Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 30 May 2002 00:33:53 -0500
From:      nathan skains <>
To:        freebsd-security@FreeBSD.ORG
Subject:   Nmap /w snort
Message-ID:  <006101c2079b$96528170$0200a8c0@logical>
References:  <000001c20789$f19ff060$6301a8c0@visp>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
i am having a similar problem earlier today i did a scan on my system and go
the following results. later i ran another scan and got another weird port
open, i am concerned with a comprimise.
Starting nmap V. 2.54BETA34 ( )

Interesting ports on (

(The 1545 ports scanned but not shown below are in state: closed)

Port State Service

21/tcp open ftp

22/tcp open ssh

25/tcp open smtp

80/tcp open http

110/tcp open pop-3

113/tcp open auth

587/tcp open submission

1492/tcp open stone-design-1 << concern about this port being open

3306/tcp open mysql

6667/tcp open irc

6668/tcp open irc

when i try an nmap as root i get this error

Starting nmap V. 2.54BETA34 ( )
pcap_open_live: (no devices found) /dev/bpf4: No such file or directory
There are several possible reasons for this, depending on your operating
LINUX: If you are getting Socket type not supported, try modprobe af_packet
or recompile your kernel with SOCK_PACKET enabled.
*BSD:  If you are getting device not configured, you need to recompile your
kernel with Berkeley Packet Filter support.  If you are getting No such file
or directory, try creating the device (eg cd /dev; MAKEDEV <device>; or use
SOLARIS:  If you are trying to scan localhost and getting '/dev/lo0: No such
file or directory', complain to Sun.  I don't think Solaris can support
advanced localhost scans.  You can probably use "-P0 -sT localhost" though.

but if i throw options in like -P0 -sT it works go figure.
any ideas would be greatly appreicated.


To Unsubscribe: send mail to
with "unsubscribe freebsd-security" in the body of the message

Want to link to this message? Use this URL: <$96528170$0200a8c0>