nmap - dev/bpf10 - How to add more /dev/bpf?

classic Classic list List threaded Threaded
7 messages Options
Reply | Threaded
Open this post in threaded view
|

nmap - dev/bpf10 - How to add more /dev/bpf?

Sebastian Rother
Well I seam to run too much scans so I get this error (btw: I just took
the us-embassy for fun ;)) )

godfather $ sudo nmap -P0 -sV -sS -vvv berlin.usembassy.gov

Starting Nmap 3.95 ( http://www.insecure.org/nmap/ ) at 2006-04-30 07:40 CEST
Initiating SYN Stealth Scan against 212.243.221.223 [1670 ports] at 07:40
pcap_open_live: /dev/bpf10: No such file or directory
There are several possible reasons for this, depending on your operating
system:
LINUX: If you are getting Socket type not supported, try modprobe
af_packet or recompile your kernel with SOCK_PACKET enabled.
*BSD:  If you are getting device not configured, you need to recompile
your kernel with Berkeley Packet Filter support.  If you are getting No
such file or directory, try creating the device (eg cd /dev; MAKEDEV
<device>; or use mknod).
SOLARIS:  If you are trying to scan localhost and getting '/dev/lo0: No
such file or directory', complain to Sun.  I don't think Solaris can
support advanced localhost scans.  You can probably use "-P0 -sT
localhost" though.

How can I add more bpf-Devices?
0-9 seams to be a littlebit to less for me....

For localhost the message is another one (just for localhost):

godfather $ sudo nmap -P0 -sV -sS -vvv localhost

Starting Nmap 3.95 ( http://www.insecure.org/nmap/ ) at 2006-04-30 07:42 CEST
getinterfaces: Failed to open ethernet interface (bge0)
QUITTING!
godfather $


I´m running 3.9 (from CVS) (until Monday I think) and I use stable.



Kind regards,
Sebastian

Reply | Threaded
Open this post in threaded view
|

Re: nmap - dev/bpf10 - How to add more /dev/bpf?

Marco Peereboom
Not only are you stupid enough to actually do this, you share this
information?

I hope you do know that port scanning in some countries is illegal
without prior written permission from the owner of the network.

[hidden email] wrote:

> Well I seam to run too much scans so I get this error (btw: I just took
> the us-embassy for fun ;)) )
>
> godfather $ sudo nmap -P0 -sV -sS -vvv berlin.usembassy.gov
>
> Starting Nmap 3.95 ( http://www.insecure.org/nmap/ ) at 2006-04-30 07:40 CEST
> Initiating SYN Stealth Scan against 212.243.221.223 [1670 ports] at 07:40
> pcap_open_live: /dev/bpf10: No such file or directory
> There are several possible reasons for this, depending on your operating
> system:
> LINUX: If you are getting Socket type not supported, try modprobe
> af_packet or recompile your kernel with SOCK_PACKET enabled.
> *BSD:  If you are getting device not configured, you need to recompile
> your kernel with Berkeley Packet Filter support.  If you are getting No
> such file or directory, try creating the device (eg cd /dev; MAKEDEV
> <device>; or use mknod).
> SOLARIS:  If you are trying to scan localhost and getting '/dev/lo0: No
> such file or directory', complain to Sun.  I don't think Solaris can
> support advanced localhost scans.  You can probably use "-P0 -sT
> localhost" though.
>
> How can I add more bpf-Devices?
> 0-9 seams to be a littlebit to less for me....
>
> For localhost the message is another one (just for localhost):
>
> godfather $ sudo nmap -P0 -sV -sS -vvv localhost
>
> Starting Nmap 3.95 ( http://www.insecure.org/nmap/ ) at 2006-04-30 07:42 CEST
> getinterfaces: Failed to open ethernet interface (bge0)
> QUITTING!
> godfather $
>
>
> I´m running 3.9 (from CVS) (until Monday I think) and I use stable.
>
>
>
> Kind regards,
> Sebastian
>

Reply | Threaded
Open this post in threaded view
|

Re: nmap - dev/bpf10 - How to add more /dev/bpf?

Joachim Schipper
In reply to this post by Sebastian Rother
On Sun, Apr 30, 2006 at 07:44:38AM +0200, [hidden email] wrote:

> Well I seam to run too much scans so I get this error (btw: I just took
> the us-embassy for fun ;)) )
>
> godfather $ sudo nmap -P0 -sV -sS -vvv berlin.usembassy.gov
>
> Starting Nmap 3.95 ( http://www.insecure.org/nmap/ ) at 2006-04-30 07:40 CEST
> Initiating SYN Stealth Scan against 212.243.221.223 [1670 ports] at 07:40
> pcap_open_live: /dev/bpf10: No such file or directory
> There are several possible reasons for this, depending on your operating
> system:
> LINUX: If you are getting Socket type not supported, try modprobe
> af_packet or recompile your kernel with SOCK_PACKET enabled.
> *BSD:  If you are getting device not configured, you need to recompile
> your kernel with Berkeley Packet Filter support.  If you are getting No
> such file or directory, try creating the device (eg cd /dev; MAKEDEV
> <device>; or use mknod).
> SOLARIS:  If you are trying to scan localhost and getting '/dev/lo0: No
> such file or directory', complain to Sun.  I don't think Solaris can
> support advanced localhost scans.  You can probably use "-P0 -sT
> localhost" though.
>
> How can I add more bpf-Devices?
> 0-9 seams to be a littlebit to less for me....

The bpf(4) man page suggests MAKEDEV; did that not work?

> For localhost the message is another one (just for localhost):
>
> godfather $ sudo nmap -P0 -sV -sS -vvv localhost
>
> Starting Nmap 3.95 ( http://www.insecure.org/nmap/ ) at 2006-04-30 07:42 CEST
> getinterfaces: Failed to open ethernet interface (bge0)
> QUITTING!
> godfather $

No idea why that would happen, but what does localhost resolve to? Looks
like localhost either doesn't resolve to 127.0.0.1/::1 or your routing
table is busted.

                Joachim

Reply | Threaded
Open this post in threaded view
|

Re: nmap - dev/bpf10 - How to add more /dev/bpf?

Sebastian Rother
In reply to this post by Marco Peereboom

> Not only are you stupid enough to actually do this, you share this
> information?
>
> I hope you do know that port scanning in some countries is illegal
> without prior written permission from the owner of the network.

Marco:
1st: get a clue about laws BEFORE you blame me
2nd: Yes the question sucked but it was early in the morning...
     A simple MAKEDEV was enough ;)
     But the other error-Message is still "unknown".

So thanks that you show you´re stupid enought too to post lame stuff.
Next time I`ll use a private IP extra for you!

I just wanted to point out something using the embassy-IP.
That resolving WORKS (compared to localhost where it can`t open the NIC..
start to read) but scanning localhost does not work at all and the error
does not point to bpf!

Joachim; Thanks but it seams it was tooe arly in the morning. Yes MAKEDEV
was correct.. I read it too *fg*. But that does not explain why scanning
localhost displays this error.


Kind regards,
Sebastian

p.s.
The only realy stupid thing was the subject ;))

Reply | Threaded
Open this post in threaded view
|

Re: nmap - dev/bpf10 - How to add more /dev/bpf?

