Mainly Ethernet, although I'd swear the problem persists if using WiFi. Perhaps the best way to debug this is to think about which changes have you introduced from 3.2.0 to 3.2.1.
-r Renaud Deraison (lists) escribió: > > > What kind of network interface are you scanning thru ? (ethernet, > wireless, etc...) > > Thanks, > > -- Renaud > > > On Jun 26, 2008, at 6:51 AM, Sergio Castro wrote: > >> I can confirm I got very similar results >> >> - Sergio >> >> -----Mensaje original----- >> De: [EMAIL PROTECTED] >> [mailto:[EMAIL PROTECTED] >> En nombre de Roman Medina-Heigl Hernandez >> Enviado el: Miércoles, 25 de Junio de 2008 03:21 p.m. >> Para: [email protected] >> Asunto: Re: Remote host dead? >> >> Hello, >> >> I can confirm 3.2.1 for Windows is buggy. >> >> What I did (using my laptop with 3.2.1 version): >> - scan a host (my website) -> Failed (Remote host dead) >> - reinstall Nessus 3.2.1 and repeat the test -> Failed again >> - uninstall 3.2.1 and install 3.2.0. Repeat the scan -> Succeded! >> - upgraded plug-ins (keeping 3.2.0) and repeat the scan -> Succeded! >> >> So it seems not a problem in plug-ins but in Nessus 3.2.1 (Windows). >> At the >> moment, my advice for windows users would be downgrading to 3.2.0. >> >> During the tests, I monitorized traffic with Wireshark: >> - remote host dead -> Nessus sent two SNMP probes ; and received two icmp >> responses, because snmp target port is closed. Nothing more. >> - alive -> Like the former one but then Nessus continued sending tcp >> packets! :-) >> >> Since Sergio had the same problem, I'm wondering if the problem is >> known and >> whether it is being reviewed. >> >> Regards, >> -Roman >> >> Roman Medina-Heigl Hernandez escribió: >>> Sergio, which Nessus version are you using? >>> >>> I have 3.2.0 (windows) on my desktop and in my case could solve the >>> problem by activating "icmp ping" (as sugested by George). This was >>> possible because the scanned host is responding to icmp echo (although >>> it's got closed all the ports used by "tcp ping"). >>> >>> I've got 3.2.1 (windows) on my laptop and it's not working at all >>> against the very same host. I thought it's a problem in my laptop, not >>> Nessus'. But if you confirm 3.2.0 worked for you but not 3.2.1... >>> Please, could you elaborate on that? Anyway, don't panic, I still >>> think it could be some kind of problem in my laptop (perhaps some >>> antivirus module, etc.... although I disabled Windows firewall and >>> some antivirus services, and the problem remains...). >>> >>> Cheers, >>> -Roman >>> >>> Sergio Castro escribió: >>>> I reported this exact same problem a few weeks ago. >>>> I was running the previous version of Nessus with no problems >>>> whatsoever. >>>> Then I updated to the latest version for Windows, and had this >>>> "remote host is dead" problem too. Nothing changed in my system, and >>>> I tried to scan the exact same hosts I was sucessfully scanning with >>>> the older version of Nessus. >>>> >>>> With the help of Ron Gula, I went through the same troubleshooting >>>> you are going through, with no results. I still can't scan hosts on >>>> the Internet, only LAN. >>>> >>>> Regards, >>>> >>>> Sergio >>>> >>>> -----Mensaje original----- >>>> De: [EMAIL PROTECTED] >>>> [mailto:[EMAIL PROTECTED] >>>> En nombre de Roman Medina-Heigl Hernandez Enviado el: Lunes, 23 de >>>> Junio de 2008 02:21 p.m. >>>> Para: [email protected] >>>> Asunto: Remote host dead? >>>> >>>> Hello, >>>> >>>> I'm trying to scan a host with the default policy. The host is alive >>>> and responding to pings. I got no results when scanning with Nessus >>>> 3.2.0 (Windows). Looking at scan.log (in he "logs" dir), I can see a >>>> "remote host is dead". But my question is why? If I run nmap against >>>> the host, I can see unprivileged ports open (>1024) and of course >>>> it's responding to ping. I also entered 1-65535 in "port scanner >>>> range". No luck at all. Am I missing something? Perhaps a bug in >>>> Nessus? >>>> >>>> Another question, how could I debug this? If I enable the option to >>>> "save a packet capture of the scan", I couldn't find any new log on >>>> logs dir (where should it be placed?) >>>> >>>> Log attached (IP stripped; I could provide it in private for >>>> testing/debugging purposes): >>>> [Mon Jun 23 20:56:43 2008][540] Use default port range [Mon Jun 23 >>>> 20:56:48 2008][540] user localuser : testing X.X.X.X (X.X.X.X) [540] >>>> [Mon Jun 23 >>>> 20:56:48 2008][540] Scan X.X.X.X using 21942 plugins [Mon Jun 23 >>>> 20:56:48 2008][540] user localuser : launching >>>> clrtxt_proto_settings.nasl against X.X.X.X [1] [Mon Jun 23 20:56:48 >>>> 2008][540] user localuser : launching dont_scan_settings.nasl against >>>> X.X.X.X [2] [Mon Jun 23 20:56:48 2008][540] user localuser : >>>> launching ssh_settings.nasl against X.X.X.X [3] [Mon Jun 23 >>>> 20:56:48 2008][540] clrtxt_proto_settings.nasl (process 1) finished >>>> its job against X.X.X.X in 0.000 seconds [Mon Jun 23 20:56:48 >>>> 2008][540] dont_scan_settings.nasl (process 2) finished its job >>>> against X.X.X.X in 0.000 seconds [Mon Jun 23 20:56:48 2008][540] >>>> ssh_settings.nasl (process 3) finished its job against X.X.X.X in >>>> 0.000 seconds [Mon Jun 23 20:56:48 2008][540] user localuser : >>>> launching snmp_settings.nasl against X.X.X.X [4] [Mon Jun 23 20:56:52 >>>> 2008][540] snmp_settings.nasl (process 4) finished its job against >>>> X.X.X.X in 3.578 seconds [Mon Jun 23 20:56:52 2008][540] user >>>> localuser : launching ping_host.nasl against X.X.X.X [5] [Mon Jun 23 >>>> 20:56:54 2008][540] ping_host.nasl (process 5) finished its job >>>> against W.W.W.W in 2.921 seconds [Mon Jun 23 20:56:54 2008][540] user >> localuser : >>>> launching dont_scan_printers.nasl against X.X.X.X [6] [Mon Jun 23 >>>> 20:56:54 2008][540] The remote host (X.X.X.X) is dead [Mon Jun 23 >>>> 20:56:54 2008][540] Finished testing X.X.X.X. Time : 6.718 secs, 6 >>>> plugins launched [Mon Jun 23 >>>> 20:56:54 2008][540] 1 hosts scanned >>>> >>> >> >> -- >> >> Saludos, >> -Roman >> >> PGP Fingerprint: >> 09BB EFCD 21ED 4E79 25FB 29E1 E47F 8A7D EAD5 6742 [Key ID: 0xEAD56742. >> Available at KeyServ] _______________________________________________ >> Nessus mailing list >> [email protected] >> http://mail.nessus.org/mailman/listinfo/nessus >> >> __________ NOD32 3218 (20080625) Information __________ >> >> This message was checked by NOD32 antivirus system. >> http://www.eset.com >> >> >> _______________________________________________ >> Nessus mailing list >> [email protected] >> http://mail.nessus.org/mailman/listinfo/nessus >> > -- Saludos, -Roman PGP Fingerprint: 09BB EFCD 21ED 4E79 25FB 29E1 E47F 8A7D EAD5 6742 [Key ID: 0xEAD56742. Available at KeyServ] _______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
