I've only got the standard 4 bpfs in my FreeBSD 4.4 install. But as I'm not running anything else on the box other than a nasl -txxx traceroute.nasl I don't think I'm running out of bpfs.
I started looking at the code for traceroute.nasl and have found the problem is with the pcap filter. The filter normally constructed by the code is:- dst host 193.63.150.12 and icmp and ((icmp[0]==3) or (icmp[0]==11)) and (icmp[24]==193) and (icmp[25]== 63) and (icmp[26]== 135) and (icmp[27]== 22) On my FreeBSD system this fails to trap any packets. If I reduce the filter to:- dst host 193.63.150.12 and icmp and ((icmp[0]==3) or (icmp[0]==11)) then the traceroute starts to work. It seems its the checking for the target IP number that's failing somehow. Unfortunately I'm no C programmer and I'm not familiar enough with NASL to figure out why this works on some systems, but not on FreeBSD. Jonathan -----Original Message----- From: RAFT, MICHAEL E (SWBT) [mailto:[EMAIL PROTECTED]] Sent: 18 July 2002 13:57 To: [EMAIL PROTECTED] Subject: RE: traceroute.nasl not working on 1.2.3 I've got the same problem. Running FreeBSD 4.5, Nessus 1.2.3, and have 16 bpfs compiled in the kernel. Is there anything else I should look at? -----Original Message----- From: Renaud Deraison [mailto:[EMAIL PROTECTED]] Sent: Thursday, July 18, 2002 3:19 AM To: '[EMAIL PROTECTED]' Subject: Re: traceroute.nasl not working on 1.2.3 On Wed, Jul 17, 2002 at 02:48:12PM +0100, Hall J D (ISeLS) wrote: > I've recently upgraded from Nessus 1.0.9 to 1.2.3 and I'm having problems > with the traceroute.nasl not functioning. All I get in my reports is:- > > For your information, here is the traceroute to 193.63.135.22 : > ? > > It was working fine when I first installed Nessus back in the days of 1.0.7 > and at the time this was running on a FreeBSD 3.4 system. > > When I upgraded to 1.0.9 and FreeBSD 4.4 traceroute.nasl stopped working and > it's still not working on 1.2.3 and FreeBSD 4.4. > > I've checked the mailing list archive and found a few other people also > saying they can't get this plugin to work. They to where using FreeBSD. > > I know Renaud and others have reported the plugin working for them. > > Could this be a specific FreeBSD issue? And if so any pointers on how I > solve it? It might be a lack of bpf on your side. Create more /dev/bpfN and recompile your kernel with support for more bpfs. FWIW, I'm working on a daemon that should allow Nessus to only use _one_ /dev/bpf and forward the data to the plugins that ask for it. -- Renaud
