Nmap Development mailing list archives
Re: same issues with no resolve? npcap
From: 食肉大灰兔V5 <hsluoyz () gmail com>
Date: Mon, 25 Jul 2016 21:56:15 +0800
Hi Robert, Thanks for your advice! I think Mike can try this:) BTW, you need to click "Reply to All" to also reply your mail to " dev () nmap org" instead of just the asker. Only in this way, other members can see this reply too. And is there a way or for us to modify our mailing list setting, so every reply will just reply to the list instead of the asker's mail. So there won't be anyone only replying to the asker. Cheers, Yang On Mon, Jul 25, 2016 at 8:47 PM, <robert () robnicholls co uk> wrote:
Hi Yang, This sounds similar to the error I saw on my Windows 8 x64 VM the other day after I first installed Npcap. I could scan all hosts except localhost as Nmap couldn't scan using the new loopback adaptor lo0. The interface lo0 was displayed in the iflist output and everything looked identical to the output from working Windows 10 and 8.1 systems (which I installed using exactly the same options) but I would get that error message. After rebooting and reinstalling Nmap and Npcap over the top everything seemed to work fine. I wonder if reinstalling Npcap might help Mike, but I've not been able to reproduce the issue yet in order to test my theory. Rob On 25 Jul 2016 1:15 pm, 食肉大灰兔V5 <hsluoyz () gmail com> wrote: Hi Mike, On Mon, Jul 25, 2016 at 7:54 PM, Mike . <dmciscobgp () hotmail com> wrote: excuse me sir. but i have the exact same issues with "localhost"! btw, chime in. what is the difference between the "real" loopback and my local ip intranet side? If 192.168.0.16 is your one of your own host IPs, then it's equivalent to 127.0.0.1. both reflect the same addy. my router is 192.168.0.1. my addy is 16. yes i know wth a loopback addy is. anyway, just to show you, same error: nmap -n -T3 -ttl 64 -d2 -open -Pn -max-retries 1 -F 127.0.0.1 Starting Nmap 7.25BETA1 ( https://nmap.org ) at 2016-07-25 06:49 Central Dayligh t Time Fetchfile found C:\Program Files\Nmap/nmap-services PORTS: Using top 100 ports found open (TCP:100, UDP:0, SCTP:0) npcap service is already running. Winpcap present, dynamic linked to: Npcap version 0.07, based on WinPcap version 4.1.3 (packet.dll version 4.1.0.2980), based on libpcap version 1.0 branch 1_0_ rel0b (20091008) Fetchfile found C:\Program Files\Nmap/nmap.xsl The max # of sockets we are using is: 0 --------------- Timing report --------------- hostgroups: min 1, max 100000 rtt-timeouts: init 1000, min 100, max 10000 max-scan-delay: TCP 1000, UDP 1000, SCTP 1000 parallelism: min 0, max 0 max-retries: 1, host-timeout: 0 min-rate: 0, max-rate: 0 --------------------------------------------- Fetchfile found C:\Program Files\Nmap/nmap-payloads Initiating SYN Stealth Scan at 06:49 dnet: Failed to open device lo0 QUITTING! A reason that I can think of is the status of the adapter. Have you enabled the "Npcap Loopback Adapter" in your "Control Panel\Network and Internet\Network Connections"? Can you paste your "nmap --iflist" result here? Also please try Wireshark like I said, it can help the troubleshooting. Thanks. Cheers, Yang guess im outta luck Mike ------------------------------ *From:* 食肉大灰兔V5 <hsluoyz () gmail com> *Sent:* Monday, July 25, 2016 11:41 AM *To:* Mike .; Nmap-dev *Subject:* Re: same issues with no resolve? npcap Hi Mike, On Mon, Jul 25, 2016 at 7:25 PM, Mike . <dmciscobgp () hotmail com> wrote: ok. thanks for getting back to me nmap -n -T3 -ttl 64 -d2 -open -Pn -max-retries 1 2> nul -F 192.168.0.16 This command has nothing to do with localhost. If you want to scan localhost, please use the IP: 127.0.0.1. So at my side, I used my router, 192.168.0.1 as the target. The result seems to be fine. --------------------------------------------------------------- C:\Windows\system32>nmap -n -T3 -ttl 64 -d2 -open -Pn -max-retries 1 2> nul -F 192.168.0.1 Starting Nmap 7.25BETA1 ( https://nmap.org ) at 2016-07-25 19:34 China Standard Time Fetchfile found C:\Program Files (x86)\Nmap/nmap-services PORTS: Using top 100 ports found open (TCP:100, UDP:0, SCTP:0) npf service is already running. Winpcap present, dynamic linked to: Npcap version 0.07, based on WinPcap version 4.1.3 (packet.dll version 4.1.0.2980), based on libpcap version 1.0 branch 1_0_rel0b (20091008) Fetchfile found C:\Program Files (x86)\Nmap/nmap.xsl The max # of sockets we are using is: 0 --------------- Timing report --------------- hostgroups: min 1, max 100000 rtt-timeouts: init 1000, min 100, max 10000 max-scan-delay: TCP 1000, UDP 1000, SCTP 1000 parallelism: min 0, max 0 max-retries: 1, host-timeout: 0 min-rate: 0, max-rate: 0 --------------------------------------------- Fetchfile found C:\Program Files (x86)\Nmap/nmap-payloads Initiating ARP