Nmap Development mailing list archives

Npcap 0.04-r2 & Nmap for Npcap r35081 Call for test

From: 食肉大灰兔V5 <hsluoyz () gmail com>
Date: Mon, 17 Aug 2015 18:14:39 +0800

Hi list,

Now Npcap 0.04 can be used to capture and send loopback packets on Windows
now. And I have finished the Nmap modification part to be able to use this
feature. This means that, we can use commands like "nmap -v -A 127.0.0.1"
or "nping 127.0.0.1" on Windows now. I have seen several questions about
this on the list, so I think it's worth solving. And IMO this should be the
most important feature I have added for this GSoC:)

According to plan, next version Nmap will attempt to integrate this feature
together with Npcap. So I'd like to have it tested here before submitting
it to trunk.

The test steps are:
1) Download the prebuilt binaries or compile it from source, you will get
nmap.exe, ncat.exe and nping.exe, use them standalone or copy them to your
Nmap installation folder.
2) Install Npcap (latest version is 0.04-r2), uninstall WinPcap first if
you have it installed. Just click "Next"s and don't change any options if
you don't know what it means.
3) Test Nmap for Npcap and Npcap 0.04-r2 in any way you want, like entering
"nmap -v -A 127.0.0.1" or "nping 127.0.0.1".

Npcap supported systems:
Windows 7, Windows 8 and Windows 10 (and their server editions)

Nmap for Npcap prebuilt binaries: (latest version is r35081)
https://svn.nmap.org/nmap-exp/yang/nmap-npcap_compiled_binaries/r35081/

Nmap for Npcap source:
https://svn.nmap.org/nmap-exp/yang/nmap-npcap/

Npcap prebuilt installer: (latest version is 0.04-r2)
https://svn.nmap.org/nmap-exp/yang/NPcap-LWF/npcap-nmap-0.04-r2.exe

Npcap source:
https://github.com/nmap/npcap


Here I pasted my output for "nmap -v -A 127.0.0.1" command, BTW my host is
Win10 x64, with VMware Workstation 11 installed. So the output seems to be
correct.

-----------------------------------------------------------------------------------------------
J:\nmap\mswin32\Release>nmap -v -A 127.0.0.1

