RE:[Plugins-writers] Re: Nessus not scanning

From: JHORVAT1@private
Date: Tue Feb 03 2004 - 05:07:00 PST

  • Next message: Kostya Odnoralov: "[Plugins-writers] Nessus plugins"

    Sigh - sorry, my mailer cut off the last half of my message, so here it is:
    
    I inserted a quick "display( icmp );" line before the send_packet line, ran
    the thing from the NASL command line interpreter and I could see that the
    checksum field appears to be a non-zero value in the script, which leads me to
    believe the NASL auto-checksum calculation is working.  But when the packet
    hits the wire, the IP header checksum somehow gets set to 0...  I've tried
    this with Nessus 2.0.7 and 2.0.10 with the same results.  Unfortunately, I've
    only been able to try it with one distro - SuSE 9.0 Pro.  I've gone through
    and made sure my NIC wasn't configured to auto-compute checksums, etc...  I've
    also tested it just running ping_host.nasl against 127.0.0.1 and sniffing on
    the loopback interface, and the IP header checksum still ends up 0.
    
    Paul Johnston mentioned there is a known problem with SuSE 9.0, so I'm going
    to try a vanilla kernel to see if it fixes it.
    
    Thanks all...
    
    Jim
    ------------------( Forwarded letter 1 follows )--------------------
    Date: Sat, 31 Jan 2004 19:28:58 -0500
    To: plugins-writers@private, nessus@private
    From: deraison@private
    Sender: plugins-writers-bounces@private
    Subject: [Plugins-writers] Re: Nessus not scanning
    
    On Fri, Jan 30, 2004 at 10:50:00AM -0500, JHORVAT1@private wrote:
    > I am having issues somewhat similar to what Ravi was seeing.  I want to
     enable
    > the "Ping the remost host" option to do an ICMP ping because I'm scanning
    > large subnets and want to move on quickly if something doesn't appear to be
    > up.  The "Ping the remote host" option calls ping_host.nasl, and using
    > Ethereal I found what seems to be the problem.  Nessus sends out an ICMP echo
    > request, but hosts never reply, apparently because the IP header checksum in
    > the ICMP packet is 0!  The relevant part of ping_host.nasl is below (sorry if
    > the formatting is goofy):
    
    Which version of Nessus are you using ? Also, you should use the tcp
    ping method, it's way more efficient.
    _______________________________________________
    Plugins-writers mailing list
    Plugins-writers@private
    http://mail.nessus.org/mailman/listinfo/plugins-writers
    _______________________________________________
    Plugins-writers mailing list
    Plugins-writers@private
    http://mail.nessus.org/mailman/listinfo/plugins-writers
    



    This archive was generated by hypermail 2b30 : Tue Feb 03 2004 - 05:10:54 PST