LinuxQuestions.org
LinuxAnswers - the LQ Linux tutorial section.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices



Reply
 
Search this Thread
Old 10-05-2003, 07:34 PM   #1
lub0
Member
 
Registered: Aug 2003
Location: Glasgow Scotland
Posts: 92

Rep: Reputation: 15
Strange Nmap behaviour ? ? ?


Hi All,

I am getting this output each time I run Nmap:
Starting nmap 3.45 ( http://www.insecure.org/nmap/ ) at 2003-05-06 00:20 BST
sendto in send_tcp_raw: sendto(3, packet, 40, 0, ***.***.***.***, 16) => Operation not permitted
sendto in send_tcp_raw: sendto(3, packet, 40, 0, ***.***.***.***, 16) => Operation not permitted
sendto in send_tcp_raw: sendto(3, packet, 40, 0, ***.***.**.*** , 16) => Operation not permitted
sendto in send_tcp_raw: sendto(3, packet, 40, 0, ***.***.***.***, 16) => Operation not permitted
sendto in send_tcp_raw: sendto(3, packet, 40, 0, ***.***.***.***, 16) => Operation not permitted
sendto in send_tcp_raw: sendto(3, packet, 40, 0, ***.***.***.***, 16) => Operation not permitted

Anyone any ideas why this happening. Thanks in advance

(( Seems that its my firewall that causes this problem, flushed rules and tried again. No problem ))

Thanx everyone

lub0


Last edited by lub0; 10-06-2003 at 09:27 AM.
 
Old 10-05-2003, 07:39 PM   #2
Nexer
Member
 
Registered: May 2003
Distribution: Slackware 9.1
Posts: 35

Rep: Reputation: 15
I was about to post the same thing. Yes I am root.
 
Old 10-05-2003, 07:50 PM   #3
lub0
Member
 
Registered: Aug 2003
Location: Glasgow Scotland
Posts: 92

Original Poster
Rep: Reputation: 15
same here
 
Old 10-05-2003, 09:10 PM   #4
chort
Senior Member
 
Registered: Jul 2003
Location: Silicon Valley, USA
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660

Rep: Reputation: 69
Plenty of information about this on Google.
http://lists.insecure.org/lists/nmap...-Jun/0076.html

I just copied the entire error string:
sendto in send_tcp_raw: sendto(3, packet, 40, 0, ***.***.***.***, 16) => Operation not permitted

And pasted it into a Google search. The above was one of the first links displayed.

Last edited by chort; 10-08-2003 at 07:18 AM.
 
Old 10-05-2003, 09:30 PM   #5
lub0
Member
 
Registered: Aug 2003
Location: Glasgow Scotland
Posts: 92

Original Poster
Rep: Reputation: 15
Thanks chort, there was also info at insecure.org ( Doh! ) Seems that its my firewall that causes this problem, flushed rules and tried again. No problem

Thanx everyone
 
Old 10-07-2003, 07:25 AM   #6
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,703
Blog Entries: 54

Rep: Reputation: 2964Reputation: 2964Reputation: 2964Reputation: 2964Reputation: 2964Reputation: 2964Reputation: 2964Reputation: 2964Reputation: 2964Reputation: 2964Reputation: 2964
Plenty of information about this on Google.
I'd rather you not do this. Either give a specific link, in-depth info or please move on to a question you're willing to answer properly.
Answering properly will benefit current and future thread readers.

TIA
 
Old 10-07-2003, 02:54 PM   #7
leeach
Member
 
Registered: Sep 2003
Location: /dev/null
Distribution: FreeBSD 5.4, OpenBSD 3.7
Posts: 95

Rep: Reputation: 15
Figured I'd just Ask here, instead of wasting a whole new thread..

Was wondering if anyone knew what outbound and inbound(if any) ports Nmap uses when scanning a remote machine.

I've done some searching of my own, and people who don't know will say, "check out google" or the Nmap homepage, but I've searched well enough before i post here.

Anyways, one opinion I've recieved is that a program like Nmap, simply uses whatever random High numbered port is available, to make sure there are no conflicts with regular services.

If anyone thinks otherwise, please post your comments or the port numbers here.

The idea is to be able to scan remote machines without having to disable my firewall, instead simply open up the ports that need to be open.

Thanks in advance.
 
Old 10-07-2003, 09:45 PM   #8
tarballedtux
Member
 
Registered: Aug 2001
Location: Off the coast of Madadascar
Posts: 498

Rep: Reputation: 30
You really should open up another thread if the your question doesn't really relate to the thread opener's question. But I'm nice(Only on days that don't end in 'y').

NMAP, unless otherwise instructed, will use the next available high range port number that is available. It's the nature of TCP and UDP. NMAP can if I'm not mistaken be told to use a specific source port. The destination port however is dependent on what you told NMAP to do.

Depending on how you firewall is setup you might have to open it a little to allow all outgoing NEW traffic to go through.


--tarballedtux
(Because I said so)
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Strange behaviour Anmol Suse/Novell 2 10-28-2005 12:05 AM
nmap something strange.. killer_bunny Linux - General 3 01-02-2004 02:19 PM
Strange USB behaviour powadha Slackware 0 12-20-2003 04:24 PM
Opera's strange behaviour neo77777 Linux - General 5 04-04-2002 12:18 AM
Strange Behaviour mikeyt_3333 Linux - General 4 08-06-2001 04:07 PM


All times are GMT -5. The time now is 04:22 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration