Network Security: Detailed info on Re: Nmap (NASL Wrapper) not generating correct nmap

Subject:	Re: Nmap (NASL Wrapper) not generating correct nmap
Date:	Fri, 6 Jan 2006 17:37:51 +1100 (EST)

George,
   
  I actually first discovered this behaviour because I was monitoring what 
Nessus was doing using tcpdump.  If you specify a FIN scan, you expect to see a 
few FINs sent out, and that wasn't happening at all on the the extremely 
limited set of ports that I had specified to scan.  So, answers to your 
questions are:
   
    o Have you cross-referenced the pid(s) that you see in the
    ps output with the pids reported by nessusd when it
    launches nmap.nasl (ie, in nessusd.messages)?
   
  NO - no need, as this is a fresh install on a clean test system and there is 
no possibility of another instance of nmap running - especially one that uses 
Nessus default parameters.

  o Have you checked whether the commandline ps reports is being
    truncated because it would otherwise exceed the screen size?
   
  Yes indeed.

  o Have you verified whether nmap is indeed always doing a SYN
    scan by, say, doing a packet capture?

  Yes.
  
  o Do you have a script named nmap that's being called by
    nessusd instead of nmap itself?

  No.
  
  o Have you verified that you have a current and valid
    version of nmap.nasl?
   
  No, but I presume that I do, as Nessus was not on the system before and I 
compiled and installed from packages sources from www.nessus.org
   
  Cheers,
   
  Apogean.
   
  Date: Tue, 03 Jan 2006 20:09:40 -0500
From: "George A. Theall" <theall@tenablesecurity.com>
Subject: Re: Nmap (NASL Wrapper) not generating correct nmap
 command-line
To: nessus@list.nessus.org
Message-ID: <43BB2054.2020107@tenablesecurity.com>
Content-Type: text/plain; charset=us-ascii

On Tue, Jan 03, 2006 at 05:36:38PM +1100, Les G wrote:

I've noticed both with Nesses 2.2.6 and Nessus 3, that under Debian

3.1

(and also some versions of RHL) that when nmap is chosen as the
port-scanner, and you specify some nmap scanning options, such as a

FIN

scan, you still only always get the default SYN scan.  Running a "ps
-ef" reveals that nmap is always invoked with the same command-line
options.  Basically, changing the nmap scan options in the Nessus

client

has no effect.

...

This does not
seem to happen running under SUSE.


Excuse me if these seem like silly questions but...

  o Have you cross-referenced the pid(s) that you see in the
    ps output with the pids reported by nessusd when it
    launches nmap.nasl (ie, in nessusd.messages)?

  o Have you checked whether the commandline ps reports is being
    truncated because it would otherwise exceed the screen size?

  o Have you verified whether nmap is indeed always doing a SYN
    scan by, say, doing a packet capture?

  o Do you have a script named nmap that's being called by
    nessusd instead of nmap itself?

  o Have you verified that you have a current and valid
    version of nmap.nasl?

George
-- 
theall@tenablesecurity.com


Send instant messages to your online friends http://au.messenger.yahoo.com

_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus

<Prev in Thread]	Current Thread	[Next in Thread>
Re: Nmap (NASL Wrapper) not generating correct nmap, Les G <=

Previous by Date:	Re: NESSUS DAEMON SHUTTING DOWN, lists
Next by Date:	Re: Nmap (NASL Wrapper) not generating correct nmap command-line, Michel Arboi
Previous by Thread:	NESSUS DAEMON SHUTTING DOWN, John Scherff
Next by Thread:	Plugin list missing from reports, Torben Aagaard
Indexes:	[Date] [Thread] [Top] [All Lists]