Starting Nmap 6.49SVN ( http://nmap.org ) at 2015-08-17 17:51 China
Standard Time
Using NPF service for packet capturing and sending
NSE: Loaded 123 scripts for scanning.
NSE: Script Pre-scanning.
Initiating NSE at 17:51
Completed NSE at 17:51, 0.00s elapsed
Initiating NSE at 17:51
Completed NSE at 17:51, 0.00s elapsed
mass_dns: warning: Unable to determine any DNS servers. Reverse DNS is
disabled. Try using --system-dns or specify valid servers with --dns-servers
Initiating SYN Stealth Scan at 17:51
Scanning 127.0.0.1 [1000 ports]
Discovered open port 445/tcp on 127.0.0.1
Discovered open port 443/tcp on 127.0.0.1
Discovered open port 135/tcp on 127.0.0.1
Discovered open port 912/tcp on 127.0.0.1
Discovered open port 2869/tcp on 127.0.0.1
Discovered open port 6000/tcp on 127.0.0.1
Discovered open port 902/tcp on 127.0.0.1
Completed SYN Stealth Scan at 17:51, 0.49s elapsed (1000 total ports)
Initiating Service scan at 17:51
Scanning 7 services on 127.0.0.1
Completed Service scan at 17:51, 12.03s elapsed (7 services on 1 host)
Initiating OS detection (try #1) against 127.0.0.1
Retrying OS detection (try #2) against 127.0.0.1
NSE: Script scanning 127.0.0.1.
Initiating NSE at 17:51
Completed NSE at 17:52, 33.68s elapsed
Initiating NSE at 17:52
Completed NSE at 17:52, 0.01s elapsed
Nmap scan report for 127.0.0.1
Host is up (0.000021s latency).
Not shown: 993 closed ports
PORT     STATE SERVICE         VERSION
135/tcp  open  msrpc           Microsoft Windows RPC
443/tcp  open  ssl/http        VMware VirtualCenter Web service
| http-cisco-anyconnect:
|_  ERROR: Not a Cisco ASA or unsupported version
|_http-methods: No Allow or Public header in OPTIONS response (status code
501)
|_http-title: Site doesn't have a title (text; charset=plain).
| ssl-cert: Subject: commonName=VMware/countryName=US
| Issuer: commonName=VMware/countryName=US
| Public Key type: rsa
| Public Key bits: 2048
| Signature Algorithm: sha256WithRSAEncryption
| Not valid before: 2015-08-02T07:28:43
| Not valid after:  2016-08-01T07:28:43
| MD5:   5bfd 1fb6 6d50 3402 113b 8f63 c585 de60
|_SHA-1: eeab 6f10 fa79 17b1 944a ba8c 3a60 21cf 09ac 201a
|_ssl-date: TLS randomness does not represent time
445/tcp  open  microsoft-ds    (primary domain: WORKGROUP)
902/tcp  open  ssl/vmware-auth VMware Authentication Daemon 1.10 (Uses VNC,
SOAP)
912/tcp  open  vmware-auth     VMware Authentication Daemon 1.0 (Uses VNC,
SOAP)
2869/tcp open  http            Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
|_http-methods: No Allow or Public header in OPTIONS response (status code
503)
|_http-server-header: Microsoft-HTTPAPI/2.0
|_http-title: Service Unavailable
6000/tcp open  X11?
|_x11-access: ERROR: Script execution failed (use -d to debug)
1 service unrecognized despite returning data. If you know the
service/version, please submit the following fingerprint at
https://nmap.org/cgi-bin/submit.cgi?new-service :
SF-Port445-TCP:V=6.49SVN%I=7%D=8/17%Time=55D1AEAB%P=i686-pc-windows-window
SF:s%r(SMBProgNeg,7B,"\0\0\0w\xffSMBr\0\0\0\0\x88\x01@\0\0\0\0\0\0\0\0\0\0
SF:\0\0\0\0@\x06\0\0\x01\0\x11\x07\0\x032\0\x01\0\x04\x11\0\0\0\0\x01\0\0\
SF:0\0\0\xfc\xe3\x01\0\xaa\xa63M\xd2\xd8\xd0\x01\x20\xfe\x082\0\x203\xf4\x
SF:9d\xb4\xb4\xff\xf9W\0O\0R\0K\0G\0R\0O\0U\0P\0\0\0A\0K\0I\0S\0N\x000\0W\
SF:0-\0P\0C\0\0\0");
Device type: general purpose
Running (JUST GUESSING): Microsoft Windows Vista|7|8.1|2008|10|Longhorn
(92%)
OS CPE: cpe:/o:microsoft:windows_vista cpe:/o:microsoft:windows_7::sp1
cpe:/o:microsoft:windows_8.1 cpe:/o:microsoft:windows_server_2008
cpe:/o:microsoft:windows cpe:/o:microsoft:windows_8
Aggressive OS guesses: Microsoft Windows Vista, Windows 7 SP1, or Windows
8.1 Update 1 (92%), Microsoft Windows Vista (92%), Microsoft Windows 7 SP0
- SP1 (91%), Microsoft Windows 7 Professional SP1 (91%), Microsoft Windows
7 SP1 (91%), Version 6.1 (Build 7601: Service Pack 1) (90%), Microsoft
Windows Vista SP1 - SP2, Windows Server 2008 SP2, or Windows 7 (90%),
Microsoft Windows Vista SP2 or Windows 7 Ultimate SP0 - SP1 (88%),
Microsoft Windows 7 (88%), Windows 7 Professional SP1 (87%)
No exact OS matches for host (test conditions non-ideal).
Uptime guess: 0.050 days (since Mon Aug 17 16:40:59 2015)
Network Distance: 0 hops
TCP Sequence Prediction: Difficulty=261 (Good luck!)
IP ID Sequence Generation: Incrementing by 2
Service Info: Host: AKISN0W-PC; OS: Windows; CPE: cpe:/o:microsoft:windows

Host script results:
| smb-os-discovery:
|   OS: Windows 10 Pro 10240 (Windows 10 Pro 6.3)
|   NetBIOS computer name: AKISN0W-PC
|   Workgroup: WORKGROUP
|_  System time: 2015-08-17T17:51:49+08:00
| smb-security-mode:
|   account_used: guest
|   authentication_level: user
|   challenge_response: supported
|_  message_signing: disabled (dangerous, but default)
|_smbv2-enabled: Server supports SMBv2 protocol

NSE: Script Post-scanning.
Initiating NSE at 17:52
Completed NSE at 17:52, 0.01s elapsed
Initiating NSE at 17:52
Completed NSE at 17:52, 0.00s elapsed
Read data files from: J:\nmap\mswin32\Release
OS and Service detection performed. Please report any incorrect results at
https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 59.01 seconds
           Raw packets sent: 1038 (48.804KB) | Rcvd: 2081 (88.996KB)
-----------------------------------------------------------------------------------------------

[image: Inline image 1]


Cheers,
Yang

_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/

Current thread:

Npcap 0.04-r2 & Nmap for Npcap r35081 Call for test 食肉大灰兔V5 (Aug 17)
- Re: Npcap 0.04-r2 & Nmap for Npcap r35081 Call for test 食肉大灰兔V5 (Aug 18)