This discussion is archived
2 Replies Latest reply: Nov 14, 2012 1:27 PM by alan.pae RSS

Nmap on non-global Solaris 10 zone as root

970898 Newbie
Currently Being Moderated
Hi,

I'm using nmap 6.01.

Nmap works fine on the global zone in Solaris 10.
It works fine on a non-global zone if NOT run as root, but I need to run as root since I need to do UDP scans.
As non-root on a non-global zone I get the following error:

bash-3.2# /usr/local/bin/nmap -sP 127.0.0.1

Starting Nmap 6.01 ( http://nmap.org ) at 2012-10-23 15:14 SAST
route_dst_generic: Failed to obtain system routes: getsysroutes_dnet: route_open() failed

The zone is a shared-IP zone. As far as I know on Solaris 10 you cannot create an exclusive IP zone (which I suspect may solve the problem) unless you have another separate NIC to attach to it. The machine is x86, running on VMware. Also, from what I've read you can't create a virtual NIC for the child zone in Solaris 10 - this can only be done in Solaris 11. I don't have that option as I have to get this to work on machines already in production.

I've tried giving the child zone the net_rawaccess privilege with the same results. Also the root of the problem looks like ldnet - I tried building and running ldnet 1.12 separately just to check and here is the result on the non-global zone:

bash-3.2# /usr/local/sbin/dnet intf show
intf_loop: No such device or address

On the global zone it works fine:

bash-3.2# /usr/local/sbin/dnet intf show
lo0: flags=0x23<UP,LOOPBACK,MULTICAST> mtu 8232
inet 127.0.0.1/8
e1000g0: flags=0x31<UP,BROADCAST,MULTICAST> mtu 1500
inet 10.118.5.212/24
link 00:50:56:9e:3f:d1

Is it actually possible to do this? i.e. run nmap as root user on a non-global zone in Solaris 10?

Thanks is advance.

Legend

  • Correct Answers - 10 points
  • Helpful Answers - 5 points