Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Why Nping couldn't see loopback packet replies using Npcap?

From: 食肉大灰兔V5 <hsluoyz () gmail com>
Date: Sat, 15 Aug 2015 21:44:20 +0800
Hi list,

I have finished the loopback packet capture and sending feature in Npcap
0.04 version. And I modified Nping to adapt to Npcap, as original Nping (or
Nmap) will refuse to be used on Windows localhost.

I found that Nping can send out correct ICMP packets using "nping
127.0.0.1" command, while it can't see the ICMP reply packets, as the
output below:
------------------------------------------------------------------------------------------
J:\nmap\Nping\Debug>nping 127.0.0.1

Starting Nping 0.6.49SVN ( http://nmap.org/nping ) at 2015-08-15 21:23
China Standard Time
SENT (0.7100s) ICMP [127.0.0.1 > 127.0.0.1 Echo request (type=8/code=0)
id=20275 seq=1] IP [ttl=64 id=943 iplen=28 ]
SENT (1.9370s) ICMP [127.0.0.1 > 127.0.0.1 Echo request (type=8/code=0)
id=20275 seq=2] IP [ttl=64 id=943 iplen=28 ]
SENT (2.9380s) ICMP [127.0.0.1 > 127.0.0.1 Echo request (type=8/code=0)
id=20275 seq=3] IP [ttl=64 id=943 iplen=28 ]
SENT (3.9400s) ICMP [127.0.0.1 > 127.0.0.1 Echo request (type=8/code=0)
id=20275 seq=4] IP [ttl=64 id=943 iplen=28 ]
SENT (4.9400s) ICMP [127.0.0.1 > 127.0.0.1 Echo request (type=8/code=0)
id=20275 seq=5] IP [ttl=64 id=943 iplen=28 ]

Max rtt: N/A | Min rtt: N/A | Avg rtt: N/A
Raw packets sent: 5 (210B) | Rcvd: 0 (0B) | Lost: 5 (100.00%)
Nping done: 1 IP address pinged in 5.94 seconds
------------------------------------------------------------------------------------------

I have debugged Nping, and found that *probe_nping_event_handler* function
in /nping/ProbeMode.cc was called with status=*NSE_STATUS_TIMEOUT* and type=
*NSE_TYPE_PCAP_READ*, as nse_readpcap is only called when
status=NSE_STATUS_SUCCESS, so ICMP replies are not handled. However, I
don't think the reply packets are out of time. And I don't know what the
real reason is.

I know Npcap driver has sent and captured the loopback packets in the right
way, as I can see the ICMP requests and replies in Wireshark and WinDump.
And the reply packet data are valid. As other softwares have seen the
replies, so there's no much reason that Nping couldn't.

So does anyone know what could possibly cause this issue?


The latest Npcap installer is:
https://svn.nmap.org/nmap-exp/yang/NPcap-LWF/npcap-nmap-0.04.exe

The Npcap source is:
https://github.com/nmap/npcap

The Nping modified to be able to use loopback in Windows:
https://svn.nmap.org/nmap-exp/yang/nmap-npcap/nping/


Cheers,
Yang

_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: