Nmap Development mailing list archives
Re: raw-sockets and Win-XP SP2
From: "Leigh" <hst () iprimus com au>
Date: Fri, 25 Jun 2004 07:22:30 +1000
I have the same problem (even though the grc.com socket test says "full raw sockets are available" under RC2 beta 2) and this was the case under XP SP1 & SP2. However, nmap says no raw sockets available on my dialup (ppp0) connection but on my two nic's (eth0/1) it is rawsock a.o.k.
Like you, I too have to use -P0 and -sT to get any port showing up in the results. Using syn stealth yields no results except saying the ports are filtered. This could be normal I dont know what to expect as I am relatively new to nmap.
----- Original Message ----- From: "Sean Warnock" <removeme_news () warnocksolutions com>
To: <nmap-dev () insecure org> Sent: Friday, June 25, 2004 3:02 AM Subject: raw-sockets and Win-XP SP2
I have been playing around with Win XP SP2 RC1 and just installed RC2 on my machine last night. I have noticed some trouble with nmap. I have not run a packet sniffer to see what was happening but that definatly sounds like a reasonable explanation. Nmap runs on a Windows XP SP2 RC1 machine have been showing the scanned host is up but with no open ports. If I do a full connect scan then it is able to detect open ports.Sean I've heard strong rumours that the upcoming Win-XP SP2 will disable the use of SOCK_RAW sockets for any user (admin included). This will certainly hurt the use of nmap on Win-XP unless we go with libnet for all platforms. Steve Gibson (of www.grc.com) has been talking about the danger of raw-sockets for years; "... have ANY practical need for raw sockets" [*] he claims. Yeah right. Seems MS is now listening to him. Yet for years they have deprecated the use of the ICMP API for ping-like programs. And advised us to use SOCK_RAW instead. Back to using icmp.dll again I guess. I for one will not install the service-pack unless there's a loop-hole to enable SOCK_RAW again. Anyone with additional info on this? [*] http://www.grc.com/dos/sockettome.htm --gv --------------------------------------------------------------------- For help using this (nmap-dev) mailing list, send a blank email to nmap-dev-help () insecure org . List archive: http://seclists.org ---------------------------------------------------------------------For help using this (nmap-dev) mailing list, send a blank email to nmap-dev-help () insecure org . List archive: http://seclists.org
---------------------------------------------------------------------For help using this (nmap-dev) mailing list, send a blank email to nmap-dev-help () insecure org . List archive: http://seclists.org
Current thread:
- raw-sockets and Win-XP SP2 Gisle Vanem (Jun 24)
- Re: raw-sockets and Win-XP SP2 Leigh (Jun 24)
- Re: raw-sockets and Win-XP SP2 Leigh (Jun 25)
- Re: raw-sockets and Win-XP SP2 Gisle Vanem (Jun 25)
- <Possible follow-ups>
- raw-sockets and Win-XP SP2 Sean Warnock (Jun 24)
- Re: raw-sockets and Win-XP SP2 Leigh (Jun 24)