Ping Scan at 19:34 Scanning 192.168.0.1 [1 port] Packet capture filter (device eth3): arp and arp[18:4] = 0xE094678F and arp[22:2] = 0xFF3E ultrascan_host_probe_update called for machine 192.168.0.1 state UNKNOWN -> HOST_UP (trynum 0 time: 4000) Changing ping technique for 192.168.0.1 to ARP Changing global ping host to 192.168.0.1. Completed ARP Ping Scan at 19:34, 0.60s elapsed (1 total hosts) Overall sending rates: 1.66 packets / s, 69.65 bytes / s. Initiating SYN Stealth Scan at 19:34 192.168.0.1 pingprobe type ARP is inappropriate for this scan type; resetting. Scanning 192.168.0.1 [100 ports] Packet capture filter (device eth3): dst host 192.168.0.107 and (icmp or icmp6 or ((tcp or udp or sctp) and (src host 192.168.0.1))) Discovered open port 80/tcp on 192.168.0.1 Changing ping technique for 192.168.0.1 to tcp to port 80; flags: S Discovered open port 1900/tcp on 192.168.0.1 Changing global ping host to 192.168.0.1. Completed SYN Stealth Scan at 19:34, 1.72s elapsed (100 total ports) Overall sending rates: 115.52 packets / s, 5082.85 bytes / s. Nmap scan report for 192.168.0.1 Fetchfile found C:\Program Files (x86)\Nmap/nmap-mac-prefixes Host is up, received arp-response (0.0051s latency). Scanned at 2016-07-25 19:34:52 China Standard Time for 3s Not shown: 98 filtered ports Reason: 98 no-responses PORT STATE SERVICE REASON 80/tcp open http syn-ack ttl 64 1900/tcp open upnp syn-ack ttl 64 MAC Address: FC:D7:33:8D:06:CE (Tp-link Technologies) Final times for host: srtt: 5125 rttvar: 5062 to: 100000 Read from C:\Program Files (x86)\Nmap: nmap-mac-prefixes nmap-payloads nmap-services. Nmap done: 1 IP address (1 host up) scanned in 2.66 seconds Raw packets sent: 199 (8.740KB) | Rcvd: 6 (294B) C:\Windows\system32> --------------------------------------------------------------- connect scans work fine BUT they take FOREVER to do a complete 65000+ scan! no other scans will work against localhost without error occuring. What localhost command has you tried? Has you tried "nmap -v -A 127.0.0.1“? Please give me the feedback of the Nmap. Cheers, Yang i am on win7 x86 w/ no antivirus or wall whatsoever and as far as the winpcap install option i chose that loopback adapter option and left all others unchecked ------------------------------ *From:* 食肉大灰兔V5 <hsluoyz () gmail com> *Sent:* Monday, July 25, 2016 11:02 AM *To:* Mike . *Cc:* nmap-group *Subject:* Re: same issues with no resolve? npcap Hi Mike, Sorry for the delay! I have several questions which will help my troubleshooting process. 1) Which Nmap command did you use? I think you are typing in the Nmap commands in a CMD, right? Please just paste the whole content (the command + the nmap feedback) in your mail. 2) I think you are using the shipped Npcap 0.07 r17, right? Which options do you choose when installing Npcap? And which OS are you using? x86 or x64? 3) Have you enabled any anti-virus, firewall softwares? Please disable them then try again. Also try to use an Administrator CMD to run Nmap. 4) Try Wireshark latest development version, it should show an interface called "Npcap Loopback Adapter". Capture packets on this "Npcap Loopback Adapter", then "ping 127.0.0.1" in CMD and see if the corresponding ICMP packet shows up on Wireshark. Thanks! Cheers, Yang On Mon, Jul 25, 2016 at 6:46 PM, Mike . <dmciscobgp () hotmail com> wrote: not sure if what i posted on this was just ignored or never seen. still getting these issues with this npcap install. here is the debug output CONN (1.1190s) TCP localhost > 127.0.0.1:995 => No connection could be made because the target machine actively that is not truncated btw. why am i seeing this and why is that error written that way incomplete? also get this when i try anything other than a connect scan ---> dnet: Failed to open device lo0 QUITTING! ty Mike _______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
_______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- same issues with no resolve? npcap Mike . (Jul 25)
- Re: same issues with no resolve? npcap 食肉大灰兔V5 (Jul 25)
- Message not available
- Re: same issues with no resolve? npcap 食肉大灰兔V5 (Jul 25)
- Message not available
- Re: same issues with no resolve? npcap 食肉大灰兔V5 (Jul 25)
- Message not available
- Re: same issues with no resolve? npcap 食肉大灰兔V5 (Jul 25)
- Message not available
- Re: same issues with no resolve? npcap 食肉大灰兔V5 (Jul 25)
- Message not available
- Re: same issues with no resolve? npcap 食肉大灰兔V5 (Jul 25)
- Message not available
- Re: same issues with no resolve? npcap 食肉大灰兔V5 (Jul 25)
- Message not available
- Re: same issues with no resolve? npcap 食肉大灰兔V5 (Jul 25)
- Message not available
- Re: same issues with no resolve? npcap 食肉大灰兔V5 (Jul 26)
- Message not available
- Re: same issues with no resolve? npcap 食肉大灰兔V5 (Jul 25)