Nmap Development mailing list archives
Re: Questions: interface names on win32
From: jah <jah () zadkiel plus com>
Date: Sat, 01 Dec 2007 04:38:29 +0000
David Fifield wrote:
I'm not sure, but I found this comment in libdnet-stripped/src/intf-win32.c: /* Next we must find the pcap device name corresponding to the device. The device description used to be compared with those from PacketGetAdapterNames(), but that was unrelaible because dnet and pcap sometimes give different descriptions. For example, dnet gave me "AMD PCNET Family PCI Ethernet Adapter - Packet Scheduler Miniport" for one of my adapters (in vmware), while pcap described it as "VMware Accelerated AMD PCNet Adapter (Microsoft's Packet Scheduler)". Plus, Packet* functions aren't really supported for external use by the WinPcap folks. So I have rewritten this to compare interface addresses (which has its own problems -- what if you want to listen an an interface with no IP address set?) --Fyodor */
On an XP machine (2K too, possibly Vista too?), it's possible to get the windows interface name from the registry: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{GUID}\Connection where GUID is the "PCAP" GUID. The string value "Name" is the Windows friendly name for the adapter There's a GUID for each connection under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\ this includes connections such as 1394 (firewire),wireless, bluetooth and dial-up. Not the loopback device.
Starting Nmap 4.23RC3 ( http://insecure.org ) at 2007-11-28 21:06 GMT Standard Time ************************INTERFACES************************ DEV (SHORT) IP/MASK TYPE UP MAC eth0 (eth0) 192.168.1.13/24 ethernet up 00:13:CE:8A:74:3C eth1 (eth1) 192.168.1.14/24 ethernet up 00:16:36:06:7D:16 lo0 (lo0) 127.0.0.1/8 loopback up DEV WINDEVICE eth1 \Device\NPF_{9E407963-4C68-4336-9008-3236DF509606} lo0 \Device\NPF_{08CFDE0B-16EF-4DBB-B93C-386AB69B65FF} Also, I observe that the wireless adapter doesn't have an entry under WINDEVICE....why's that?I don't know what that is. I saw that phenomenon in some of the Vista users' reports too.
Well, there's a thing - the WINDEVICE lo0 is actually the GUID for *eth0 - the wireless connection*. I can confirm that in both the registry and with wireshark. _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Questions: interface names on win32 jah (Nov 28)
- Re: Questions: interface names on win32 David Fifield (Nov 30)
- Re: Questions: interface names on win32 jah (Nov 30)
- Re: Questions: interface names on win32 David Fifield (Nov 30)