Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Nmap Development: RE: nmap fails to scan under vista

RE: nmap fails to scan under vista

From: Rob Nicholls <robert_at_everythingeverything.co.uk>
Date: Thu, 20 Dec 2007 16:51:16 -0000

The latest stable version (and a few of the older ones leading to the
release of 4.50) enumerates interfaces in a slightly different way compared
to previous versions. This allows Vista users to use wireless network cards
(and in theory Windows users to use additional interfaces that weren't being
detected before) and Windows users to use additional IPs assigned to a
device (useful if you have a single network card and have manually assigned
a second IP for a different subnet). So yes, it has changed, which may
explain why you've experienced some trouble.

http://seclists.org/nmap-dev/2007/q4/0313.html
http://seclists.org/nmap-dev/2007/q4/0391.html

If you run "nmap --iflist" it will list the devices that are available,
along with their IPs and gateway information ("Print host interfaces and
routes (for debugging)", according to the usage).

Glad to hear that you've made some progress! :)

Rob

-----Original Message-----
From: Castle, Shane [mailto:scastle_at_co.boulder.co.us]
Sent: 20 December 2007 16:28
To: nmap-dev_at_insecure.org
Subject: RE: nmap fails to scan under vista

I made some progress here - my PC has two physical interfaces (I won't
go into the Vmxnet ones), one of them not connected, and nmap chose to
use the interface that was not connected - inactive but not disabled. I
could not figure out how to make it use the correct interface ("eth0"
was what it was using; how it chooses names still escapes me) so I
swapped the network cable between them. Now it works. How come it
worked OK before? Did something happen to change the mapping of the
interfaces? One never sees "eth0", "eth1", etc., in any of the various
ways Microsoft presents interface information to the user.

When running Wireshark on the active interface I saw no nmap traffic at
all. This is what got me to twig to the possible problem, and to test
it. 

--
Shane Castle
GSEC GCIH
-----Original Message-----
From: nmap-dev-bounces_at_insecure.org
[mailto:nmap-dev-bounces_at_insecure.org] On Behalf Of Rob Nicholls
Sent: Wednesday, December 19, 2007 21:20
To: nmap-dev_at_insecure.org
Subject: RE: nmap fails to scan under vista
I haven't spotted any -sP problems with 4.50 on either XP or Vista (I
get
replies from hosts that I know have ping enabled). I can run bob's
command
without any trouble, on Vista against my local LAN (ARP Ping) and
against
hosts across the internet, and on XP against scanme.nmap.org. My systems
are
fully patched, although one Vista machine appeared to still be running
WinPcap 4.0.0 (it doesn't appear to act any differently to Vista with
WinPcap 4.0.2).
Microsoft's patches this month only affected:
MS07-063: vulnerability in SMBv2 
MS07-064: two vulnerabilities in Microsoft DirectX 
MS07-065: vulnerability in Message Queuing (incorrectly validates input
strings before passing the strings to a buffer)
MS07-066: vulnerability in Windows Kernel (Windows Advanced Local
Procedure
Call improperly validates certain conditions in legacy reply paths)
MS07-067: vulnerability in Macrovision Driver
MS07-068: vulnerability in Windows Media File Format 
MS07-069: security update for Internet Explorer
So it's unlikely those patches would affect nmap/WinPcap. All but two of
them address specific problems in applications/services that AFAIK
aren't at
all related to nmap/WinPcap. As for the remaining two: the Windows
Kernel
one only affects Vista, and the Message Queuing one only affects 2000
and XP
(2003 and Vista are unaffected).
I'm assuming that the correct response is seen when running
ping scanme.nmap.org
>From the Windows Command Prompt.
If Wireshark really does work fine, it'd be interesting to know if you
can
see a response come back in Wireshark when running -sP in nmap and if
the
packet trace differs in nmap (i.e. it doesn't spot the response that you
see
in Wireshark).
Rob
-----Original Message-----
From: jah [mailto:jah_at_zadkiel.plus.com] 
Sent: 20 December 2007 01:51
To: Castle, Shane
Cc: nmap-dev_at_insecure.org
Subject: Re: nmap fails to scan under vista
On 19/12/2007 19:58, Castle, Shane wrote:
> Yes indeedy I have - they are usually installed by the Wednesday after
> (what, you mean you don't?!?).
Hell no!  I always give them a good coat of looking at...
I have now installed those updates presented to me and none caused any 
difference in SYN ping results...
jah
>   Looks like it's a good bet they broke
> nmap/winpcap.  WireShark works just fine, so it's not likely to be
> winpcap.
>
> (I know some folks hate top-posting but that's the way Outlook works;
I
> have no choice, I must use it.)
>
> --
> Shane Castle
> GSEC GCIH
>
>
> -----Original Message-----
> From: nmap-dev-bounces_at_insecure.org
> [mailto:nmap-dev-bounces_at_insecure.org] On Behalf Of jah
> Sent: Wednesday, December 19, 2007 12:49
> To: Castle, Shane
> Cc: nmap-dev_at_insecure.org
> Subject: Re: nmap fails to scan under vista
>
>
> On 19/12/2007 18:12, Castle, Shane wrote:
>   
>> Yes, 4.50 seems broken on WinXP/SP2 as well - all pings fail.
>>
>> I'm on an RFC1918 subnet at work, and using "nmap -sP 192.168.3.0/24"
>> fails similarly.
>>
>>   
>>     
> I'm not getting any problems with 4.50 using -sP on XPSP2 with winpcap
> 4.02 from nmap or directly from CACE Technologies.  I haven't
installed 
> microsoft patches for this month yet, have you?
>
> jah
>   
>> --
>> Shane Castle
>> GSEC GCIH
>>
>>
>> -----Original Message-----
>> From: nmap-dev-bounces_at_insecure.org
>> [mailto:nmap-dev-bounces_at_insecure.org] On Behalf Of bob
>> Sent: Wednesday, December 19, 2007 07:56
>> To: nmap-dev_at_insecure.org
>> Subject: nmap fails to scan under vista
>>
>> Nmap fails to do a network scan i.e. a ping scan, SYN scan (haven't
>> tried
>> connect() scan). I think it plain fails to receive any packet. Have
>> tried
>> using UAC+Admin privileges.
>>
>> [nmap output deleted]
>>
>> I have nmap 4.50 installed and my vista is updated.
>>
>>
>> _______________________________________________
>> Sent through the nmap-dev mailing list
>> http://cgi.insecure.org/mailman/listinfo/nmap-dev
>> Archived at http://SecLists.Org
>>
>> --
>> This email has been verified as Virus free
>> Virus Protection and more available at http://www.plus.net
>>
>>   
>>     
>
>
> _______________________________________________
> Sent through the nmap-dev mailing list
> http://cgi.insecure.org/mailman/listinfo/nmap-dev
> Archived at http://SecLists.Org
>
> _______________________________________________
> Sent through the nmap-dev mailing list
> http://cgi.insecure.org/mailman/listinfo/nmap-dev
> Archived at http://SecLists.Org
>
> --
> This email has been verified as Virus free
> Virus Protection and more available at http://www.plus.net
>
>   
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
Received on Dec 20 2007
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos