"Virtual" interfaces not working

[andrewsmhay]

venet0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:127.0.0.2 P-t-P:127.0.0.2 Bcast:0.0.0.0 Mask:255.255.255.255
UP BROADCAST POINTOPOINT RUNNING NOARP MTU:1500 Metric:1
RX packets:127995 errors:0 dropped:0 overruns:0 frame:0
TX packets:74394 errors:0 dropped:27 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:165737898 (165.7 MB) TX bytes:6890666 (6.8 MB)

venet0:0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:199.175.51.99 P-t-P:199.175.51.99 Bcast:199.175.51.99 Mask:255.255.255.255
UP BROADCAST POINTOPOINT RUNNING NOARP MTU:1500 Metric:1

e.g.

scanner@199:/brisket$ sudo masscan --rate 2337 --adapter venet0:0 --adapter-ip 199.175.51.99 -p 1433 96.127.0.0/18
FAIL: failed to detect MAC address of interface: "venet0:0"
[hint] try something like "--adapter-mac 00-11-22-33-44-55"
scanner@199:/brisket$ sudo masscan --rate 2337 --adapter venet0:0 --adapter-ip 199.175.51.99 --adapter-mac 00:00:00:00:00:00 -p 1433 96.127.0.0/18
FAIL: failed to detect MAC address of interface: "venet0:0"
[hint] try something like "--adapter-mac 00-11-22-33-44-55"
scanner@199:~/brisket$ sudo masscan --rate 2337 --adapter venet0:0 --adapter-ip 199.175.51.99 --adapter-mac 00:00:00:00:00:00:00:00:00:00:00:00 -p 1433 96.127.0.0/18
FAIL: failed to detect MAC address of interface: "venet0:0"
[hint] try something like "--adapter-mac 00-11-22-33-44-55"

nmap works but you have to specify the following (perhaps it'll help you:

nmap -e venet0:0 -Pn -S <real_ip_of_server> <target_ip>

[andrewsmhay]

Apparently the same issue has been reported for zmap as well - zmap/zmap#35

[robertdavidgraham]

By they way, I'm working on this.

One bug is that the code uses "00-00-00-00-00-00" as an inbound flag for failure. I've separated it out so that there is a separate flag. You should now be able to force this by "--adapter-mac 00-00-00-00-00-00" and maybe it'll work.

Any tips for setting up a sample configuration? Just normal VPN?

[andrewsmhay]

Easiest way might be to splurge ($2) and get one of the VPS' from VPScheap.net

Or, I can give you access to my instance if you'd like.

[robertdavidgraham]

I've checked in code that I think will work. I tested with OpenVPN using the "tun1" interface. Give it a try, and if it doesn't work, we'll work on recreating your exact setup.

[andrewsmhay]

Tried it, not working. Had another person verify on their VPS as well: https://twitter.com/madvillain/statuses/424674049063518208

I'm willing to spin up a clean instance for you to test on if you wish. Let me know.

[robertdavidgraham]

Yea, if you could spin me up an instance and send me a password (robert_david_graham@yahoo.com), I'll log on and get it working.

[d3r4ng3d]

On my vps...

ifconfig:
venet0:0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:xxx.xxx.xxx.xxx P-t-P:xxx.xxx.xxx.xxx Bcast:0.0.0.0 Mask:255.255.255.255
UP BROADCAST POINTOPOINT RUNNING NOARP MTU:1500 Metric:1

./masscan 0.0.0.0/0 --exclude 255.255.255.255 -p80 -oX scan.xml --max-rate 1000000 --interface venet0:0 --adapter-mac 00-11-22-33-44-55 --router-mac 88-77-66-55-44-33

I get "clock_gettime() err 22" repeatedly in the terminal window.

[BarryReid]

Any progress on this issue? Im having the same problem with masscan and zmap.

[infosec-au]

Also hoping that I'd be able to use masscan on my OpenVZ VPS one day.

[daniel-rome]

No news about this problem? I have the same problem..

[thomdixon]

@robertdavidgraham Any news on this issue? I would be happy to help provide an account on a VPS as well to get this resolved.

[looterz]

Same issue. Nmap experiences this as well, looking at possible solutions provided to nmap users.

