dninja at gmail
Nov 12, 2008, 2:41 AM
Post #4 of 4
2008/11/12 Robin Wood <dninja [at] gmail>:
Re: I keep getting "Empty Report" messages
[In reply to]
> 2008/11/12 Ron Gula <rgula [at] tenablesecurity>:
>> Robin Wood wrote:
>>> I posted this to the pen-testing mailing list but someone suggested
>>> posting to here so I'm giving it a try.
>>> I've just installed nessus on a new machine and when I try to scan a
>>> target I always get back an empty report message. I've got wireshark
>>> running and no traffic gets sent from the scanner so the standard
>>> answer to this problem of it being a ping issue doesn't help here.
>>> The machines I've tried scanning are on my local network, all respond
>>> to pings and are are up and not firewalled in any way. I can connect
>>> to the machines via ssh, http and as already said, I can ping them.
>>> I've also tried scanning localhost with no luck. The machine all this
>>> is on has one NIC which is up and is running fine, no special settings
>>> or anything like that. The client can successfully login to the server
>>> and receive the plugin list so that part of the communication is
>>> working successfully.
>>> I've turned log_whole_attack on but the log file isn't showing anything unusual:
>>> [Tue Nov 11 22:21:13 2008] nessusd 2.2.9. started
>>> [Tue Nov 11 22:21:21 2008] connection from 127.0.0.1
>>> [Tue Nov 11 22:21:21 2008] Client requested protocol version 12.
>>> [Tue Nov 11 22:21:21 2008] successful login of robin from 127.0.0.1
>>> I had this problem with another machine ages ago and (I think) it
>>> turned out to be a kernel module that I was missing. I've tried
>>> googling to find the fix that I found last time but I can't find it.
>>> Both the client and server are running on an Archlinux distro and are
>>> installed from the Arch package.
>> Hi Robin,
>> I'm not that familiar with Archlinux and have not looked at their
>> Nessus build.
>> You could try building Nessus 2 from scratch by downloading directly
>> from nessus.org.
>> You should make sure to subscribe to the Nessus Home feed or
>> Professional feed to make sure you have the latest vulnerability
>> checks. There is always a possibility that whoever packaged Nessus
>> didn't QA their build, include any plugins (redistributing Tenable
>> plugins is not permitted) or left Nessus in a poorly configured
>> If it is a kernel/driver issue, I'd try to sniff from a machine other
>> than your Archlinux box just to make sure packets aren't on the wire
>> and your NIC is missing them or something like that. You should also
>> try scanning 127.0.0.1 to see if anything comes back.
>> Your log also has no record of a scan starting which seems very odd.
> First off, big apology, I'd assumed I was on v3 just because it was
> the latest but I'm actually on v 2.2.9.
> I've tested another arch box which was installed from the same package
> and that scans all the machines without any problem, including the one
> that is failing. As that is a headless server my connection to that is
> from the client on the non-working machine. I think this helps rule
> out the client being at fault and network connectivity. Sniffing on
> that machine when I try to scan from the failing machine shows no
> packets making it across.
> On the failing machine, I've tried scanning 127.0.0.1, that came
> straight back with an empty report.
> I've tried comparing the kernel modules loaded on both machines but
> can't see anything obvious in the differences that would point to
> I'll try grabbing the v2 source and building from that, see if I get
> anywhere with that.
I'll just add, I've done a fetch updates on both boxes this morning so
the plug in lists are all up-to-date.
Nessus mailing list
Nessus [at] list