Nmap Development mailing list archives

Re: Questions: interface names on win32

From: jah <jah () zadkiel plus com>
Date: Sat, 01 Dec 2007 04:38:29 +0000

David Fifield wrote:


I'm not sure, but I found this comment in libdnet-stripped/src/intf-win32.c:

/* Next we must find the pcap device name corresponding to the device.
   The device description used to be compared with those from
   PacketGetAdapterNames(), but that was unrelaible because dnet and
   pcap sometimes give different descriptions.  For example, dnet gave
   me "AMD PCNET Family PCI Ethernet Adapter - Packet Scheduler
   Miniport" for one of my adapters (in vmware), while pcap described it
   as "VMware Accelerated AMD PCNet Adapter (Microsoft's Packet
   Scheduler)". Plus, Packet* functions aren't really supported for
   external use by the WinPcap folks.  So I have rewritten this to
   compare interface addresses (which has its own problems -- what if
   you want to listen an an interface with no IP address set?) --Fyodor */

On an XP machine (2K too, possibly Vista too?), it's possible to get the 
windows interface name from the registry:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{GUID}\Connection

where GUID is the "PCAP" GUID.
The string value "Name" is the Windows friendly name for the adapter
There's a GUID for each connection under
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\
this includes connections such as 1394 (firewire),wireless, bluetooth 
and dial-up.  Not the loopback device.

Starting Nmap 4.23RC3 ( http://insecure.org ) at 2007-11-28 21:06 GMT 
Standard Time
************************INTERFACES************************
DEV  (SHORT) IP/MASK         TYPE     UP MAC
eth0 (eth0)  192.168.1.13/24 ethernet up 00:13:CE:8A:74:3C
eth1 (eth1)  192.168.1.14/24 ethernet up 00:16:36:06:7D:16
lo0  (lo0)   127.0.0.1/8     loopback up

DEV  WINDEVICE
eth1 \Device\NPF_{9E407963-4C68-4336-9008-3236DF509606}
lo0  \Device\NPF_{08CFDE0B-16EF-4DBB-B93C-386AB69B65FF}

Also, I observe that the wireless adapter doesn't have an entry under 
WINDEVICE....why's that?


I don't know what that is. I saw that phenomenon in some of the Vista
users' reports too.

Well, there's a thing - the WINDEVICE lo0 is actually the GUID for *eth0 
- the wireless connection*.  I can confirm that in both the registry and 
with wireshark.


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org

Current thread:

Questions: interface names on win32 jah (Nov 28)
- Re: Questions: interface names on win32 David Fifield (Nov 30)
  - Re: Questions: interface names on win32 jah (Nov 30)