Error while scanning network: Call to pcap_open_live() failed three times

[lh0x00]

I'm starting to explore this package with the following tutorial:

docker run --net=host -t ullaakut/cameradar:armv7 -t localhost

. and i get the error below, please help me know what i need to do.

Context

Please select one:

• I use the docker image ullaakut/cameradar:armv7
• I use my own build of the docker image
• I use the pre-compiled binary
• I use my own build of the binary
• None of the above / I don't know

Please select one:

• I use a specific version: armv7
• I use the latest commit of the master branch
• I use the latest commit of the develop branch
• I use a forked version of the repository:
• I use a specific commit:

Environment

My operating system:

• Windows
• OSX
• Linux
• Other

OS version: 12.0
OS architecture: M1

Issue

What was expected

What happened

Logs

If your issue is with Cameradar's binary or docker image, please run it with -v to print verbose logs, and paste them here:

✖ error while scanning network: Call to pcap_open_live() failed three times. There are several possible reasons for this, depending on your operating system:
LINUX: If you are getting Socket type not supported, try modprobe af_packet or recompile your kernel with PACKET enabled.
 *BSD:  If you are getting device not configured, you need to recompile your kernel with Berkeley Packet Filter support.  If you are getting No such file or directory, try creating the device (eg cd /dev; MAKEDEV <device>; or use mknod).
*WINDOWS:  Nmap only supports ethernet interfaces on Windows for most operations because Microsoft disabled raw sockets as of Windows XP SP2.  Depending on the reason for this error, it is possible that the --unprivileged command-line argument will help.
SOLARIS:  If you are trying to scan localhost or the address of an interface and are getting '/dev/lo0: No such file or directory' or 'lo0: No DLPI device found', complain to Sun.  I don't think Solaris can support advanced localhost scans.  You can probably use "-Pn -sT localhost"

[Ullaakut]

Hi @lamhieu-vk!

Thanks for opening this issue. Unfortunately I do not have an M1 MacBook to try and reproduce this issue. I assume it's an issue with nmap that happens specifically on M1 Macs.

Here are some things we can try to do to figure this out:

• Can you try running nmap on your machine directly? Something like nmap -A localhost
• Can you check if any of the error messages matches with something you can do on your OS?
• Can you try to tweak the docker options to see if that fixes it? Maybe running it with --privileged or something like that? What happens if you remove the --net=host?
• Can you try scanning other targets than localhost?

Let me know, I'm sure we'll figure it out :)

[lh0x00]

hi @Ullaakut ,
Thanks for your reply to help me resolve this issue.
To answer your question, I can use nmap through the terminal, and there are ways below you suggested but the error message is still the same.
I am curious that if I use it via docker, will it not affect my mac?

[Ullaakut]

What do you mean by affect? If you mean can it damage it or make it malfunction, I don't think so, no.

If running nmap works fine manually, just not in Docker, then it must be an issue with running docker in host mode on M1 macs I assume 🤔

[lh0x00]

I mean the docker environment should be separate from the main machine and I think it's more of a Docker issue and things like that.

[kurtleee]

I encountered the same error when attempting to perform an Nmap scan using the cameradr on an M1 MacBook Pro. However, I did not encounter any issues when running Nmap directly from the terminal. This issue appears to be specific to cameradr's implementation of Nmap. Other Docker images using Nmap do not produce the same error.

Steps to reproduce

1. Run the following command:

sudo docker run --platform linux/amd64 -t ullaakut/cameradar -t 10.100.110.85

2. Observe the following log output:

Loading credentials...ok
Loading routes...ok
Scanning the network...ko
  > [Nmap Warning] pcap_create(eth0) FAILED: eth0: SIOCETHTOOL(ETHTOOL_GET_TS_INFO) ioctl failed: Function not implemented.
  > [Nmap Warning] Call to pcap_open_live() failed three times. There are several possible reasons for this, depending on your operating system:
  > [Nmap Warning] LINUX: If you are getting Socket type not supported, try modprobe af_packet or recompile your kernel with PACKET enabled.
  > [Nmap Warning]  *BSD:  If you are getting device not configured, you need to recompile your kernel with Berkeley Packet Filter support.  If you are getting No such file or directory, try creating the device (eg cd /dev; MAKEDEV <device>; or use mknod).
  > [Nmap Warning] *WINDOWS:  Nmap only supports ethernet interfaces on Windows for most operations because Microsoft disabled raw sockets as of Windows XP SP2.  Depending on the reason for this error, it is possible that the --unprivileged command-line argument will help.
  > [Nmap Warning] SOLARIS:  If you are trying to scan localhost or the address of an interface and are getting '/dev/lo0: No such file or directory' or 'lo0: No DLPI device found', complain to Sun.  I don't think Solaris can support advanced localhost scans.  You can probably use "-Pn -sT localhost" though.
  > [Nmap Warning]
  > [Nmap Warning]
  > [Nmap Warning] QUITTING!
✖ error while scanning network: Call to pcap_open_live() failed three times. There are several possible reasons for this, depending on your operating system:
LINUX: If you are getting Socket type not supported, try modprobe af_packet or recompile your kernel with PACKET enabled.
 *BSD:  If you are getting device not configured, you need to recompile your kernel with Berkeley Packet Filter support.  If you are getting No such file or directory, try creating the device (eg cd /dev; MAKEDEV <device>; or use mknod).
*WINDOWS:  Nmap only supports ethernet interfaces on Windows for most operations because Microsoft disabled raw sockets as of Windows XP SP2.  Depending on the reason for this error, it is possible that the --unprivileged command-line argument will help.
SOLARIS:  If you are trying to scan localhost or the address of an interface and are getting '/dev/lo0: No such file or directory' or 'lo0: No DLPI device found', complain to Sun.  I don't think Solaris can support advanced localhost scans.  You can probably use "-Pn -sT localhost"

[Ullaakut]

The issue is likely because Cameradar's docker image includes its own nmap binary, which might not be compatible with the M1 macbooks. In order to make it work, we'd need to package an image specific for M1s with the right binary, I think.

[symm]

I ran into the same issue on an M1 Mac and found cloning the repo and manually building:

➜ git clone https://github.com/Ullaakut/cameradar.git
➜ docker build -t cameradar .

Yields a working image

➜ docker run cameradar -t 192.168.1.0/24
Loading credentials...ok
Loading routes...ok
Scanning the network...ok
✖ no stream found

In theory buildx could be used to cross compile the container for arm64

[Ullaakut]

@symm It is what is already used but I haven't re-built it for a long time. I'll have to take a look into that later today, maybe it's a quick fix then.

See https://github.com/Ullaakut/cameradar/blob/master/tools/xplatform-docker-build/magefile.go