Home page logo
/

nmap-dev logo Nmap Development mailing list archives

RE: nmap issue
From: "Rob Nicholls" <robert () everythingeverything co uk>
Date: Sat, 17 May 2008 15:32:46 +0100

-----Original Message-----
From: Gianluca Varenni [mailto:gianluca.varenni () gmail com]
Sent: 17 May 2008 00:16
To: Brandon Enright; Mike pattrick
Cc: nmap-dev () insecure org; bmenrigh () ucsd edu
Subject: Re: nmap issue
<snip>
if you set the driver npf.sys to start at boot time,
you solve the issue, as the driver is already up and running when 
nmap needs even with non fully elevated privileges (and I think 
this is what Wireshark does upon installation on Vista).

I've suggested this before when people have come across this issue, as it's
what I generally do when I've installed Nmap on Vista (as I like to keep UAC
enabled):

http://seclists.org/nmap-dev/2007/q4/0548.html

As Gianluca points out, this means you can run Nmap as a standard user
rather than restricting access to Administrators (or UAC nagging every time
Nmap is invoked), which I think is a lot nicer/cleaner.

I've previously suggested using the installer (which runs elevated) to set
the registry key to start WinPcap at bootup and then somehow (ideas??) load
the driver so that it's already up and running (to save the user from having
to restart their PC or run Nmap/Zenmap elevated in order to load the driver
immediately after installation):
 
http://seclists.org/nmap-dev/2007/q4/0553.html

I believe Wireshark uses the official WinPcap installer, but allows the user
to check a box to change the default registry key (presumably set once
WinPcap has installed itself with the default key value):

http://www.everythingeverything.co.uk/files/winpcap_services_checkbox.png

I quite like this option, perhaps this question could be added to the Nmap
Windows installer? I would hope that people using the zip file version of
Nmap either already have WinPcap installed or are sufficiently technical to
know about UAC/elevation/the registry setting.


Rob



_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]