View Issue Details

IDProjectCategoryView StatusLast Update
0003706Kali LinuxKali Package Bugpublic2020-12-01 10:48
ReporterShellStorm Assigned Tosbrun  
PrioritynormalSeveritymajorReproducibilityalways
Status resolvedResolutionfixed 
Product Version2016.2 
Fixed in Version2017.1 
Summary0003706: latest updates has caused nmap to drop high level of probes
Description

After running the latest update, regardless of the scan type I use, nmap will identify some open ports, then begin reporting it is dropping probes. Scans that usually take 30 seconds take over an hour. This happens regardless of scan target.

Steps To Reproduce

Took a backup of a Kali VM on a different computer, ran the update and attempted a scan. Probes were quickly dropped. Reverted back to the copy before the update and ran the nmap scan again and it was fine. Co-worker went through the same process and had the same result.

Additional Information

nmap -vv -p- <IP>

Starting Nmap 7.31 ( https://nmap.org ) at 2016-11-02 14:57 EDT
Initiating Ping Scan at 14:57
Scanning 131.104.104.3 [4 ports]
Completed Ping Scan at 14:57, 0.20s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 14:57
Completed Parallel DNS resolution of 1 host. at 14:57, 0.00s elapsed
Initiating SYN Stealth Scan at 14:57
Scanning <hostname> (<IP>) [65535 ports]
Discovered open port 135/tcp on <IP>
Discovered open port 80/tcp on <IP>
Discovered open port 139/tcp on <IP>
Discovered open port 3389/tcp on <IP>
Discovered open port 21/tcp on <IP>
Discovered open port 445/tcp on <IP>
Increasing send delay for <IP> from 0 to 5 due to 241 out of 802 dropped probes since last increase.
Increasing send delay for <IP> from 5 to 10 due to 32 out of 106 dropped probes since last increase.
Increasing send delay for <IP> from 10 to 20 due to 11 out of 32 dropped probes since last increase.
Increasing send delay for <IP> from 20 to 40 due to 11 out of 32 dropped probes since last increase.
Increasing send delay for <IP> from 40 to 80 due to 11 out of 31 dropped probes since last increase.
SYN Stealth Scan Timing: About 1.98% done; ETC: 15:23 (0:25:38 remaining)

Activities

ShellStorm

ShellStorm

2016-11-02 19:09

reporter   ~0006093

uname -a
Linux kali 4.7.0-kali1-amd64 0000001 SMP Debian 4.7.8-1kali1 (2016-10-24) x86_64 GNU/Linux

dpkg --list nmap
Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
||/ Name Version Architecture Description
+++-========================-=================-=================-=====================================================
ii nmap 7.31-0kali2 amd64 The Network Mapper

rhertzog

rhertzog

2016-11-02 22:31

administrator   ~0006096

I made some tries and reverting to an older version of nmap did not help. Maybe it's kernel related?

What nmap and kernel versions did you have in your last working configuration? Can you try upgrading nmap without upgrading the kernel to confirm that the problem is not at the nmap level? Conversely, can you try upgrading the kernel and see if it introduces the problem?

In my test VM, I can reproduce the problem with nmap 1.30-0kali1 (so old version of nmap) with kernel 4.7.5-1kali1.

rhertzog

rhertzog

2016-11-02 22:38

administrator   ~0006097

In fact, this does not look like a recent regression. Using ISO of Kali 2016.2 I can reproduce the same "problem" (so with nmap 7.25~BETA1-0kali1 and Linux 4.6.4-1kali1).

rhertzog

rhertzog

2016-11-02 22:44

administrator   ~0006098

Problem also reproducible on Kali 2016.1 with nmap 7.01-1 and Linux 4.3.3-5kali4.

