Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. Nessus>
  3. users
I keep getting "Empty Report" messages
dninja at gmail
Nov 11, 2008, 2:27 PM
Post #1 of 4 (2879 views)
Permalink
Hi
I posted this to the pen-testing mailing list but someone suggested
posting to here so I'm giving it a try.

I've just installed nessus on a new machine and when I try to scan a
target I always get back an empty report message. I've got wireshark
running and no traffic gets sent from the scanner so the standard
answer to this problem of it being a ping issue doesn't help here.

The machines I've tried scanning are on my local network, all respond
to pings and are are up and not firewalled in any way. I can connect
to the machines via ssh, http and as already said, I can ping them.
I've also tried scanning localhost with no luck. The machine all this
is on has one NIC which is up and is running fine, no special settings
or anything like that. The client can successfully login to the server
and receive the plugin list so that part of the communication is
working successfully.

I've turned log_whole_attack on but the log file isn't showing anything unusual:

[Tue Nov 11 22:21:13 2008][26685] nessusd 2.2.9. started
[Tue Nov 11 22:21:21 2008][26685] connection from 127.0.0.1
[Tue Nov 11 22:21:21 2008][26692] Client requested protocol version 12.
[Tue Nov 11 22:21:21 2008][26692] successful login of robin from 127.0.0.1

I had this problem with another machine ages ago and (I think) it
turned out to be a kernel module that I was missing. I've tried
googling to find the fix that I found last time but I can't find it.

Both the client and server are running on an Archlinux distro and are
installed from the Arch package.

Can anyone help?

Robin
_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
Re: I keep getting "Empty Report" messages [ In reply to ]
rgula at tenablesecurity
Nov 11, 2008, 4:42 PM
Post #2 of 4 (2787 views)
Permalink
Robin Wood wrote:
> Hi
> I posted this to the pen-testing mailing list but someone suggested
> posting to here so I'm giving it a try.
>
> I've just installed nessus on a new machine and when I try to scan a
> target I always get back an empty report message. I've got wireshark
> running and no traffic gets sent from the scanner so the standard
> answer to this problem of it being a ping issue doesn't help here.
>
> The machines I've tried scanning are on my local network, all respond
> to pings and are are up and not firewalled in any way. I can connect
> to the machines via ssh, http and as already said, I can ping them.
> I've also tried scanning localhost with no luck. The machine all this
> is on has one NIC which is up and is running fine, no special settings
> or anything like that. The client can successfully login to the server
> and receive the plugin list so that part of the communication is
> working successfully.
>
> I've turned log_whole_attack on but the log file isn't showing anything unusual:
>
> [Tue Nov 11 22:21:13 2008][26685] nessusd 2.2.9. started
> [Tue Nov 11 22:21:21 2008][26685] connection from 127.0.0.1
> [Tue Nov 11 22:21:21 2008][26692] Client requested protocol version 12.
> [Tue Nov 11 22:21:21 2008][26692] successful login of robin from 127.0.0.1
>
> I had this problem with another machine ages ago and (I think) it
> turned out to be a kernel module that I was missing. I've tried
> googling to find the fix that I found last time but I can't find it.
>
> Both the client and server are running on an Archlinux distro and are
> installed from the Arch package.
>

Hi Robin,

I'm not that familiar with Archlinux and have not looked at their
Nessus build.

You could try building Nessus 2 from scratch by downloading directly
from nessus.org.

You should make sure to subscribe to the Nessus Home feed or
Professional feed to make sure you have the latest vulnerability
checks. There is always a possibility that whoever packaged Nessus
didn't QA their build, include any plugins (redistributing Tenable
plugins is not permitted) or left Nessus in a poorly configured
state.

If it is a kernel/driver issue, I'd try to sniff from a machine other
than your Archlinux box just to make sure packets aren't on the wire
and your NIC is missing them or something like that. You should also
try scanning 127.0.0.1 to see if anything comes back.

Your log also has no record of a scan starting which seems very odd.

Ron Gula
Tenable Network Security














_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
Re: I keep getting "Empty Report" messages [ In reply to ]
dninja at gmail
Nov 12, 2008, 2:37 AM
Post #3 of 4 (2775 views)
Permalink
2008/11/12 Ron Gula <rgula@tenablesecurity.com>:
> Robin Wood wrote:
>> Hi
>> I posted this to the pen-testing mailing list but someone suggested
>> posting to here so I'm giving it a try.
>>
>> I've just installed nessus on a new machine and when I try to scan a
>> target I always get back an empty report message. I've got wireshark
>> running and no traffic gets sent from the scanner so the standard
>> answer to this problem of it being a ping issue doesn't help here.
>>
>> The machines I've tried scanning are on my local network, all respond
>> to pings and are are up and not firewalled in any way. I can connect
>> to the machines via ssh, http and as already said, I can ping them.
>> I've also tried scanning localhost with no luck. The machine all this
>> is on has one NIC which is up and is running fine, no special settings
>> or anything like that. The client can successfully login to the server
>> and receive the plugin list so that part of the communication is
>> working successfully.
>>
>> I've turned log_whole_attack on but the log file isn't showing anything unusual:
>>
>> [Tue Nov 11 22:21:13 2008][26685] nessusd 2.2.9. started
>> [Tue Nov 11 22:21:21 2008][26685] connection from 127.0.0.1
>> [Tue Nov 11 22:21:21 2008][26692] Client requested protocol version 12.
>> [Tue Nov 11 22:21:21 2008][26692] successful login of robin from 127.0.0.1
>>
>> I had this problem with another machine ages ago and (I think) it
>> turned out to be a kernel module that I was missing. I've tried
>> googling to find the fix that I found last time but I can't find it.
>>
>> Both the client and server are running on an Archlinux distro and are
>> installed from the Arch package.
>>
>
> Hi Robin,
>
> I'm not that familiar with Archlinux and have not looked at their
> Nessus build.
>
> You could try building Nessus 2 from scratch by downloading directly
> from nessus.org.
>
> You should make sure to subscribe to the Nessus Home feed or
> Professional feed to make sure you have the latest vulnerability
> checks. There is always a possibility that whoever packaged Nessus
> didn't QA their build, include any plugins (redistributing Tenable
> plugins is not permitted) or left Nessus in a poorly configured
> state.
>
> If it is a kernel/driver issue, I'd try to sniff from a machine other
> than your Archlinux box just to make sure packets aren't on the wire
> and your NIC is missing them or something like that. You should also
> try scanning 127.0.0.1 to see if anything comes back.
>
> Your log also has no record of a scan starting which seems very odd.
>

