Use --source-ip can't get any results in zmap3.0

Question

Use --source-ip can't get any results in zmap3.0

passwa11 opened this issue a year ago · 1 comments

Describe the bug
when use --source-ip or -S 8.8.8.8 ,get nothing. unuse -S can get right results.

CLI Arguments
Please paste your ZMap invocation below

➜  zmap sudo zmap -p 80 1.1.1.1/30
Jun 26 10:18:44.242 [INFO] zmap: By default, ZMap will output the unique IP addresses of hosts that respond successfully (e.g., SYN-ACK packet). This is equivalent to running ZMap with the following flags: --output-module=csv --output-fields=saddr --output-filter='success=1 && repeat=0' --no-header-row. If you want all responses, explicitly set an output module or set --output-filter="".
Jun 26 10:18:44.242 [WARN] blocklist: ZMap is currently using the default blocklist located at /etc/zmap/blocklist.conf. By default, this blocklist excludes locally scoped networks (e.g. 10.0.0.0/8, 127.0.0.1/8, and 192.168.0.0/16). If you are trying to scan local networks, you can change the default blocklist by editing the default ZMap configuration at /etc/zmap/blocklist.conf. If you have modified the default blocklist, you can ignore this message.
Jun 26 10:18:44.296 [INFO] recv: duplicate responses will be excluded from output
Jun 26 10:18:44.296 [INFO] recv: unsuccessful responses will be excluded from output
 0:00 0%; send: 0 0 p/s (0 p/s avg); recv: 0 0 p/s (0 p/s avg); drops: 0 p/s (0 p/s avg); hitrate: 0.00%
 0:00 1%; send: 3 7.59 Kp/s (57 p/s avg); recv: 0 0 p/s (0 p/s avg); drops: 0 p/s (0 p/s avg); hitrate: 0.00%
 0:01 13%; send: 4 done (75 p/s avg); recv: 0 0 p/s (0 p/s avg); drops: 0 p/s (0 p/s avg); hitrate: 0.00%
1.1.1.0
1.1.1.2
1.1.1.3
 0:02 25%; send: 4 done (75 p/s avg); recv: 3 3 p/s (1 p/s avg); drops: 0 p/s (0 p/s avg); hitrate: 75.00%
 0:03 38%; send: 4 done (75 p/s avg); recv: 3 0 p/s (0 p/s avg); drops: 0 p/s (0 p/s avg); hitrate: 75.00%
 0:04 50%; send: 4 done (75 p/s avg); recv: 3 0 p/s (0 p/s avg); drops: 0 p/s (0 p/s avg); hitrate: 75.00%
 0:05 63% (3s left); send: 4 done (75 p/s avg); recv: 3 0 p/s (0 p/s avg); drops: 0 p/s (0 p/s avg); hitrate: 75.00%
 0:06 75% (2s left); send: 4 done (75 p/s avg); recv: 3 0 p/s (0 p/s avg); drops: 0 p/s (0 p/s avg); hitrate: 75.00%
 0:07 88% (1s left); send: 4 done (75 p/s avg); recv: 3 0 p/s (0 p/s avg); drops: 0 p/s (0 p/s avg); hitrate: 75.00%
 0:08 100% (0s left); send: 4 done (75 p/s avg); recv: 3 0 p/s (0 p/s avg); drops: 0 p/s (0 p/s avg); hitrate: 75.00%
Jun 26 10:18:53.328 [INFO] zmap: completed

# use  -S 8.8.8.8
➜  zmap sudo zmap -p 80 1.1.1.1/30 -S 8.8.8.8
Jun 26 10:19:47.524 [INFO] zmap: By default, ZMap will output the unique IP addresses of hosts that respond successfully (e.g., SYN-ACK packet). This is equivalent to running ZMap with the following flags: --output-module=csv --output-fields=saddr --output-filter='success=1 && repeat=0' --no-header-row. If you want all responses, explicitly set an output module or set --output-filter="".
Jun 26 10:19:47.524 [WARN] blocklist: ZMap is currently using the default blocklist located at /etc/zmap/blocklist.conf. By default, this blocklist excludes locally scoped networks (e.g. 10.0.0.0/8, 127.0.0.1/8, and 192.168.0.0/16). If you are trying to scan local networks, you can change the default blocklist by editing the default ZMap configuration at /etc/zmap/blocklist.conf. If you have modified the default blocklist, you can ignore this message.
Jun 26 10:19:47.568 [INFO] recv: duplicate responses will be excluded from output
Jun 26 10:19:47.568 [INFO] recv: unsuccessful responses will be excluded from output
 0:00 0%; send: 0 0 p/s (0 p/s avg); recv: 0 0 p/s (0 p/s avg); drops: 0 p/s (0 p/s avg); hitrate: 0.00%
 0:00 1%; send: 1 6.53 Kp/s (24 p/s avg); recv: 0 0 p/s (0 p/s avg); drops: 0 p/s (0 p/s avg); hitrate: 0.00%
 0:01 13%; send: 4 done (95 p/s avg); recv: 0 0 p/s (0 p/s avg); drops: 0 p/s (0 p/s avg); hitrate: 0.00%
 0:02 25%; send: 4 done (95 p/s avg); recv: 0 0 p/s (0 p/s avg); drops: 0 p/s (0 p/s avg); hitrate: 0.00%
 0:03 38%; send: 4 done (95 p/s avg); recv: 0 0 p/s (0 p/s avg); drops: 0 p/s (0 p/s avg); hitrate: 0.00%
 0:04 50%; send: 4 done (95 p/s avg); recv: 0 0 p/s (0 p/s avg); drops: 0 p/s (0 p/s avg); hitrate: 0.00%
 0:05 63% (3s left); send: 4 done (95 p/s avg); recv: 0 0 p/s (0 p/s avg); drops: 0 p/s (0 p/s avg); hitrate: 0.00%
 0:06 75% (2s left); send: 4 done (95 p/s avg); recv: 0 0 p/s (0 p/s avg); drops: 0 p/s (0 p/s avg); hitrate: 0.00%
 0:07 88% (1s left); send: 4 done (95 p/s avg); recv: 0 0 p/s (0 p/s avg); drops: 0 p/s (0 p/s avg); hitrate: 0.00%
 0:08 100% (0s left); send: 4 done (95 p/s avg); recv: 0 0 p/s (0 p/s avg); drops: 0 p/s (0 p/s avg); hitrate: 0.00%
Jun 26 10:19:56.609 [INFO] zmap: completed

Example Target IP

Please list any IPs that can be used for testing behavior.

Expected behavior
A clear and concise description of what you expected to happen.

Environment:

OS: Ubuntu Server 20.04
Version:

Jun 26 10:21:37.809 [INFO] zmap: By default, ZMap will output the unique IP addresses of hosts that respond successfully (e.g., SYN-ACK packet). This is equivalent to running ZMap with the following flags: --output-module=csv --output-fields=saddr --output-filter='success=1 && repeat=0' --no-header-row. If you want all responses, explicitly set an output module or set --output-filter="".
zmap Development Build. Commit dc2937f - Fri Jun 23 14:15:09 2023 -0600

Additional context
Add any other context about the problem here.

Answer 1 · 2023-07-06T17:53:55.000Z

You're spoofing your source IP, so all the responses are going to Google's DNS server instead of you (if they even make it past egress filtering). For -S to work, the source IP needs to be routed to you.