Home page logo
/

nmap-dev logo Nmap Development mailing list archives

RE: nmap fails to scan under vista
From: "Rob Nicholls" <robert () everythingeverything co uk>
Date: Thu, 20 Dec 2007 04:19:47 -0000

I haven't spotted any -sP problems with 4.50 on either XP or Vista (I get
replies from hosts that I know have ping enabled). I can run bob's command
without any trouble, on Vista against my local LAN (ARP Ping) and against
hosts across the internet, and on XP against scanme.nmap.org. My systems are
fully patched, although one Vista machine appeared to still be running
WinPcap 4.0.0 (it doesn't appear to act any differently to Vista with
WinPcap 4.0.2).

Microsoft's patches this month only affected:
MS07-063: vulnerability in SMBv2 
MS07-064: two vulnerabilities in Microsoft DirectX 
MS07-065: vulnerability in Message Queuing (incorrectly validates input
strings before passing the strings to a buffer)
MS07-066: vulnerability in Windows Kernel (Windows Advanced Local Procedure
Call improperly validates certain conditions in legacy reply paths)
MS07-067: vulnerability in Macrovision Driver
MS07-068: vulnerability in Windows Media File Format 
MS07-069: security update for Internet Explorer

So it's unlikely those patches would affect nmap/WinPcap. All but two of
them address specific problems in applications/services that AFAIK aren't at
all related to nmap/WinPcap. As for the remaining two: the Windows Kernel
one only affects Vista, and the Message Queuing one only affects 2000 and XP
(2003 and Vista are unaffected).

I'm assuming that the correct response is seen when running

ping scanme.nmap.org

From the Windows Command Prompt.

If Wireshark really does work fine, it'd be interesting to know if you can
see a response come back in Wireshark when running -sP in nmap and if the
packet trace differs in nmap (i.e. it doesn't spot the response that you see
in Wireshark).


Rob


-----Original Message-----
From: jah [mailto:jah () zadkiel plus com] 
Sent: 20 December 2007 01:51
To: Castle, Shane
Cc: nmap-dev () insecure org
Subject: Re: nmap fails to scan under vista

On 19/12/2007 19:58, Castle, Shane wrote:
Yes indeedy I have - they are usually installed by the Wednesday after
(what, you mean you don't?!?).
Hell no!  I always give them a good coat of looking at...
I have now installed those updates presented to me and none caused any 
difference in SYN ping results...

jah
  Looks like it's a good bet they broke
nmap/winpcap.  WireShark works just fine, so it's not likely to be
winpcap.

(I know some folks hate top-posting but that's the way Outlook works; I
have no choice, I must use it.)

--
Shane Castle
GSEC GCIH


-----Original Message-----
From: nmap-dev-bounces () insecure org
[mailto:nmap-dev-bounces () insecure org] On Behalf Of jah
Sent: Wednesday, December 19, 2007 12:49
To: Castle, Shane
Cc: nmap-dev () insecure org
Subject: Re: nmap fails to scan under vista


On 19/12/2007 18:12, Castle, Shane wrote:
  
Yes, 4.50 seems broken on WinXP/SP2 as well - all pings fail.

I'm on an RFC1918 subnet at work, and using "nmap -sP 192.168.3.0/24"
fails similarly.

  
    
I'm not getting any problems with 4.50 using -sP on XPSP2 with winpcap 
4.02 from nmap or directly from CACE Technologies.  I haven't installed 
microsoft patches for this month yet, have you?

jah
  
--
Shane Castle
GSEC GCIH


-----Original Message-----
From: nmap-dev-bounces () insecure org
[mailto:nmap-dev-bounces () insecure org] On Behalf Of bob
Sent: Wednesday, December 19, 2007 07:56
To: nmap-dev () insecure org
Subject: nmap fails to scan under vista

Nmap fails to do a network scan i.e. a ping scan, SYN scan (haven't
tried
connect() scan). I think it plain fails to receive any packet. Have
tried
using UAC+Admin privileges.

[nmap output deleted]

I have nmap 4.50 installed and my vista is updated.


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org

--
This email has been verified as Virus free
Virus Protection and more available at http://www.plus.net

  
    


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org

--
This email has been verified as Virus free
Virus Protection and more available at http://www.plus.net

  


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]