2017-09-25 18:52 UTC

View Issue Details Jump to Notes ]
IDProjectCategoryView StatusLast Update
0003706Kali Linux[All Projects] Kali Package Bugpublic2016-11-10 08:58
ReporterShellStorm 
Assigned Tosbrun 
PriorityhighSeveritymajorReproducibilityalways
StatusresolvedResolutionfixed 
Product Version2016.2 
Target VersionFixed in Version2017.1 
Summary0003706: latest updates has caused nmap to drop high level of probes
DescriptionAfter running the latest update, regardless of the scan type I use, nmap will identify some open ports, then begin reporting it is dropping probes. Scans that usually take 30 seconds take over an hour. This happens regardless of scan target.
Steps To ReproduceTook a backup of a Kali VM on a different computer, ran the update and attempted a scan. Probes were quickly dropped. Reverted back to the copy before the update and ran the nmap scan again and it was fine. Co-worker went through the same process and had the same result.
Additional Informationnmap -vv -p- <IP>

Starting Nmap 7.31 ( https://nmap.org ) at 2016-11-02 14:57 EDT
Initiating Ping Scan at 14:57
Scanning 131.104.104.3 [4 ports]
Completed Ping Scan at 14:57, 0.20s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 14:57
Completed Parallel DNS resolution of 1 host. at 14:57, 0.00s elapsed
Initiating SYN Stealth Scan at 14:57
Scanning <hostname> (<IP>) [65535 ports]
Discovered open port 135/tcp on <IP>
Discovered open port 80/tcp on <IP>
Discovered open port 139/tcp on <IP>
Discovered open port 3389/tcp on <IP>
Discovered open port 21/tcp on <IP>
Discovered open port 445/tcp on <IP>
Increasing send delay for <IP> from 0 to 5 due to 241 out of 802 dropped probes since last increase.
Increasing send delay for <IP> from 5 to 10 due to 32 out of 106 dropped probes since last increase.
Increasing send delay for <IP> from 10 to 20 due to 11 out of 32 dropped probes since last increase.
Increasing send delay for <IP> from 20 to 40 due to 11 out of 32 dropped probes since last increase.
Increasing send delay for <IP> from 40 to 80 due to 11 out of 31 dropped probes since last increase.
SYN Stealth Scan Timing: About 1.98% done; ETC: 15:23 (0:25:38 remaining)
Attached Files

-Relationships
+Relationships

-Notes

~0006093

ShellStorm (reporter)

uname -a
Linux kali 4.7.0-kali1-amd64 0000001 SMP Debian 4.7.8-1kali1 (2016-10-24) x86_64 GNU/Linux


dpkg --list nmap
Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
||/ Name Version Architecture Description
+++-========================-=================-=================-=====================================================
ii nmap 7.31-0kali2 amd64 The Network Mapper

~0006096

rhertzog (administrator)

I made some tries and reverting to an older version of nmap did not help. Maybe it's kernel related?

What nmap and kernel versions did you have in your last working configuration? Can you try upgrading nmap without upgrading the kernel to confirm that the problem is not at the nmap level? Conversely, can you try upgrading the kernel and see if it introduces the problem?

In my test VM, I can reproduce the problem with nmap 1.30-0kali1 (so old version of nmap) with kernel 4.7.5-1kali1.

~0006097

rhertzog (administrator)

In fact, this does not look like a recent regression. Using ISO of Kali 2016.2 I can reproduce the same "problem" (so with nmap 7.25~BETA1-0kali1 and Linux 4.6.4-1kali1).

~0006098

rhertzog (administrator)

Problem also reproducible on Kali 2016.1 with nmap 7.01-1 and Linux 4.3.3-5kali4.

