Nmap Development mailing list archives
RE: npcap horror story
From: "Rob Nicholls" <robert () robnicholls co uk>
Date: Thu, 28 Jul 2016 21:00:32 +0100
Hi Mike, Yang, I appreciate this may not be particularly helpful, but I’ve yet to encounter any issues on Windows 7 using Npcap. I did briefly have similar issues with lo0 on a Windows 8 VM, but this was resolved after restarting Windows and reinstalling Npcap. I haven’t had any issues on any other Windows system, both native installs and virtual machines, while using the default installation settings. The most exotic setup I’ve used so far has been a laptop running a fully patched Windows 7 Pro x64 with Intel wired and wireless adapters, a VirtualBox Host-Only Network virtual adapter, and a Check Point Virtual Network Adapter (used by SecuRemote). The Intel Ethernet adapter was even configured with a dozen virtual interfaces as I’d configured multiple VLANs. Most of the scans were performed with only about 4 adapters enabled. The host also had commercial anti-virus software installed. I’ve run multiple scans, against 1 host through to scanning 40 hosts, performing default and full TCP and UDP scans. I’ve also run scans against 127.0.0.1. The host also had WinPcap installed, and Wireshark still worked fine. Npcap with NMAP 7.25BETA1 has worked fine for me all week. I’ve also built a Windows 7 Enterprise x86 VM (no Service Pack, no patches), installed Nmap and Npcap, and run a few scans. Again, I’ve not experienced any issues (other than Zenmap doesn’t show its icon in the shortcut for some reason). After installing Nmap and Npcap I opened up the Command Prompt and ran “nmap 127.0.0.1 -vv -A” and got back expected results after 95 seconds. An almost identical scan against one of my own servers on the Internet gave expected results after 66 seconds. The Npcap local loopback interface on both Windows 7 systems showed a 10.0Mbps connection (with an autoconfig IP). I do see the LoopbackAdapter registry keys (with valid values). If you don’t have the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\npcap\LoopbackAdapter then something is presumably going wrong during the installation of Npcap (especially as it looks like it copies the key from Software\Npcap to the Services\npcap key). Yang, from skim reading the Npcap NSIS file, it looks like the first key is created by either NPFInstall.exe or NPFInstall2.exe, which are called a few times using ExecWait. I don’t see any checks after the file’s executed, other than whether the ExecWait of the executable returns “0”. The installer itself doesn’t seem to do much error checking at times. Is it possible to check within the installer, or perhaps in the NSIS script, that all of the actions have been performed at each step, and produce any detailed error messages if something has gone wrong during the installation? I mostly see a series of Extract and Execute lines interspersed with a few lines such as “Writing service options to registry”, but presumably we don’t check a valid registry value is present otherwise Mike would have seen an error during installation if his registry keys are missing. If I could replicate Mike’s original issues I’d be happy to help Yang debug the problem, but at the moment it looks like something specific to Mike’s particular system. Mike, I see a similar “Error in OpenService” message twice if I run Nmap 7.25BETA1 after deleting the npcap service on my clean Windows 7 test VM. If I subsequently install WinPcap I only get the error message once. I presume the error occurs once checking for the npcap service and a second time looking for WinPcap (the npf service). It sounds like you may have uninstalled or deleted Npcap and left WinPcap installed if you only get it once. It might make sense for someone to modify Nmap to only show that error if both npcap and npf are missing, or perhaps relegate it all to debug output? Otherwise anyone sticking with WinPcap will always see the error when Nmap checks for npcap. Rob From: dev [mailto:dev-bounces () nmap org] On Behalf Of Mike . Sent: 28 July 2016 19:04 To: nmap-group <dev () nmap org> Subject: npcap horror story i call it a horror story because of all that i have had to go through in geting it to work, which it never did. so i deleted both adapters, rebooted and now nmap tells me this when i try and scan Starting Nmap 7.25BETA1 ( https://nmap.org ) at 2016-07-28 12:57 Central Dayligh t Time Error in OpenService would be nice if it told me what service it was trying to open. anyway, done with npcap and the hoop jumping required to get it to work. i can live without scanning loopback. it's not the end of the world. my only ? is this...did anyone ever test this on win7? Mike
_______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- npcap horror story Mike . (Jul 28)
- RE: npcap horror story Rob Nicholls (Jul 28)
- Re: npcap horror story nnposter (Jul 28)
- Message not available
- RE: npcap horror story Rob Nicholls (Jul 29)
- Re: npcap horror story 食肉大灰兔V5 (Jul 31)
- RE: npcap horror story Rob Nicholls (Jul 28)