First off, big apology, I'd assumed I was on v3 just because it was
the latest but I'm actually on v 2.2.9.

I've tested another arch box which was installed from the same package
and that scans all the machines without any problem, including the one
that is failing. As that is a headless server my connection to that is
from the client on the non-working machine. I think this helps rule
out the client being at fault and network connectivity. Sniffing on
that machine when I try to scan from the failing machine shows no
packets making it across.

On the failing machine, I've tried scanning 127.0.0.1, that came
straight back with an empty report.

I've tried comparing the kernel modules loaded on both machines but
can't see anything obvious in the differences that would point to
networking.

I'll try grabbing the v2 source and building from that, see if I get
anywhere with that.

Robin
_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
Re: I keep getting "Empty Report" messages [ In reply to ]
dninja at gmail
Nov 12, 2008, 2:41 AM
Post #4 of 4 (2788 views)
Permalink
2008/11/12 Robin Wood <dninja@gmail.com>:
> 2008/11/12 Ron Gula <rgula@tenablesecurity.com>:
>> Robin Wood wrote:
>>> Hi
>>> I posted this to the pen-testing mailing list but someone suggested
>>> posting to here so I'm giving it a try.
>>>
>>> I've just installed nessus on a new machine and when I try to scan a
>>> target I always get back an empty report message. I've got wireshark
>>> running and no traffic gets sent from the scanner so the standard
>>> answer to this problem of it being a ping issue doesn't help here.
>>>
>>> The machines I've tried scanning are on my local network, all respond
>>> to pings and are are up and not firewalled in any way. I can connect
>>> to the machines via ssh, http and as already said, I can ping them.
>>> I've also tried scanning localhost with no luck. The machine all this
>>> is on has one NIC which is up and is running fine, no special settings
>>> or anything like that. The client can successfully login to the server
>>> and receive the plugin list so that part of the communication is
>>> working successfully.
>>>
>>> I've turned log_whole_attack on but the log file isn't showing anything unusual:
>>>
>>> [Tue Nov 11 22:21:13 2008][26685] nessusd 2.2.9. started
>>> [Tue Nov 11 22:21:21 2008][26685] connection from 127.0.0.1
>>> [Tue Nov 11 22:21:21 2008][26692] Client requested protocol version 12.
>>> [Tue Nov 11 22:21:21 2008][26692] successful login of robin from 127.0.0.1
>>>
>>> I had this problem with another machine ages ago and (I think) it
>>> turned out to be a kernel module that I was missing. I've tried
>>> googling to find the fix that I found last time but I can't find it.
>>>
>>> Both the client and server are running on an Archlinux distro and are
>>> installed from the Arch package.
>>>
>>
>> Hi Robin,
>>
>> I'm not that familiar with Archlinux and have not looked at their
>> Nessus build.
>>
>> You could try building Nessus 2 from scratch by downloading directly
>> from nessus.org.
>>
>> You should make sure to subscribe to the Nessus Home feed or
>> Professional feed to make sure you have the latest vulnerability
>> checks. There is always a possibility that whoever packaged Nessus
>> didn't QA their build, include any plugins (redistributing Tenable
>> plugins is not permitted) or left Nessus in a poorly configured
>> state.
>>
>> If it is a kernel/driver issue, I'd try to sniff from a machine other
>> than your Archlinux box just to make sure packets aren't on the wire
>> and your NIC is missing them or something like that. You should also
>> try scanning 127.0.0.1 to see if anything comes back.
>>
>> Your log also has no record of a scan starting which seems very odd.
>>
>
> First off, big apology, I'd assumed I was on v3 just because it was
> the latest but I'm actually on v 2.2.9.
>
> I've tested another arch box which was installed from the same package
> and that scans all the machines without any problem, including the one
> that is failing. As that is a headless server my connection to that is
> from the client on the non-working machine. I think this helps rule
> out the client being at fault and network connectivity. Sniffing on
> that machine when I try to scan from the failing machine shows no
> packets making it across.
>
> On the failing machine, I've tried scanning 127.0.0.1, that came
> straight back with an empty report.
>
> I've tried comparing the kernel modules loaded on both machines but
> can't see anything obvious in the differences that would point to
> networking.
>
> I'll try grabbing the v2 source and building from that, see if I get
> anywhere with that.
>
> Robin
>

I'll just add, I've done a fetch updates on both boxes this morning so
the plug in lists are all up-to-date.
_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal