2008/11/12 Robin Wood <[EMAIL PROTECTED]>: > 2008/11/12 Ron Gula <[EMAIL PROTECTED]>: >> Robin Wood wrote: >>> Hi >>> I posted this to the pen-testing mailing list but someone suggested >>> posting to here so I'm giving it a try. >>> >>> I've just installed nessus on a new machine and when I try to scan a >>> target I always get back an empty report message. I've got wireshark >>> running and no traffic gets sent from the scanner so the standard >>> answer to this problem of it being a ping issue doesn't help here. >>> >>> The machines I've tried scanning are on my local network, all respond >>> to pings and are are up and not firewalled in any way. I can connect >>> to the machines via ssh, http and as already said, I can ping them. >>> I've also tried scanning localhost with no luck. The machine all this >>> is on has one NIC which is up and is running fine, no special settings >>> or anything like that. The client can successfully login to the server >>> and receive the plugin list so that part of the communication is >>> working successfully. >>> >>> I've turned log_whole_attack on but the log file isn't showing anything >>> unusual: >>> >>> [Tue Nov 11 22:21:13 2008][26685] nessusd 2.2.9. started >>> [Tue Nov 11 22:21:21 2008][26685] connection from 127.0.0.1 >>> [Tue Nov 11 22:21:21 2008][26692] Client requested protocol version 12. >>> [Tue Nov 11 22:21:21 2008][26692] successful login of robin from 127.0.0.1 >>> >>> I had this problem with another machine ages ago and (I think) it >>> turned out to be a kernel module that I was missing. I've tried >>> googling to find the fix that I found last time but I can't find it. >>> >>> Both the client and server are running on an Archlinux distro and are >>> installed from the Arch package. >>> >> >> Hi Robin, >> >> I'm not that familiar with Archlinux and have not looked at their >> Nessus build. >> >> You could try building Nessus 2 from scratch by downloading directly >> from nessus.org. >> >> You should make sure to subscribe to the Nessus Home feed or >> Professional feed to make sure you have the latest vulnerability >> checks. There is always a possibility that whoever packaged Nessus >> didn't QA their build, include any plugins (redistributing Tenable >> plugins is not permitted) or left Nessus in a poorly configured >> state. >> >> If it is a kernel/driver issue, I'd try to sniff from a machine other >> than your Archlinux box just to make sure packets aren't on the wire >> and your NIC is missing them or something like that. You should also >> try scanning 127.0.0.1 to see if anything comes back. >> >> Your log also has no record of a scan starting which seems very odd. >> > > First off, big apology, I'd assumed I was on v3 just because it was > the latest but I'm actually on v 2.2.9. > > I've tested another arch box which was installed from the same package > and that scans all the machines without any problem, including the one > that is failing. As that is a headless server my connection to that is > from the client on the non-working machine. I think this helps rule > out the client being at fault and network connectivity. Sniffing on > that machine when I try to scan from the failing machine shows no > packets making it across. > > On the failing machine, I've tried scanning 127.0.0.1, that came > straight back with an empty report. > > I've tried comparing the kernel modules loaded on both machines but > can't see anything obvious in the differences that would point to > networking. > > I'll try grabbing the v2 source and building from that, see if I get > anywhere with that. > > Robin >
I'll just add, I've done a fetch updates on both boxes this morning so the plug in lists are all up-to-date. _______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
