VMware Communities
bbruing
Contributor
Contributor

VMware Fusion and nmap 4.20

I am using the latest release candidate of VMware Fusion for Mac, and I've noticed that when the virtual network interfaces created by VMware are running (as processes), nmap fails when run as root (sudo or otherwise). It presents me with the following output:

Starting Nmap 4.20 ( http://insecure.org ) at 2007-07-10 12:28 PDT

getinterfaces: Failed to open ethernet interface (vmnet8). A possible cause

on BSD operating systems isrunning out of BPF devices (see http://seclists.

org/lists/nmap-dev/2006/Jan-Mar/0014.html).

Once the virtual VMware interfaces are stopped (/Library/Application\ Support/VMware\ Fusion/boot.sh –stop), nmap gives me no trouble. It doesn't matter whether or not any virtual machines are running, or if VMware is even open. The nmap forum had a post on this several months ago, but I don't believe anything was done. Is this a VMware issue, or an nmap issue? Can it be fixed easily? We use nmap often, as well as VMware, so I hope something can be done about this.

Here are some posts that I've found elsewhere related to the issue:

http://seclists.org/nmap-dev/2007/q2/0148.html

http://dcortesi.com/2007/05/14/nmap-getinterfaces-failure-on-os-x-with-vmware-installed/

Thank you for your time.

Reply
0 Kudos
4 Replies
dp_fusion
Enthusiast
Enthusiast

This is also happening in Parallels and I am wondering if it's a problem with Nmap 4.20. Other versions of Nmap have not been mentioned as having this problem. Using the command line option to specify an interface does not appear to help the problem.

Reply
0 Kudos
bbruing
Contributor
Contributor

What version of Parallels? We had a copy of build 3188 on one of our machines that didn't seem to affect nmap at all, until we installed VMware on the same machine. Correct me if I'm wrong, but I thought that Parallels and Fusion handle networking differently, as Parallel's network interfaces show up in the network system preference tab, and don't disappear when Parallel's processes are killed.

You're right. Specifying the interface manually gives the same message.

Regardless, I hope a resolution (or at least an explanation) can be found. Thanks for your reply.

Reply
0 Kudos
bgertzfield
Commander
Commander

The problem seems to be that nmap assumes that all network interfaces implement BPF, but that's not required by Mac OS X.

From the Network Kernel Extensions documentation at http://developer.apple.com/documentation/Darwin/Conceptual/NKEConceptual/interface_nke/chapter_8_sec... :

===

Your network interface should define the following callbacks, which are called by protocols and drivers:

(snip)

ifnet_set_bpf_tap, which is called by the stack to set the BPF tap function that is installed on the interface. This callback is optional, but recommended; if you do not add this function, BPF cannot be used with your interface.

===

You should email the nmap developers and let them know they can just skip any interfaces that don't implement BPF.

No guarantees, but we can try to take a look at implementing BPF on Fusion's network interfaces in a future release.

Reply
0 Kudos
bbruing
Contributor
Contributor

At bgertzfield :

Thank you very much for your reply. At least I can tell everyone here why it doesn't work. I'm sure the nmap developers will think of something in the meantime before the next revision of Fusion.

At dp_fusion[/b]:

I see what you mean about the Parallels issue after reading another article. Strange that it didn't affect us here (or that we didn't notice it).

Reply
0 Kudos