Nmap Development: RE: nmap fails to scan under vista

["Rob Nicholls" <robert () everythingeverything co uk>]

I haven't spotted any -sP problems with 4.50 on either XP or Vista (I get
replies from hosts that I know have ping enabled). I can run bob's command
without any trouble, on Vista against my local LAN (ARP Ping) and against
hosts across the internet, and on XP against scanme.nmap.org. My systems are
fully patched, although one Vista machine appeared to still be running
WinPcap 4.0.0 (it doesn't appear to act any differently to Vista with
WinPcap 4.0.2).

Microsoft's patches this month only affected:
MS07-063: vulnerability in SMBv2 
MS07-064: two vulnerabilities in Microsoft DirectX 
MS07-065: vulnerability in Message Queuing (incorrectly validates input
strings before passing the strings to a buffer)
MS07-066: vulnerability in Windows Kernel (Windows Advanced Local Procedure
Call improperly validates certain conditions in legacy reply paths)
MS07-067: vulnerability in Macrovision Driver
MS07-068: vulnerability in Windows Media File Format 
MS07-069: security update for Internet Explorer

So it's unlikely those patches would affect nmap/WinPcap. All but two of
them address specific problems in applications/services that AFAIK aren't at
all related to nmap/WinPcap. As for the remaining two: the Windows Kernel
one only affects Vista, and the Message Queuing one only affects 2000 and XP
(2003 and Vista are unaffected).

I'm assuming that the correct response is seen when running

ping scanme.nmap.org

> From the Windows Command Prompt.
If Wireshark really does work fine, it'd be interesting to know if you can
see a response come back in Wireshark when running -sP in nmap and if the
packet trace differs in nmap (i.e. it doesn't spot the response that you see
in Wireshark).


Rob


-----Original Message-----
From: jah [mailto:jah () zadkiel plus com] 
Sent: 20 December 2007 01:51
To: Castle, Shane
Cc: nmap-dev () insecure org
Subject: Re: nmap fails to scan under vista

On 19/12/2007 19:58, Castle, Shane wrote:
> Yes indeedy I have - they are usually installed by the Wednesday after
> (what, you mean you don't?!?).
Hell no!  I always give them a good coat of looking at...
I have now installed those updates presented to me and none caused any 
difference in SYN ping results...

jah
>   Looks like it's a good bet they broke
> nmap/winpcap.  WireShark works just fine, so it's not likely to be
> winpcap.
>
> (I know some folks hate top-posting but that's the way Outlook works; I
> have no choice, I must use it.)
>
> --
> Shane Castle
> GSEC GCIH
>
>
> -----Original Message-----
> From: nmap-dev-bounces () insecure org
> [mailto:nmap-dev-bounces () insecure org] On Behalf Of jah
> Sent: Wednesday, December 19, 2007 12:49
> To: Castle, Shane
> Cc: nmap-dev () insecure org
> Subject: Re: nmap fails to scan under vista
>
>
> On 19/12/2007 18:12, Castle, Shane wrote:
>   
> > Yes, 4.50 seems broken on WinXP/SP2 as well - all pings fail.
> >
> > I'm on an RFC1918 subnet at work, and using "nmap -sP 192.168.3.0/24"
> > fails similarly.
> >
> >   
> >     
> I'm not getting any problems with 4.50 using -sP on XPSP2 with winpcap 
> 4.02 from nmap or directly from CACE Technologies.  I haven't installed 
> microsoft patches for this month yet, have you?
>
> jah
>   
> > --
> > Shane Castle
> > GSEC GCIH
> >
> >
> > -----Original Message-----
> > From: nmap-dev-bounces () insecure org
> > [mailto:nmap-dev-bounces () insecure org] On Behalf Of bob
> > Sent: Wednesday, December 19, 2007 07:56
> > To: nmap-dev () insecure org
> > Subject: nmap fails to scan under vista
> >
> > Nmap fails to do a network scan i.e. a ping scan, SYN scan (haven't
> > tried
> > connect() scan). I think it plain fails to receive any packet. Have
> > tried
> > using UAC+Admin privileges.
> >
> > [nmap output deleted]
> >
> > I have nmap 4.50 installed and my vista is updated.
> >
> >
> > _______________________________________________
> > Sent through the nmap-dev mailing list
> > http://cgi.insecure.org/mailman/listinfo/nmap-dev
> > Archived at http://SecLists.Org
> >
> > --
> > This email has been verified as Virus free
> > Virus Protection and more available at http://www.plus.net
> >
> >   
> >     
>
> _______________________________________________
> Sent through the nmap-dev mailing list
> http://cgi.insecure.org/mailman/listinfo/nmap-dev
> Archived at http://SecLists.Org
>
> _______________________________________________
> Sent through the nmap-dev mailing list
> http://cgi.insecure.org/mailman/listinfo/nmap-dev
> Archived at http://SecLists.Org
>
> --
> This email has been verified as Virus free
> Virus Protection and more available at http://www.plus.net
>
>   

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org