Nmap Development mailing list archives
Re: Nmap crash under Vista
From: "Gianluca Varenni" <gianluca.varenni () gmail com>
Date: Thu, 8 Nov 2007 16:01:33 -0800
Guys, I'd really like to understand what's going on here. First of all, as Rob pointed out, I don't understand the meaning of the output. It says it cannot open net0, but nmap --iflist lists only these WINDEVICEs
DEV WINDEVICE net2 \Device\NPF_{D744CB9D-F791-4C60-AA04-851443B57BD4} net3 \Device\NPF_{14EFA483-1F71-4688-BD5D-3880992943F5}
Also, I tried running nmap SOC7 (nmap 1.2.3.4 -vv) on a Vista machine with an Intel abgn card (4965), and it simply crashes. The call stack doesn't point to anything in winpcap. Have a nice day GV ----- Original Message ----- From: "Rob Nicholls" <robert () everythingeverything co uk> To: <nmap-dev () insecure org> Sent: Wednesday, October 31, 2007 4:32 PM Subject: RE: Nmap crash under Vista
Hi, I've done a little bit of research in my spare time after bob's original email about using nmap on Vista with a wireless network card, and it appears that nmap's failing because pcap can't open the wireless adapter (connect scans work okay). I've tried WinPcap 4.0.1 with SOC7 and the latest WinPcap beta (4.1) with SOC8, and I get the same error. I get an error in 4.11 too, but it complains immediately about getinterfaces, rather than failing to open the adapter:nmap 192.168.1.13 -vvStarting Nmap 4.11 ( http://www.insecure.org/nmap ) at 2007-10-24 23:57 GMT Dayl ight Time getinterfaces: intf_loop() failed QUITTING!nmap 192.168.1.13 -vvStarting Nmap 4.22SOC7 ( http://insecure.org ) at 2007-10-24 23:57 GMT Daylight Time Initiating Ping Scan at 23:57 Scanning 192.168.1.13 [2 ports] pcap_open_live(net0, 100, 0, 2) FAILED. Reported error: Error opening adapter: T he system cannot find the device specified. (20). Will wait 5 seconds then retr y.nmap 192.168.1.13 -vv -P0If I avoid using WinPcap, it's able to perform the scan:nmap 192.168.1.13 -vv -P0 -sTStarting Nmap 4.22SOC7 ( http://insecure.org ) at 2007-10-25 00:01 GMT Daylight Time Initiating Parallel DNS resolution of 1 host. at 00:01 Completed Parallel DNS resolution of 1 host. at 00:01, 0.07s elapsed Initiating Connect Scan at 00:01 Scanning 192.168.1.13 [1705 ports] Discovered open port 3389/tcp on 192.168.1.13 Discovered open port 139/tcp on 192.168.1.13 Connect Scan Timing: About 12.04% done; ETC: 00:05 (0:03:39 remaining) Increasing send delay for 192.168.1.13 from 0 to 5 due to 11 out of 13 dropped p robes since last increase. Discovered open port 135/tcp on 192.168.1.13 Discovered open port 445/tcp on 192.168.1.13 Completed Connect Scan at 00:04, 156.59s elapsed (1705 total ports) Host 192.168.1.13 appears to be up ... good. Interesting ports on 192.168.1.13: Not shown: 1701 filtered ports PORT STATE SERVICE 135/tcp open msrpc 139/tcp open netbios-ssn 445/tcp open microsoft-ds 3389/tcp open ms-term-serv So it looks like anything that relies upon WinPcap is failing on Vista, I'm not sure why, but it looks like it's having trouble with the interface. I initially got weird behaviour using --iflist (this may just be a coincidence?), but after disabling all of the other network adapters (LAN, a couple of VMWare ones), SOC7 then presented the wireless interface. NB: I still get the intf_loop() error in 4.11.nmap --iflistStarting Nmap 4.22SOC7 ( http://insecure.org ) at 2007-10-25 00:24 GMT Daylight Time ************************INTERFACES************************ DEV (SHORT) IP/MASK TYPE UP MAC net0 (net0) (null)/0 other down eth0 (eth0) (null)/0 ethernet up D0:84:20:52:41:53 eth1 (eth1) (null)/0 ethernet up D0:84:20:52:41:53 eth2 (eth2) (null)/0 ethernet up D0:84:20:52:41:53 eth3 (eth3) (null)/0 ethernet up D0:84:20:52:41:53 eth4 (eth4) (null)/0 ethernet down 00:19:B9:7F:5E:39 eth5 (eth5) (null)/0 ethernet down 00:1A:6B:3E:59:93 eth6 (eth6) (null)/0 ethernet down 00:50:56:C0:00:01 eth7 (eth7) (null)/0 ethernet down 00:50:56:C0:00:08 eth8 (eth8) (null)/0 ethernet down 00:1A:6B:3E:59:93 ppp0 (ppp0) (null)/0 other up ppp1 (ppp1) (null)/0 other up lo0 (lo0) 127.0.0.1/8 loopback up net0 (net0) 192.168.1.14/24 other up net1 (net1) (null)/0 other up net2 (net2) (null)/0 other up net0 (net0) (null)/0 other up net1 (net1) (null)/0 other up net2 (net2) (null)/0 other up net3 (net3) (null)/0 other up DEV WINDEVICE net2 \Device\NPF_{D744CB9D-F791-4C60-AA04-851443B57BD4} net3 \Device\NPF_{14EFA483-1F71-4688-BD5D-3880992943F5} **************************ROUTES************************** DST/MASK DEV GATEWAY 192.168.1.14/32 net0 192.168.1.14 255.255.255.255/32 lo0 127.0.0.1 127.0.0.1/32 lo0 127.0.0.1 127.255.255.255/32 lo0 127.0.0.1 192.168.1.255/32 net0 192.168.1.14 255.255.255.255/32 net0 192.168.1.14 192.168.1.0/0 net0 192.168.1.14 127.0.0.0/0 lo0 127.0.0.1 224.0.0.0/0 net0 192.168.1.14 224.0.0.0/0 lo0 127.0.0.1 0.0.0.0/0 net0 192.168.1.1 You might have spotted that net0 seems to be listed as both down (on the first line, no IP) and up (with an IP address) further down the list. After re-enabling all the network adapters, I still got all of the interfaces listed correctly in SOC7. I can see a device labelled "Microsoft" (Microsoft: \Device\NPF_{14EFA483-1F71-4688-BD5D-3880992943F5}) in Wireshark, which has the right IP address and is showing packets being captured and suggests WinPcap/Wireshark is coping with Vista's presentation of the wireless card (which, IIRC, is different to how it's presented under XP/2003). The odd thing is the device's ID appears to be that of "net3" in nmap's --iflist output, which doesn't have an IP address assigned to it. Trying to force it to use net0 (or net1-3), in a last ditch attempt to fool it into using the one that's up, doesn't appear to work either. Does anyone have any other ideas/suggestions I can try? If any fixes are committed to SVN, I'm quite happy to compile and test it whenever I've got a few spare minutes. Rob _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Nmap crash under Vista bob (Oct 23)
- Re: Nmap crash under Vista Rob Nicholls (Oct 23)
- <Possible follow-ups>
- RE: Nmap crash under Vista Rob Nicholls (Oct 31)
- Re: Nmap crash under Vista Gianluca Varenni (Nov 01)
- Re: Nmap crash under Vista Gianluca Varenni (Nov 08)