June 14, 2007

Parallels now breaks nmap on OS X too

OS X, Security, Tech

Awesome - just when I solve the issue of VMWare breaking nmap on OS X, Parallels comes along and does it again. The error is slightly different, however, so the root cause of the problem is likely somewhat different as well.

Starting Nmap 4.20 ( http://insecure.org ) at 2007-06-14 15:07 CDT
getinterfaces: Failed to obtain MAC address for ethernet interface (fw0)
QUITTING!

Thus far, I’ve tried disabling the fw0, en2 and en3 interfaces, with no luck. If I bring down fw0, though (sudo ifconfig fw0 down), I get a different error message similar to the VMWare one.

Starting Nmap 4.20 ( http://insecure.org ) at 2007-06-14 15:11 CDT
getinterfaces: Failed to open ethernet interface (fw0). A possible cause on BSD operating systems is running out of BPF devices (see http://seclists.org/lists/nmap-dev/2006/Jan-Mar/0014.html).
QUITTING!

It seems there’s been a similar problem with Cisco’s VPN software, but the suggested remediation doesn’t work for nmap. I filed a bug report, as I’m sure many others have, so hopefully it will be addressed in a recent update. If I come across a solution, I’ll update this entry…but until then, the only way I can use nmap is by uninstalling Parallels.

Update! After some more detailed information from the Parallels Team, I discovered a way to run nmap successfully. I thought I had tried this approach before, but apparently not. Removing the interface with a `sudo ifconfig fw0 remove` prior to executing nmap seems to allow nmap to run successfully. I seem to have to do this every time as an ip address gets re-assigned to the interface, but it does appear to work!

Update (07/26/2007) The most recent build of Parallels (4560) appears to have fixed the issue metioned above, but another one has manifested itself. Scanning a specific host was able to complete succesfully, but when scanning a network where dead hosts existed would result in a nexthost: failed to determine route error. Specifying the proper interface using the -e parameter seems to address the issue.

posted by Damon @ 2:14 pm |

11 Comments so far
Leave a comment

Hi, found your post when trying to find out more about the same issue with nmap. Thought you might like to know that I was able to fix it by compiling a new version of nmap.

Edward

By Edward Chenon 06.15.07 5:28 pm

Whew, I was worried nmap would not work on the new lappy.

By SFOon 06.16.07 8:47 pm

Actually, this doesn’t work for me. :-( So I’m hoping there will be a new build of Parallels in the near future that fixes this.

By Damonon 06.17.07 12:16 am

I’m having the same issue. Tried nmap 4.21ALPHA and nothing seems to do the trick. I even tried removing fw0 completely (sudo ifconfig fw0 remove), to no avail. Keep us posted if you find a fix.

By Shawnon 06.18.07 8:20 am

I tried removing the Parallels kernel modules but that didn’t seem to work either.

One thing to note is that nmap works fine when dong a TCP-Connect scan in user mode, but when attempting to perform a SYN scan that requires root privileges is when it doesn’t work.

By Damonon 06.22.07 10:21 am

I don’t believe this is a parallels issue, as I have the same error w/ my Dual 2Ghz PowerPC G5 (thus no Parallels).

By Anonymouson 06.22.07 6:59 pm

That may be a different issue, then. Although I haven’t done extensive testing I was able to successfully use nmap prior to installing Parallels and could not immediately after installing Parallels. I also tried uninstalling Parallels and nmap works again.

In this case, it appears to be directly related to the Parallels software being installed.

By Damonon 06.22.07 7:02 pm

I have the same results, recompiling nmap, or installing fresh from macports yields the same errors, but removing parallels nmap works again.

By Garethon 07.04.07 6:19 am

Same here. Only a slightly newer build of Parallels Desktop. After installing nmap doesn’t work anymore, after uninstalling (and unfortunately a reboot - shivers!) nmap works flawlessly. So it is a parallels issue and I do hope their support team takes this major BUG seriously…

By Quuxon 07.07.07 11:52 am

jeeze… you’d think there would be a better long term solution

By sfoakon 07.11.07 5:44 pm

I’m having this problem as well :( Have tried the fix above but no joy so far. It also complained about vmnet 8 and vmnet1 but still having the problem when I chain all the remove requests together with && :(

ANyone any ideas?

s

By szlwzlon 09.01.07 3:21 pm

RSS feed for comments on this post. TrackBack URI


Leave a comment
Line and paragraph breaks automatic, e-mail address never displayed, HTML allowed: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>