[SKyLiNe1980]

Same issue, will not work on VENET interfaces. As mentioned above, nmap had the same issue.
(6.0 from repo), however the latest 6.47 compiled from src works fine, so it seems to be fixed. now for masscan! :)

[BenBrock]

What's the current status for this issue? Has anyone had success using masscan on an OpenVZ container with a venet interface?

[looterz]

Never had any luck getting nmap or masscan to work on OpenVZ. Everything is working flawlessly with KVM though.

[sanampuri]

Can anyone Plz tell me How to Send More packets and Get the Results for Sure. because while using Masscan. i can send Packets but not Getting the Results. Can anyone Suggests the Ethernet card and other Specification to use the masscan at 100% Success rate. i can Buy anything to Work with Masscan. Just Give me the procedure and List of items to try.

[dejannenov]

I am curious if this was ever resolved - I can provide a login to a system where this is present and easy to reproduce.

[jcran]

Ran into this today on an osx box running an OpenVPN client. Worked around it by disabling the connection.

[mahatah]

[MY SOLUTION]
I recently had this problem with a 'tap0' interface which was accessed by an OpenVPN client. Disabling the interface was not an option.

Original Error:
root@kali:~# masscan 10.1.1.0/24 -p 110 -e tap0
FAIL: failed to detect router for interface: "tap0"
[hint] try something like "--router-mac 66-55-44-33-22-11"

Verbose Original Error:
root@kali:~# masscan 10.1.1.0/24 -p 110 -e tap0 -vv
pfring: error: dlopen('libpfring.so'): No such file or directory
initializing adapter
auto-detected: adapter-ip=10.1.0.153
tap0: type=0x 1
auto-detected: adapter-mac=5*-**-**-**-**-**
pcap: libpcap version 1.7.4
pcap:'tap0': opening...
pcap:'tap0': successfully opened
rawsock: looking for default gateway
auto-detected: router-ip=0.0.0.0
arp: opcode=1, not reply(2)
^C

I stopped the output at "router-ip=0.0.0.0" since I knew 0.0.0.0 to be incorrect for my tap0 interface. Once I specified the correct gateway IP with "--router-ip", all was well. Here's how:

First, find the gateway IP for the interface you want masscan to use.

Finding Gateway IP for All Interfaces:
root@kali:~# ip route
default via 192.168.1.1 dev wlan0 proto static metric 600
10.1.0.0/16 dev tap0 proto kernel scope link src 10.1.0.153
10.31.31.0/24 via 10.1.0.1 dev tap0
192.168.1.0/24 dev wlan0 proto kernel scope link src 192.168.1.10 metric 600

In my case, the gateway IP I needed for tap0 was "10.1.0.1", which is shown above as 10.31.31.0/24 via 10.1.0.1 dev tap0. Setting the "--router-ip" parameter value to "10.1.0.1" when calling masscan fixed the issue for me as shown:

Masscan Command Solution Example:
root@kali:~# masscan 10.1.1.0/24 -p 110 -e tap0 --router-ip 10.1.0.1
Starting masscan 1.0.3 (http://bit.ly/14GZzcT) at 2017-04-04 06:11:19 GMT
-- forced options: -sS -Pn -n --randomize-hosts -v --send-eth
Initiating SYN Stealth Scan
Scanning 256 hosts [1 port/host]
Discovered open port 110/tcp on 10.1.1.30
Discovered open port 110/tcp on 10.1.1.140
Discovered open port 110/tcp on 10.1.1.128
Discovered open port 110/tcp on 10.1.1.76
Discovered open port 110/tcp on 10.1.1.215

So in short, the solution that worked for me was as simple as finding the IP address of the gateway for the interface I wanted masscan to use. Then, merely providing the gateway IP and desired interface using the "--router-ip" parameter for the gateway IP and the "-e" parameter for the desired interface. Generically, the command would look like this:

Generic Masscan Command Solution Example:
masscan <TARGET_IP_RANGE> -p <TARGET_PORT> -e <DESIRED_INTERFACE> --router-ip <GATEWAY_IP_OF_DESIRED_INTERFACE>

[macuisdein]

Just validated that @mahatah solution works.

[ricksanche2]

how about ppp0? I use PPPoE connection for Internet, and @mahatah solution doesn't work, same error:
FAIL: failed to detect MAC address of interface: "ppp0"
Any help?

