RE:[Plugins-writers] Re: Nessus not scanning

• Previous message: JHORVAT1@private: "RE:[Plugins-writers] Re: Nessus not scanning"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Sigh - sorry, my mailer cut off the last half of my message, so here it is:

I inserted a quick "display( icmp );" line before the send_packet line, ran
the thing from the NASL command line interpreter and I could see that the
checksum field appears to be a non-zero value in the script, which leads me to
believe the NASL auto-checksum calculation is working.  But when the packet
hits the wire, the IP header checksum somehow gets set to 0...  I've tried
this with Nessus 2.0.7 and 2.0.10 with the same results.  Unfortunately, I've
only been able to try it with one distro - SuSE 9.0 Pro.  I've gone through
and made sure my NIC wasn't configured to auto-compute checksums, etc...  I've
also tested it just running ping_host.nasl against 127.0.0.1 and sniffing on
the loopback interface, and the IP header checksum still ends up 0.

Paul Johnston mentioned there is a known problem with SuSE 9.0, so I'm going
to try a vanilla kernel to see if it fixes it.

Thanks all...

Jim
------------------( Forwarded letter 1 follows )--------------------
Date: Sat, 31 Jan 2004 19:28:58 -0500
To: plugins-writers@private, nessus@private
From: deraison@private
Sender: plugins-writers-bounces@private
Subject: [Plugins-writers] Re: Nessus not scanning

On Fri, Jan 30, 2004 at 10:50:00AM -0500, JHORVAT1@private wrote:
> I am having issues somewhat similar to what Ravi was seeing.  I want to
 enable
> the "Ping the remost host" option to do an ICMP ping because I'm scanning
> large subnets and want to move on quickly if something doesn't appear to be
> up.  The "Ping the remote host" option calls ping_host.nasl, and using
> Ethereal I found what seems to be the problem.  Nessus sends out an ICMP echo
> request, but hosts never reply, apparently because the IP header checksum in
> the ICMP packet is 0!  The relevant part of ping_host.nasl is below (sorry if
> the formatting is goofy):

Which version of Nessus are you using ? Also, you should use the tcp
ping method, it's way more efficient.
_______________________________________________
Plugins-writers mailing list
Plugins-writers@private
http://mail.nessus.org/mailman/listinfo/plugins-writers
_______________________________________________
Plugins-writers mailing list
Plugins-writers@private
http://mail.nessus.org/mailman/listinfo/plugins-writers

• Next message: Kostya Odnoralov: "[Plugins-writers] Nessus plugins"
• Previous message: JHORVAT1@private: "RE:[Plugins-writers] Re: Nessus not scanning"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Feb 03 2004 - 05:10:54 PST