Home page logo

nmap-dev logo Nmap Development mailing list archives

Re: Questions: interface names on win32
From: jah <jah () zadkiel plus com>
Date: Sat, 01 Dec 2007 04:38:29 +0000

David Fifield wrote:

I'm not sure, but I found this comment in libdnet-stripped/src/intf-win32.c:

/* Next we must find the pcap device name corresponding to the device.
   The device description used to be compared with those from
   PacketGetAdapterNames(), but that was unrelaible because dnet and
   pcap sometimes give different descriptions.  For example, dnet gave
   me "AMD PCNET Family PCI Ethernet Adapter - Packet Scheduler
   Miniport" for one of my adapters (in vmware), while pcap described it
   as "VMware Accelerated AMD PCNet Adapter (Microsoft's Packet
   Scheduler)". Plus, Packet* functions aren't really supported for
   external use by the WinPcap folks.  So I have rewritten this to
   compare interface addresses (which has its own problems -- what if
   you want to listen an an interface with no IP address set?) --Fyodor */
On an XP machine (2K too, possibly Vista too?), it's possible to get the 
windows interface name from the registry:


where GUID is the "PCAP" GUID.
The string value "Name" is the Windows friendly name for the adapter
There's a GUID for each connection under
this includes connections such as 1394 (firewire),wireless, bluetooth 
and dial-up.  Not the loopback device.

Starting Nmap 4.23RC3 ( http://insecure.org ) at 2007-11-28 21:06 GMT 
Standard Time
eth0 (eth0) ethernet up 00:13:CE:8A:74:3C
eth1 (eth1) ethernet up 00:16:36:06:7D:16
lo0  (lo0)     loopback up

eth1 \Device\NPF_{9E407963-4C68-4336-9008-3236DF509606}
lo0  \Device\NPF_{08CFDE0B-16EF-4DBB-B93C-386AB69B65FF}

Also, I observe that the wireless adapter doesn't have an entry under 
WINDEVICE....why's that?

I don't know what that is. I saw that phenomenon in some of the Vista
users' reports too.

Well, there's a thing - the WINDEVICE lo0 is actually the GUID for *eth0 
- the wireless connection*.  I can confirm that in both the registry and 
with wireshark.

Sent through the nmap-dev mailing list
Archived at http://SecLists.Org

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]