# nmap - Operation not permitted

## alex.blackbit

hi,

when running nmap (even as root) i get some weird messages and don't know if that's normal.

```
wall ~ # nmap -A 192.168.0.5                   

Starting Nmap 4.60 ( http://nmap.org ) at 2008-04-13 22:17 CEST

sendto in send_ip_packet: sendto(5, packet, 60, 0, 192.168.0.5, 16) => Operation not permitted

Offending packet: TCP 192.168.0.1:46537 > 192.168.0.5:21  ttl=48 id=54750 iplen=60  seq=1761211946 win=128 <wscale 10,nop,mss 265,timestamp 4294967295 0,sackOK>

sendto in send_ip_packet: sendto(5, packet, 60, 0, 192.168.0.5, 16) => Operation not permitted

Offending packet: TCP 192.168.0.1:46538 > 192.168.0.5:21 SFPU ttl=57 id=34903 iplen=60  seq=1761211946 win=256 <wscale 10,nop,mss 265,timestamp 4294967295 0,sackOK>

sendto in send_ip_packet: sendto(5, packet, 60, 0, 192.168.0.5, 16) => Operation not permitted

Offending packet: TCP 192.168.0.1:46542 > 192.168.0.5:1 FPU ttl=37 id=8506 iplen=60  seq=1761211946 win=65535 <wscale 15,nop,mss 265,timestamp 4294967295 0,sackOK>

sendto in send_ip_packet: sendto(5, packet, 60, 0, 192.168.0.5, 16) => Operation not permitted

Offending packet: TCP 192.168.0.1:46537 > 192.168.0.5:21  ttl=49 id=64520 iplen=60  seq=1761211946 win=128 <wscale 10,nop,mss 265,timestamp 4294967295 0,sackOK>

sendto in send_ip_packet: sendto(5, packet, 60, 0, 192.168.0.5, 16) => Operation not permitted

Offending packet: TCP 192.168.0.1:46538 > 192.168.0.5:21 SFPU ttl=59 id=39908 iplen=60  seq=1761211946 win=256 <wscale 10,nop,mss 265,timestamp 4294967295 0,sackOK>

sendto in send_ip_packet: sendto(5, packet, 60, 0, 192.168.0.5, 16) => Operation not permitted

Offending packet: TCP 192.168.0.1:46542 > 192.168.0.5:1 FPU ttl=48 id=34141 iplen=60  seq=1761211946 win=65535 <wscale 15,nop,mss 265,timestamp 4294967295 0,sackOK>

sendto in send_ip_packet: sendto(5, packet, 60, 0, 192.168.0.5, 16) => Operation not permitted

Offending packet: TCP 192.168.0.1:46537 > 192.168.0.5:21  ttl=46 id=42815 iplen=60  seq=1761211946 win=128 <wscale 10,nop,mss 265,timestamp 4294967295 0,sackOK>

sendto in send_ip_packet: sendto(5, packet, 60, 0, 192.168.0.5, 16) => Operation not permitted

Offending packet: TCP 192.168.0.1:46538 > 192.168.0.5:21 SFPU ttl=59 id=18804 iplen=60  seq=1761211946 win=256 <wscale 10,nop,mss 265,timestamp 4294967295 0,sackOK>

sendto in send_ip_packet: sendto(5, packet, 60, 0, 192.168.0.5, 16) => Operation not permitted

Offending packet: TCP 192.168.0.1:46542 > 192.168.0.5:1 FPU ttl=42 id=58482 iplen=60  seq=1761211946 win=65535 <wscale 15,nop,mss 265,timestamp 4294967295 0,sackOK>

sendto in send_ip_packet: sendto(5, packet, 60, 0, 192.168.0.5, 16) => Operation not permitted

Offending packet: TCP 192.168.0.1:46537 > 192.168.0.5:21  ttl=41 id=19425 iplen=60  seq=1761211946 win=128 <wscale 10,nop,mss 265,timestamp 4294967295 0,sackOK>

Omitting future Sendto error messages now that 10 have been shown.  Use -d2 if you really want to see them.

Interesting ports on 192.168.0.5:

Not shown: 1708 closed ports

PORT      STATE SERVICE     VERSION

21/tcp    open  ftp         Dreambox ftpd

22/tcp    open  ssh         Dropbear sshd 0.46 (protocol 2.0)

23/tcp    open  telnet      Dreambox dm7020 telnetd 1.2.0

80/tcp    open  http        Dreambox httpd

139/tcp   open  netbios-ssn Samba smbd 3.X (workgroup: DREAM)

445/tcp   open  netbios-ssn Samba smbd 3.X (workgroup: DREAM)

31337/tcp open  Elite?

MAC Address: 00:09:34:15:1B:C0 (Dream-Multimedia-Tv GmbH)

No exact OS matches for host (If you know what OS is running on it, see http://nmap.org/submit/ ).

TCP/IP fingerprint:

OS:SCAN(V=4.60%D=4/13%OT=21%CT=1%CU=36235%PV=Y%DS=1%G=Y%M=000934%TM=48026AB

OS:2%P=i686-pc-linux-gnu)SEQ(SP=C7%GCD=1%ISR=D3%TI=Z%II=I%TS=A)OPS(O1=M5B4S

OS:T11NW2%O2=M5B4ST11NW2%O3=M5B4NNT11NW2%O4=M5B4ST11NW2%O5=M5B4ST11NW2%O6=M

OS:5B4ST11)WIN(W1=16A0%W2=16A0%W3=16A0%W4=16A0%W5=16A0%W6=16A0)ECN(R=Y%DF=Y

OS:%T=40%W=16D0%O=M5B4NNSNW2%CC=N%Q=)T1(R=Y%DF=Y%T=40%S=O%A=S+%F=AS%RD=0%Q=

OS:)T2(R=N)T3(R=N)T4(R=Y%DF=Y%T=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)T5(R=Y%DF=Y%T

OS:=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)T6(R=Y%DF=Y%T=40%W=0%S=A%A=Z%F=R%O=%RD=

OS:0%Q=)T7(R=N)U1(R=Y%DF=N%T=40%TOS=C0%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%RU

OS:CK=G%RUL=G%RUD=G)IE(R=Y%DFI=N%T=40%TOSI=S%CD=S%SI=S%DLI=S)

Uptime: 0.077 days (since Sun Apr 13 20:28:17 2008)

Network Distance: 1 hop

Service Info: Device: media device

OS and Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .

Nmap done: 1 IP address (1 host up) scanned in 84.461 seconds

wall ~ #
```

what's that all about?

----------

## gnix2

Perhaps this operation not permitted is caused by your iptables rules. I'm not sure, but if you are using the "state module" a possible cause is that you need to permit yourself to send "INVALID" packets. Check in google, I remember one problem like this on insecure.org. 

Gnix

----------

## alex.blackbit

thank you for your answer, gnix2. that did the trick.

----------

