Troubleshooting suggestions

Support
Steve Godfrey
2010-06-15
2013-04-25

  • Steve Godfrey
    Steve Godfrey
    2010-06-15

    I've installed the most current version (0.7). I added a couple of hosts IP's to scan ie 192.168.1.1/32 and these worked fine. I've now added a class C range ie 192.168.1.0/24 and although a sweep starts it never seems to finish. The server running cancerbero is on the outside of the firewall as I want to test public facing hosts. I've also changed the NMAP config so every port on each IP is scanned.

    Here's the 'scan' nmap config '-PN -A -T insane' and the 'sweep' parameters '-PN -p1-65000 -A -T insane'

    This is the log file - well the relevant part anyway.

    2010/06/15 11:55:46 Going to re-sweep the network now, next sweep scheduled at Tue Jun 15 23:55:46 2010
    2010/06/15 11:55:46 Starting sweep with 258 hosts
    2010/06/15 11:55:46 Started >>/usr/bin/nmap -PN -p1-65000 -A -T insane -iL /dev/fd/6 -oX /dev/fd/7<<  -> PID 9590

    At this point NMAP starts scanning, I'm running tcpdump on the server so I know the scan has begun. In this example the NMAP scan finished at 13:02 then after that all I get is

    2010/06/15 13:01:54 Updating status: 1 children processes
    2010/06/15 13:02:09 Updating status: 1 children processes
    2010/06/15 13:02:24 Updating status: 1 children processes
    2010/06/15 13:02:39 Updating status: 1 children processes
    2010/06/15 13:02:54 Updating status: 1 children processes
    2010/06/15 13:03:09 Updating status: 1 children processes
    2010/06/15 13:03:24 Updating status: 1 children processes
    2010/06/15 13:03:39 Updating status: 1 children processes

    The CPU on the server is sat at 1% and there's no NMAP process running. The status page says 'scanning' but I'd expect to see  network, cpu or MySQL activity. Given the number of scans that need to be processed I've set the sweep discover interval to 12 hours (43200 seconds).

    Any ideas of how I can troubleshoot the cancerbero backend to understand what's happening?

    Here's a bit more info.
    The server is running debian stable
    outside:~# ps aux | grep nmap
    root     15410  1.3  2.2  82472 79988 ?        S    12:57   2:27 /usr/bin/nmap -PN -A -T insane -iL /dev/fd/6 -oX /dev/fd/7
    outside:~# ps aux | grep cancer
    root      3057  0.0  0.6  27700 23948 ?        S    10:33   0:08 /usr/bin/perl /usr/sbin/cancerbero-sensor
    root      5462  0.0  0.1  22528  4160 ?        Ss   11:02   0:00 /usr/bin/php /usr/sbin/cancerberod

    top - 16:05:17 up  5:32,  2 users,  load average: 0.00, 0.00, 0.00