Nmap Development mailing list archives
RE: nmap fails to scan under vista
From: "Rob Nicholls" <robert () everythingeverything co uk>
Date: Thu, 20 Dec 2007 04:19:47 -0000
I haven't spotted any -sP problems with 4.50 on either XP or Vista (I get replies from hosts that I know have ping enabled). I can run bob's command without any trouble, on Vista against my local LAN (ARP Ping) and against hosts across the internet, and on XP against scanme.nmap.org. My systems are fully patched, although one Vista machine appeared to still be running WinPcap 4.0.0 (it doesn't appear to act any differently to Vista with WinPcap 4.0.2). Microsoft's patches this month only affected: MS07-063: vulnerability in SMBv2 MS07-064: two vulnerabilities in Microsoft DirectX MS07-065: vulnerability in Message Queuing (incorrectly validates input strings before passing the strings to a buffer) MS07-066: vulnerability in Windows Kernel (Windows Advanced Local Procedure Call improperly validates certain conditions in legacy reply paths) MS07-067: vulnerability in Macrovision Driver MS07-068: vulnerability in Windows Media File Format MS07-069: security update for Internet Explorer So it's unlikely those patches would affect nmap/WinPcap. All but two of them address specific problems in applications/services that AFAIK aren't at all related to nmap/WinPcap. As for the remaining two: the Windows Kernel one only affects Vista, and the Message Queuing one only affects 2000 and XP (2003 and Vista are unaffected). I'm assuming that the correct response is seen when running ping scanme.nmap.org
From the Windows Command Prompt.
If Wireshark really does work fine, it'd be interesting to know if you can see a response come back in Wireshark when running -sP in nmap and if the packet trace differs in nmap (i.e. it doesn't spot the response that you see in Wireshark). Rob -----Original Message----- From: jah [mailto:jah () zadkiel plus com] Sent: 20 December 2007 01:51 To: Castle, Shane Cc: nmap-dev () insecure org Subject: Re: nmap fails to scan under vista On 19/12/2007 19:58, Castle, Shane wrote:
Yes indeedy I have - they are usually installed by the Wednesday after (what, you mean you don't?!?).
Hell no! I always give them a good coat of looking at... I have now installed those updates presented to me and none caused any difference in SYN ping results... jah
Looks like it's a good bet they broke nmap/winpcap. WireShark works just fine, so it's not likely to be winpcap. (I know some folks hate top-posting but that's the way Outlook works; I have no choice, I must use it.) -- Shane Castle GSEC GCIH -----Original Message----- From: nmap-dev-bounces () insecure org [mailto:nmap-dev-bounces () insecure org] On Behalf Of jah Sent: Wednesday, December 19, 2007 12:49 To: Castle, Shane Cc: nmap-dev () insecure org Subject: Re: nmap fails to scan under vista On 19/12/2007 18:12, Castle, Shane wrote:Yes, 4.50 seems broken on WinXP/SP2 as well - all pings fail. I'm on an RFC1918 subnet at work, and using "nmap -sP 192.168.3.0/24" fails similarly.I'm not getting any problems with 4.50 using -sP on XPSP2 with winpcap 4.02 from nmap or directly from CACE Technologies. I haven't installed microsoft patches for this month yet, have you? jah-- Shane Castle GSEC GCIH -----Original Message----- From: nmap-dev-bounces () insecure org [mailto:nmap-dev-bounces () insecure org] On Behalf Of bob Sent: Wednesday, December 19, 2007 07:56 To: nmap-dev () insecure org Subject: nmap fails to scan under vista Nmap fails to do a network scan i.e. a ping scan, SYN scan (haven't tried connect() scan). I think it plain fails to receive any packet. Have tried using UAC+Admin privileges. [nmap output deleted] I have nmap 4.50 installed and my vista is updated. _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org -- This email has been verified as Virus free Virus Protection and more available at http://www.plus.net_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org -- This email has been verified as Virus free Virus Protection and more available at http://www.plus.net
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- nmap fails to scan under vista bob (Dec 19)
- RE: nmap fails to scan under vista Castle, Shane (Dec 19)
- RE: nmap fails to scan under vista Castle, Shane (Dec 19)
- Re: nmap fails to scan under vista jah (Dec 19)
- RE: nmap fails to scan under vista Castle, Shane (Dec 19)
- Re: nmap fails to scan under vista jah (Dec 19)
- RE: nmap fails to scan under vista Rob Nicholls (Dec 19)
- RE: nmap fails to scan under vista Castle, Shane (Dec 20)
- RE: nmap fails to scan under vista Rob Nicholls (Dec 20)
- RE: nmap fails to scan under vista Castle, Shane (Dec 19)