Joachim Schipper
On Sun, Apr 30, 2006 at 06:23:59PM +0200, [hidden email] wrote:

>
> > Not only are you stupid enough to actually do this, you share this
> > information?
> >
> > I hope you do know that port scanning in some countries is illegal
> > without prior written permission from the owner of the network.
>
> Marco:
> 1st: get a clue about laws BEFORE you blame me
> 2nd: Yes the question sucked but it was early in the morning...
>      A simple MAKEDEV was enough ;)
>      But the other error-Message is still "unknown".
>
> So thanks that you show you?re stupid enought too to post lame stuff.
> Next time I`ll use a private IP extra for you!
>
> I just wanted to point out something using the embassy-IP.
> That resolving WORKS (compared to localhost where it can`t open the NIC..
> start to read) but scanning localhost does not work at all and the error
> does not point to bpf!
>
> Joachim; Thanks but it seams it was tooe arly in the morning. Yes MAKEDEV
> was correct.. I read it too *fg*. But that does not explain why scanning
> localhost displays this error.

Maybe, as I asked, 'ping localhost' and 'route show' will shed some
light on this. (The first, notably, will tell you what localhost
resolves too; it seems that isn't 127.0.0.1/::1, or your routing table
is busted, or something is really wrong...)

                Joachim

Reply | Threaded
Open this post in threaded view
|

Re: nmap - dev/bpf10 - How to add more /dev/bpf?

Sebastian Rother
In reply to this post by Sebastian Rother
>Maybe, as I asked, 'ping localhost' and 'route show' will shed some
>light on this. (The first, notably, will tell you what localhost
>resolves too; it seems that isn't 127.0.0.1/::1, or your routing table
>is busted, or something is really wrong...)
>
> Joachim

Well everythign is correct with my route and entries (f.e. in the
hosts-file).
I suspect nmap (or oBSD?!) reports a wrong message if all bpf-Devices are
in use and none is free. It seams to affect also just tools using
bpf-Devices because all others (Browser and foo) work very well (even on
localhost ;)).
I didn`t fiured it out yet but I suspect nmap simply displays the wrong
error-message. Or does OpenBSD handles it differently if it`s related to
localhost (and that`s maybe why nmap tells me bge0 can´t be opened)?!

Kind regards,
Sebastian

Reply | Threaded
Open this post in threaded view
|

Re: nmap - dev/bpf10 - How to add more /dev/bpf?

Okan Demirmen
In reply to this post by Sebastian Rother
On Sun 2006.04.30 at 07:44 +0200, [hidden email] wrote:

> Well I seam to run too much scans so I get this error (btw: I just took
> the us-embassy for fun ;)) )
>
> godfather $ sudo nmap -P0 -sV -sS -vvv berlin.usembassy.gov
>
> Starting Nmap 3.95 ( http://www.insecure.org/nmap/ ) at 2006-04-30 07:40 CEST
> Initiating SYN Stealth Scan against 212.243.221.223 [1670 ports] at 07:40
> pcap_open_live: /dev/bpf10: No such file or directory
> There are several possible reasons for this, depending on your operating
> system:
> LINUX: If you are getting Socket type not supported, try modprobe
> af_packet or recompile your kernel with SOCK_PACKET enabled.
> *BSD:  If you are getting device not configured, you need to recompile
> your kernel with Berkeley Packet Filter support.  If you are getting No
> such file or directory, try creating the device (eg cd /dev; MAKEDEV
> <device>; or use mknod).
> SOLARIS:  If you are trying to scan localhost and getting '/dev/lo0: No
> such file or directory', complain to Sun.  I don't think Solaris can
> support advanced localhost scans.  You can probably use "-P0 -sT
> localhost" though.
>
> How can I add more bpf-Devices?
> 0-9 seams to be a littlebit to less for me....
>
> For localhost the message is another one (just for localhost):
>
> godfather $ sudo nmap -P0 -sV -sS -vvv localhost
>
> Starting Nmap 3.95 ( http://www.insecure.org/nmap/ ) at 2006-04-30 07:42 CEST
> getinterfaces: Failed to open ethernet interface (bge0)
> QUITTING!
> godfather $
>
>
> I?m running 3.9 (from CVS) (until Monday I think) and I use stable.

how many ethernet interfaces do you have on this box?

does nmap 4.03 in -current fix your issue? - a handle leak was plugged in
4.03, among other things.