-Mar/0014.html).
    QUITTING!
    
    This is with a 4.21ALPHA4 build from source as hinted by comments at http://dcortesi.com/2007/06/14/parallels-now-breaks-nmap-on-os-x-too. I have the same issue with 4.20 built using MacPorts.

    I haven't tried not loading kexts. I need networking in Parallels more than I do nmap from my workstation.
     
  13. unused_user_name

    unused_user_name

    Messages:
    498
    I tried this using the built-in (I think) nmap version 3.81 and it works fine here, however the version from port (4.20) does not seem to work.
     
  14. Not just nmap

    This also broke Cisco VPN as well. I re-installed VPN Client & all is well but no such luck through MacPorts for nmap. I can't access nmap website from work so will try downloading & compiling from source later. So far only these two apps have displayed the issue.

    It may not be a parallels problem, nmap has never recognized the -e (force of interface) command for me in OS X, but I definately didn't have this issue with 2.5. Anyone know what they changed network side for version 3?

    Also, perhaps worth noting, when I run without sudo I have no issues at all, only when I use sudo do I get this message, "Failed to obtain MAC address for ethernet interface (fw0)".

    My best guess was that there is some dependency it breaks & that is why the macport version stops working but compiling from source for some has fixed this issue.
     
  15. one more thought

    These are the dependencies for nmap according to macports:

    Library Dependencies: libpcap, openssl, pcre, zlib

    Anyone know if one of these could be causing the issue?
     
  16. dkp

    dkp

    Messages:
    1,411
    libpcap is essential, the rest support features but are not critical.
     
  17. libpcap for nmap

    Nmap for macports does not use it's own version of libpcap, it uses the built in OS X library. Did Parallel's modify libpcap for OS X? If that were the case then it would be a Parallel's issue after all.
     
  18. bkwhite

    bkwhite

    Messages:
    12
    Sorry it took so long to get back to this.

    I entered a support ticket just to cover the bases. (It would not accept my registration number so I had to enter it on the pre-sale one)

    opening up the /Library/StartupItems/Parallels/Parallels i found a Pvsvnic but not a Pvnvnic.

    So I didn't comment out anything.
     
  19. SteveBosell

    SteveBosell

    Messages:
    15
    I need to use Nmap, is there a walkaround, like for the cisco VPN?
     
  20. Carcarius

    Carcarius

    Messages:
    3
    Same problem here

    I am having the same problem with nmap. I haven't used nmap in a few months but all of a sudden I get the same errors reported here. I also have the latest build of Parallels so I presume this install has caused this problem. My Parallels install is more important so I won't be doing anything drastic here but it would be helpful to find a resolution to this problem. Any recommendation would be appreciated.

    Thanks,

    C
     

Share This Page