# nmap Unable to open interface em0 -- skipping it.



## rambetter (Mar 18, 2009)

FreeBSD 7.0.  I was able to use nmap just fine a week ago.  Then, something happened (maybe with the network?) and it no longer works.  The network on the server works just fine.  Here is what I'm getting:


```
root@daffy# nmap --iflist

Starting Nmap 4.76 ( http://nmap.org ) at 2009-03-18 11:27 PDT
Warning: Unable to open interface em0 -- skipping it.
************************INTERFACES************************
DEV (SHORT) IP/MASK     TYPE     UP MAC
lo0 (lo0)   127.0.0.1/8 loopback up

WARNING: Unable to find appropriate interface for system route to 206.251.244.1
**************************ROUTES**************************
DST/MASK     DEV GATEWAY
127.0.0.1/32 lo0 127.0.0.1

root@daffy# ifconfig
em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=19b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,TSO4>
        ether 00:30:48:93:11:13
        inet 206.251.244.51 netmask 0xffffff00 broadcast 206.251.244.255
        media: Ethernet autoselect (100baseTX <full-duplex>)
        status: active
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x2
        inet6 ::1 prefixlen 128
        inet 127.0.0.1 netmask 0xff000000
```


----------



## rambetter (Mar 18, 2009)

Actually I just discovered that nmap works when I run it as a non-root user.  It's only from root that the problem occurs.  Do you have any idea why this would be?


----------



## Christopher (Mar 19, 2009)

What is the permissions on /dev/bpf0?

When I run nmap --iflist as a mortal user, it blows up with the same message.  Using ktrace reveals its trying to open /dev/bpf0 for writing and is running into permissions problems.


```
90808 nmap     CALL  open(0xbfbfaff8,O_WRONLY,<unused>0x2831020e)
 90808 nmap     NAMI  "/dev/bpf0"
 90808 nmap     RET   open -1 errno 13 Permission denied
 90808 nmap     CALL  write(0x2,0xbfbfa9f0,0x35)
 90808 nmap     GIO   fd 2 wrote 53 bytes
       "Warning: Unable to open interface em0 -- skipping it."
 90808 nmap     RET   write 53/0x35
 90808 nmap     CALL  write(0x2,0xbfbfa9b0,0x1)
```

Works okay as root on my FreeBSD 7.1 i386 system.


----------



## rambetter (Mar 19, 2009)

device bpf is not compiled into my kernel, I have it commented out.  Perhaps this is the problem!

# The `bpf' device enables the Berkeley Packet Filter.
# Be aware of the administrative consequences of enabling this!
# Note that 'bpf' is required for DHCP.
#device         bpf             # Berkeley packet filter


I commented it out because of that warning.


----------



## Christopher (Mar 20, 2009)

rambetter said:
			
		

> device bpf is not compiled into my kernel, I have it commented out.  Perhaps this is the problem!



I'm not sure what nmap does without a bpf device in this case.  You can run it with ktrace(1) to see what its doing.



			
				rambetter said:
			
		

> # The `bpf' device enables the Berkeley Packet Filter.
> # Be aware of the administrative consequences of enabling this!
> # Note that 'bpf' is required for DHCP.
> #device         bpf             # Berkeley packet filter
> ...




The Berkeley packet filter device can usually only be opened by root.  If you don't trust users on the system then its probably good to comment it out.

If you do trust your users to not (ab)use root, then having it in can be quite useful when trying to track down other networking problems.  Tcpdump and nettop work best with bpf devices.


----------



## Mel_Flynn (Mar 20, 2009)

bpf allows sniffing of packets, which is what you do with nmap. These are largely the "administrative consequences" mentioned, though, bpf also allows modification of packets through filtering. More info: bpf(4), specifically BIOCSET* ioctls.


----------

