NMap route determination on Windows 7 x64

Posted by user30772 on Server Fault See other posts from Server Fault or by user30772
Published on 2012-08-31T12:04:45Z Indexed on 2012/08/31 15:41 UTC
Read the original article Hit count: 359

Filed under:
|
C:\Windows\system32>nmap --iflist

Starting Nmap 6.01 ( http://nmap.org ) at 2012-08-31 06:51 Central Daylight Time
************************INTERFACES************************
DEV  (SHORT) IP/MASK                      TYPE        UP   MTU  MAC
eth0 (eth0)  fe80::797f:b9b6:3ee0:27b8/64 ethernet    down 1500 5C:AC:4C:E9:2D:46
eth0 (eth0)  169.254.39.184/4             ethernet    down 1500 5C:AC:4C:E9:2D:46
eth1 (eth1)  fe80::5c02:7e48:8fbe:c7c9/64 ethernet    down 1500 00:FF:3F:7C:7C:2B
eth1 (eth1)  169.254.199.201/4            ethernet    down 1500 00:FF:3F:7C:7C:2B
eth2 (eth2)  fe80::74e4:1ab7:1b7d:a0d0/64 ethernet    up   1500 14:FE:B5:BA:8A:C3
eth2 (eth2)  10.0.0.0.253/24              ethernet    up   1500 14:FE:B5:BA:8A:C3
eth3 (eth3)  fe80::b03e:ddf5:bb5c:5f76/64 ethernet    up   1500 00:50:56:C0:00:01
eth3 (eth3)  169.254.95.118/16            ethernet    up   1500 00:50:56:C0:00:01
eth4 (eth4)  fe80::b175:831d:e60:27b/64   ethernet    up   1500 00:50:56:C0:00:08
eth4 (eth4)  192.168.153.1/24             ethernet    up   1500 00:50:56:C0:00:08
lo0  (lo0)   ::1/128                      loopback    up   -1
lo0  (lo0)   127.0.0.1/8                  loopback    up   -1
tun0 (tun0)  fe80::100:7f:fffe/64         point2point down 1280
tun1 (tun1)  (null)/0                     point2point down 1280
tun2 (tun2)  fe80::5efe:a9fe:5f76/128     point2point down 1280
tun3 (tun3)  (null)/0                     point2point down 1280
tun4 (tun4)  fe80::5efe:c0a8:9901/128     point2point down 1280
tun5 (tun5)  fe80::5efe:ac14:fd/128       point2point down 1280

DEV  WINDEVICE
eth0 \Device\NPF_{0024872A-5A41-42DF-B484-FB3D3ED3FCE9}
eth0 \Device\NPF_{0024872A-5A41-42DF-B484-FB3D3ED3FCE9}
eth1 \Device\NPF_{3F7C7C2B-9AF3-45BB-B96E-2F00143CC2F7}
eth1 \Device\NPF_{3F7C7C2B-9AF3-45BB-B96E-2F00143CC2F7}
eth2 \Device\NPF_{08116FE5-F0FF-498A-9BF1-515528C57C13}
eth2 \Device\NPF_{08116FE5-F0FF-498A-9BF1-515528C57C13}
eth3 \Device\NPF_{AA83C6CE-AB2E-4764-92D1-CDEAFBA7AD21}
eth3 \Device\NPF_{AA83C6CE-AB2E-4764-92D1-CDEAFBA7AD21}
eth4 \Device\NPF_{D0679889-E9D4-411D-BDC5-F4DDB758E151}
eth4 \Device\NPF_{D0679889-E9D4-411D-BDC5-F4DDB758E151}
lo0  <none>
lo0  <none>
tun0 <none>
tun1 <none>
tun2 <none>
tun3 <none>
tun4 <none>
tun5 <none>

**************************ROUTES**************************
DST/MASK           DEV  GATEWAY
192.168.153.255/32 eth0
255.255.255.255/32 eth0
255.255.255.255/32 eth0
127.0.0.1/32       eth0
127.255.255.255/32 eth0
255.255.255.255/32 eth0
169.254.95.118/32  eth0
169.254.255.255/32 eth0
10.0.0.0.253/32    eth0
255.255.255.255/32 eth0
10.0.0.0.255/32    eth0
255.255.255.255/32 eth0
192.168.153.1/32   eth0
255.255.255.255/32 eth0
10.0.0.0.0/24      eth0
192.168.153.0/24   eth0
10.10.10.0/24      eth0 10.0.0.0.4
169.254.0.0/16     eth0
127.0.0.0/8        eth0
224.0.0.0/4        eth0
224.0.0.0/4        eth0
224.0.0.0/4        eth0
224.0.0.0/4        eth0
224.0.0.0/4        eth0
224.0.0.0/4        eth0
0.0.0.0/0          eth0 10.0.0.0.1

JMeterX - I worded that way in hopes of raising answer efficnecy, but that probably wasnt the smartest choice. IMHO the problem (could be a symptom) is that nmap retardedly chooses eth0 as the gateway interface for any and all networks. Here's the result:

C:\Windows\system32>nmap 10.0.0.55

Starting Nmap 6.01 ( http://nmap.org ) at 2012-08-31 07:43 Central Daylight Time
Note: Host seems down. If it is really up, but blocking our ping probes, try -Pn
Nmap done: 1 IP address (0 hosts up) scanned in 0.95 seconds

C:\Windows\system32>nmap -e eth2 10.0.0.55

Starting Nmap 6.01 ( http://nmap.org ) at 2012-08-31 07:44 Central Daylight Time
Nmap scan report for esxy5.dionne.net (10.0.0.55)
Host is up (0.00070s latency).
Not shown: 991 filtered ports
PORT     STATE  SERVICE
22/tcp   open   ssh
80/tcp   open   http
427/tcp  open   svrloc
443/tcp  open   https
902/tcp  open   iss-realsecure
5988/tcp closed wbem-http
5989/tcp open   wbem-https
8000/tcp open   http-alt
8100/tcp open   xprint-server
MAC Address: 00:1F:29:59:C7:03 (Hewlett-Packard Company)

Nmap done: 1 IP address (1 host up) scanned in 5.29 seconds

Just to be clear, this is what makes absolutly no sense to me whatsoever. For reference, I've included similar info from an Ubuntu (that works normally) vm on the affected host below.

Jacked Windows 7

**************************ROUTES**************************
DST/MASK           DEV  GATEWAY
192.168.153.255/32 eth0
255.255.255.255/32 eth0
255.255.255.255/32 eth0
127.0.0.1/32       eth0
127.255.255.255/32 eth0
255.255.255.255/32 eth0
169.254.95.118/32  eth0
169.254.255.255/32 eth0
10.0.0.0.253/32    eth0
255.255.255.255/32 eth0
10.0.0.0.255/32    eth0
255.255.255.255/32 eth0
192.168.153.1/32   eth0
255.255.255.255/32 eth0
10.0.0.0.0/24      eth0
192.168.153.0/24   eth0
10.10.10.0/24      eth0 10.0.0.0.4
169.254.0.0/16     eth0
127.0.0.0/8        eth0
224.0.0.0/4        eth0
224.0.0.0/4        eth0
224.0.0.0/4        eth0
224.0.0.0/4        eth0
224.0.0.0/4        eth0
224.0.0.0/4        eth0
0.0.0.0/0          eth0 10.0.0.0.1

Working Ubuntu VM

root@ubuntu:~# nmap --iflist

Starting Nmap 5.21 ( http://nmap.org ) at 2012-08-31 07:44 PDT
************************INTERFACES************************
DEV  (SHORT) IP/MASK            TYPE     UP MAC
lo   (lo)    127.0.0.1/8        loopback up
eth0 (eth0)  172.20.0.89/24     ethernet up 00:0C:29:0A:C9:35
eth1 (eth1)  192.168.225.128/24 ethernet up 00:0C:29:0A:C9:3F
eth2 (eth2)  192.168.150.128/24 ethernet up 00:0C:29:0A:C9:49

**************************ROUTES**************************
DST/MASK        DEV  GATEWAY
192.168.225.0/0 eth1
192.168.150.0/0 eth2
172.20.0.0/0    eth0
169.254.0.0/0   eth0
0.0.0.0/0       eth0 172.20.0.1

root@ubuntu:~# nmap esxy2

Starting Nmap 5.21 ( http://nmap.org ) at 2012-08-31 07:44 PDT
Nmap scan report for esxy2 (172.20.0.52)
Host is up (0.00036s latency).
rDNS record for 172.20.0.52: esxy2.dionne.net
Not shown: 994 filtered ports
PORT     STATE  SERVICE
80/tcp   open   http
427/tcp  closed svrloc
443/tcp  open   https
902/tcp  closed iss-realsecure
8000/tcp open   http-alt
8100/tcp open   unknown
MAC Address: 00:04:23:B1:FA:6A (Intel)

Nmap done: 1 IP address (1 host up) scanned in 4.76 seconds

© Server Fault or respective owner

Related posts about windows-7

Related posts about nmap