Nmap Development mailing list archives
Why Nping couldn't see loopback packet replies using Npcap?
From: 食肉大灰兔V5 <hsluoyz () gmail com>
Date: Sat, 15 Aug 2015 21:44:20 +0800
Hi list, I have finished the loopback packet capture and sending feature in Npcap 0.04 version. And I modified Nping to adapt to Npcap, as original Nping (or Nmap) will refuse to be used on Windows localhost. I found that Nping can send out correct ICMP packets using "nping 127.0.0.1" command, while it can't see the ICMP reply packets, as the output below: ------------------------------------------------------------------------------------------ J:\nmap\Nping\Debug>nping 127.0.0.1 Starting Nping 0.6.49SVN ( http://nmap.org/nping ) at 2015-08-15 21:23 China Standard Time SENT (0.7100s) ICMP [127.0.0.1 > 127.0.0.1 Echo request (type=8/code=0) id=20275 seq=1] IP [ttl=64 id=943 iplen=28 ] SENT (1.9370s) ICMP [127.0.0.1 > 127.0.0.1 Echo request (type=8/code=0) id=20275 seq=2] IP [ttl=64 id=943 iplen=28 ] SENT (2.9380s) ICMP [127.0.0.1 > 127.0.0.1 Echo request (type=8/code=0) id=20275 seq=3] IP [ttl=64 id=943 iplen=28 ] SENT (3.9400s) ICMP [127.0.0.1 > 127.0.0.1 Echo request (type=8/code=0) id=20275 seq=4] IP [ttl=64 id=943 iplen=28 ] SENT (4.9400s) ICMP [127.0.0.1 > 127.0.0.1 Echo request (type=8/code=0) id=20275 seq=5] IP [ttl=64 id=943 iplen=28 ] Max rtt: N/A | Min rtt: N/A | Avg rtt: N/A Raw packets sent: 5 (210B) | Rcvd: 0 (0B) | Lost: 5 (100.00%) Nping done: 1 IP address pinged in 5.94 seconds ------------------------------------------------------------------------------------------ I have debugged Nping, and found that *probe_nping_event_handler* function in /nping/ProbeMode.cc was called with status=*NSE_STATUS_TIMEOUT* and type= *NSE_TYPE_PCAP_READ*, as nse_readpcap is only called when status=NSE_STATUS_SUCCESS, so ICMP replies are not handled. However, I don't think the reply packets are out of time. And I don't know what the real reason is. I know Npcap driver has sent and captured the loopback packets in the right way, as I can see the ICMP requests and replies in Wireshark and WinDump. And the reply packet data are valid. As other softwares have seen the replies, so there's no much reason that Nping couldn't. So does anyone know what could possibly cause this issue? The latest Npcap installer is: https://svn.nmap.org/nmap-exp/yang/NPcap-LWF/npcap-nmap-0.04.exe The Npcap source is: https://github.com/nmap/npcap The Nping modified to be able to use loopback in Windows: https://svn.nmap.org/nmap-exp/yang/nmap-npcap/nping/ Cheers, Yang
_______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Why Nping couldn't see loopback packet replies using Npcap? 食肉大灰兔V5 (Aug 15)