Nmap Development mailing list archives

Re: Best practice for adding self-scan support for nmap

From: Fyodor <fyodor () nmap org>
Date: Wed, 22 Jul 2015 16:20:42 -0700

On Tue, Jul 21, 2015 at 1:34 AM, 食肉大灰兔V5 <hsluoyz () gmail com> wrote:



As Npcap's loopback capture feature has become stable after several rounds
of bug fixes.


Hi Yang.  It's great to see Npcap continuing to improve!

I think it's time to discuss about how to integrate it with Nmap to let
Nmap to be able to scan Windows localhost.


One option we talked about is to potentially focus on Nping first, since it
is a bit simpler and easier to do little tests like just sending a single
packet and trying to read the response.  And yet it mostly uses the same
low-level packet infrastructure as Nmap, so once Nping is working, Nmap
will be easier.

(The latest Npcap installer:
https://svn.nmap.org/nmap-exp/yang/NPcap-LWF/npcap-nmap-0.01-r2.exe)


Hi Yang.  It's great to see Npcap continuing to improve!

1) Nmap checked Npcap's software registry key when start, get the "Npcap

Loopback Adapter"'s value, it the value exists, then we believe Npcap
loopback feature is available by setting the global variable
g_has_npcap_loopback to true.

2) Use Microsoft Detours API to hook the functions in IP Helper API (like
GetAdaptersAddresses() function, it returns interface list to Nmap),
substitute the useless "Loopback Pseudo-Interface 1" with  "Npcap Loopback
Adapter". I think hooking IP Helper API is better than messing with Nmap's
code because: i. Make loopback deception loose couple with Nmap so it won't
let Nmap code be too messed up. ii. It's easier to let Npcap to support
other applications as they only need to import the detours code.


We should talk more about this.  I have some concerns about the "detours"
approach since I think it can be confusing to change the behavior of
certain system API calls which people expect to work in a certain way.
Also, we already have a bunch of special code in Nmap to deal with matching
IP Helper API interface lists with WinPcap lists.  So I think we may want
to just modify that code.  But I haven't looked at it really closely
lately, so this is just my somewhat off-the-cuff reaction.

Cheers,
Fyodor

_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/

Current thread:

Best practice for adding self-scan support for nmap 食肉大灰兔V5 (Jul 21)
- Re: Best practice for adding self-scan support for nmap Fyodor (Jul 22)