~0006100

ShellStorm (reporter)

working fine with this kernel:
Linux kali 4.7.0-kali1-amd64 0000001 SMP Debian 4.7.6-1kali1 (2016-10-17) x86_64 GNU/Linux

and this nmap:
Nmap version 7.30 ( https://nmap.org )
Platform: x86_64-pc-linux-gnu
Compiled with: liblua-5.3.1 openssl-1.0.2h libpcre-8.39 nmap-libpcap-1.7.3 nmap-libdnet-1.12 ipv6

which is latest nmap

on the other system which has the problem, everything is the same except the kernel:
Linux kali 4.7.0-kali1-amd64 0000001 SMP Debian 4.7.8-1kali1 (2016-10-24) x86_64 GNU/Linux

and nmap is:
Nmap version 7.30 ( https://nmap.org )
Platform: x86_64-pc-linux-gnu
Compiled with: liblua-5.3.1 openssl-1.0.2h libpcre-8.39 nmap-libpcap-1.7.4 nmap-libdnet-1.12 ipv6

so it is either kernel, or nmap-libpcap-1.7.4 that breaks it.

~0006101

rhertzog (administrator)

If you look at http://pkg.kali.org/pkg/nmap you will see that we only had a single version of nmap 7.30 (aka 7.30-0kali1), so it's not possible that you got two different versions from Kali...

So what package version number do you have in both your cases?

Print "dpkg -s nmap" to find it out ("Version" field).

~0006102

ShellStorm (reporter)

Broken:

package: nmap
Status: install ok installed
Priority: extra
Section: net
Installed-Size: 22209
Maintainer: Debian Security Tools Packaging Team <pkg-security-team@lists.alioth.debian.org>
Architecture: amd64
Version: 7.31-0kali2
Depends: libc6 (>= 2.15), libgcc1 (>= 1:3.0), liblinear3 (>= 2.01+dfsg), liblua5.3-0, libpcap0.8 (>= 0.9.8), libpcre3, libssl1.0.2 (>= 1.0.2d), libstdc++6 (>= 5.2), lua-lpeg
Recommends: ndiff

Working:

ackage: nmap
Status: install ok installed
Priority: extra
Section: net
Installed-Size: 22882
Maintainer: Debian Security Tools Packaging Team <pkg-security-team@lists.alioth.debian.org>
Architecture: amd64
Version: 7.30-kali1
Depends: libc6 (>= 2.15), libgcc1 (>= 1:3.0), liblinear3 (>= 2.01+dfsg), liblua5.3-0, libpcre3, libssl1.0.2 (>= 1.0.2d), libstdc++6 (>= 5.2), lua-lpeg
Recommends: ndiff

Difference is working one requires libpcap0.8 (>= 0.9.8) and the version is different

~0006104

sbrun (manager)

We uploaded a test version in kali experimental. Please test this package and let us know if it works better for you:

http://http.kali.org/pool/main/n/nmap/nmap_7.31-0kali3_amd64.deb

Thanks

~0006107

rhertzog (administrator)

ShellStorm, can you please test the package at http://http.kali.org/pool/main/n/nmap/nmap_7.31-0kali3_amd64.deb and let us know if it works better for you?

~0006109

ShellStorm (reporter)

New nmap package fixed the issue. Thank you!

~0006110

sbrun (manager)

new version 7.31-0kali3 is in kali-rolling
+Notes

-Issue History
Date Modified Username Field Change
2016-11-02 19:01 ShellStorm New Issue
2016-11-02 19:09 ShellStorm Note Added: 0006093
2016-11-02 21:54 rhertzog Assigned To => sbrun
2016-11-02 21:54 rhertzog Status new => assigned
2016-11-02 22:31 rhertzog Note Added: 0006096
2016-11-02 22:38 rhertzog Note Added: 0006097
2016-11-02 22:44 rhertzog Note Added: 0006098
2016-11-03 13:25 ShellStorm Note Added: 0006100
2016-11-03 13:42 rhertzog Note Added: 0006101
2016-11-03 14:00 ShellStorm Note Added: 0006102
2016-11-04 13:44 sbrun Note Added: 0006104
2016-11-07 22:34 rhertzog Status assigned => feedback
2016-11-07 22:34 rhertzog Note Added: 0006107
2016-11-09 13:49 ShellStorm Note Added: 0006109
2016-11-09 13:49 ShellStorm Status feedback => assigned
2016-11-10 08:58 sbrun Status assigned => resolved
2016-11-10 08:58 sbrun Resolution open => fixed
2016-11-10 08:58 sbrun Fixed in Version => 2017.1
2016-11-10 08:58 sbrun Note Added: 0006110
+Issue History