[mahatah]

@llllllllllllllllllllllllllllllllllll What you are describing is more of an issue with the Point-to-Point protocol than it is with Masscan. PPPoE interfaces do not have mac addresses, which is why it could not be found in your "ppp0" example. With that said, it may still be possible to configure your routes via iptables such that your eth0 or wlan0 (whichever you're using, assuming you're not running masscan from the modem itself) will route their packets through the ppp0 interface. That type of configuration requires more work than I care to get into on a bug tracking forum. Suffice to say, the Masscan command you'll ultimately use will be to set -e to your ethernet or wireless interface, not ppp0.

[ghost]

After 4 years no news for this issue. I have a openvz with venet0:0 interface, but also with option --router-ip it require adapter-mac but is not working.

[Hoffconna]

that is embarassed , i have this problem some days ago .the error is caused by the winpcap ,emmmm,winpcap can't find the right adapter because your computer have too many adapter such as vmware or wireless or others,you can see it in you device manager ,the network adapter ,i swear you have many many adapters. my way to solve it is to diable all other adapters and just keep one i need .for example ,i use WIFI to scan ,so i just keep "killer wireless Network adapter" to use ,and then everything is ok.finally,fuck winpcap.

[cnlzxin]

我有两个网卡, em1 是可以正常工作的, em1:0 不能正常工作:

em1

$ masscan -p 80 -iL ip.list -oL out.log --rate 10 --wait 1 -e em1 -vv
pfring: error: dlopen('libpfring.so'): No such file or directory
initializing adapter
auto-detected: adapter-ip=em1-ip
em1: type=0x   1
auto-detected: adapter-mac=em1-mac
pcap: libpcap version 1.5.3
pcap:'em1': opening...
pcap:'em1': successfully opened
rawsock: looking for default gateway
auto-detected: router-ip=router-ip
auto-detected: router-mac=AA-BB-CC-DD-EE-FF  (注意下这里)
adapter initialization done.
recv: start receive thread #0
xmit: starting transmit thread #0

Starting masscan 1.0.3 (http://bit.ly/14GZzcT) at 2019-10-24 11:48:04 GMT
 -- forced options: -sS -Pn -n --randomize-hosts -v --send-eth
Initiating SYN Stealth Scan

em1:0

$ masscan -p 80 -iL ip.list -oL out.log --rate 10 --wait 1 -e em1:0 -vv
pfring: error: dlopen('libpfring.so'): No such file or directory
initializing adapter
auto-detected: adapter-ip=em1:0-ip
em1:0: type=0x   1
auto-detected: adapter-mac=em1:0-mac
pcap: libpcap version 1.5.3
pcap:'em1:0': opening...
pcap:'em1:0': successfully opened
rawsock: looking for default gateway
auto-detected: router-ip=0.0.0.0
arp: opcode=1, not reply(2)
arp: opcode=1, not reply(2)
arp: opcode=1, not reply(2)
......
FAIL: failed to detect router for interface: "em1:0"
 [hint] try something like "--router-mac 66-55-44-33-22-11"  (再注意下这里)

按照报错的提示, 添加 em1 中使用的 router-mac 参数:

$ masscan -p 80 -iL ip.list -oL out.log --rate 10 --wait 1 -e em1:0 --router-mac AA-BB-CC-DD-EE-FF -vv
pfring: error: dlopen('libpfring.so'): No such file or directory
initializing adapter
auto-detected: adapter-ip=em1:0-ip
em1:0: type=0x   1
auto-detected: adapter-mac=em1:0-mac
pcap: libpcap version 1.5.3
pcap:'em1:0': opening...
pcap:'em1:0': successfully opened
adapter initialization done.
xmit: starting transmit thread #0
recv: start receive thread #0

Starting masscan 1.0.3 (http://bit.ly/14GZzcT) at 2019-10-24 11:53:14 GMT
......

哈哈, 可以正常使用了

---

备注:

os: CentOS 7
masscan: 1.0.3

[zeroc00I]

Dont waste time guys.
Dockerize it. I had same issue and with docker works like a charm
https://hub.docker.com/r/ilyaglow/masscan/dockerfile

docker run ilyaglow/masscan -p80,443 --rate 1000 --banners IPBLOCK