ShellStorm

ShellStorm

2016-11-03 13:25

reporter   ~0006100

working fine with this kernel:
Linux kali 4.7.0-kali1-amd64 0000001 SMP Debian 4.7.6-1kali1 (2016-10-17) x86_64 GNU/Linux

and this nmap:
Nmap version 7.30 ( https://nmap.org )
Platform: x86_64-pc-linux-gnu
Compiled with: liblua-5.3.1 openssl-1.0.2h libpcre-8.39 nmap-libpcap-1.7.3 nmap-libdnet-1.12 ipv6

which is latest nmap

on the other system which has the problem, everything is the same except the kernel:
Linux kali 4.7.0-kali1-amd64 0000001 SMP Debian 4.7.8-1kali1 (2016-10-24) x86_64 GNU/Linux

and nmap is:
Nmap version 7.30 ( https://nmap.org )
Platform: x86_64-pc-linux-gnu
Compiled with: liblua-5.3.1 openssl-1.0.2h libpcre-8.39 nmap-libpcap-1.7.4 nmap-libdnet-1.12 ipv6

so it is either kernel, or nmap-libpcap-1.7.4 that breaks it.

rhertzog

rhertzog

2016-11-03 13:42

administrator   ~0006101

If you look at http://pkg.kali.org/pkg/nmap you will see that we only had a single version of nmap 7.30 (aka 7.30-0kali1), so it's not possible that you got two different versions from Kali...

So what package version number do you have in both your cases?

Print "dpkg -s nmap" to find it out ("Version" field).

ShellStorm

ShellStorm

2016-11-03 14:00

reporter   ~0006102

Broken:

package: nmap
Status: install ok installed
Priority: extra
Section: net
Installed-Size: 22209
Maintainer: Debian Security Tools Packaging Team <[email protected]>
Architecture: amd64
Version: 7.31-0kali2
Depends: libc6 (>= 2.15), libgcc1 (>= 1:3.0), liblinear3 (>= 2.01+dfsg), liblua5.3-0, libpcap0.8 (>= 0.9.8), libpcre3, libssl1.0.2 (>= 1.0.2d), libstdc++6 (>= 5.2), lua-lpeg
Recommends: ndiff

Working:

ackage: nmap
Status: install ok installed
Priority: extra
Section: net
Installed-Size: 22882
Maintainer: Debian Security Tools Packaging Team <[email protected]>
Architecture: amd64
Version: 7.30-kali1
Depends: libc6 (>= 2.15), libgcc1 (>= 1:3.0), liblinear3 (>= 2.01+dfsg), liblua5.3-0, libpcre3, libssl1.0.2 (>= 1.0.2d), libstdc++6 (>= 5.2), lua-lpeg
Recommends: ndiff

Difference is working one requires libpcap0.8 (>= 0.9.8) and the version is different

sbrun

sbrun

2016-11-04 13:44

manager   ~0006104

We uploaded a test version in kali experimental. Please test this package and let us know if it works better for you:

http://http.kali.org/pool/main/n/nmap/nmap_7.31-0kali3_amd64.deb

Thanks

rhertzog

rhertzog

2016-11-07 22:34

administrator   ~0006107

ShellStorm, can you please test the package at http://http.kali.org/pool/main/n/nmap/nmap_7.31-0kali3_amd64.deb and let us know if it works better for you?

ShellStorm

ShellStorm

2016-11-09 13:49

reporter   ~0006109

New nmap package fixed the issue. Thank you!

sbrun

sbrun

2016-11-10 08:58

manager   ~0006110

new version 7.31-0kali3 is in kali-rolling

Issue History

Date Modified Username Field Change
2016-11-02 19:01 ShellStorm New Issue
2016-11-02 19:09 ShellStorm Note Added: 0006093
2016-11-02 21:54 rhertzog Assigned To => sbrun
2016-11-02 21:54 rhertzog Status new => assigned
2016-11-02 22:31 rhertzog Note Added: 0006096
2016-11-02 22:38 rhertzog Note Added: 0006097
2016-11-02 22:44 rhertzog Note Added: 0006098
2016-11-03 13:25 ShellStorm Note Added: 0006100
2016-11-03 13:42 rhertzog Note Added: 0006101
2016-11-03 14:00 ShellStorm Note Added: 0006102
2016-11-04 13:44 sbrun Note Added: 0006104
2016-11-07 22:34 rhertzog Status assigned => feedback
2016-11-07 22:34 rhertzog Note Added: 0006107
2016-11-09 13:49 ShellStorm Note Added: 0006109
2016-11-09 13:49 ShellStorm Status feedback => assigned
2016-11-10 08:58 sbrun Status assigned => resolved
2016-11-10 08:58 sbrun Resolution open => fixed
2016-11-10 08:58 sbrun Fixed in Version => 2017.1
2016-11-10 08:58 sbrun Note Added: 0006110
2020-12-01 10:48 g0tmi1k Priority high => normal