Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

XP SP2 (possible temporary fix)

From: "Hytham Abu-Safieh" <hythama () softcom biz>
Date: Tue, 17 Aug 2004 14:58:25 -0400
Good day all!

 

Tried sending this to nmap-hackers, but to no avail ... so I try again!
:D

 

Ok before anyone goes off on me for not reading the entire email threads
and welcoming me to news of old regarding NMAPs (in)capability to
function across XP SP2.  I'm simply going by the update found in the
Win(insert fav platform here) in the downloads section of the site
stating NMAP no longer functions on XP.

 

Quick Fix:

Simply disabling the windows firewall service by issuing the following
into Cygwin or DOS:

 

net stop "Windows Firewall/Internet Connection Sharing (ICS)" 

 

That restored functionality of NMAP to my system ... as this will allow
the application to fully utilize the raw sockets in which the oh so
wonderful M$ firewall limits the use of.  I also upgraded to winpcap 3.1
beta 3 and all works peachy.

 

<Useless Rant> Now if you even think of flaming me for even suggesting
such a gastly idea; if you are a firewall admin, and require the use of
a desktop firewall to aid you in your quest of security, get a clue - AV
has been around for years and setting up ingress/egress filtering can be
done by my sister who lacks even the most basic concepts of security. Oh
and you'll know that this 'firewall' is truly pointless in a corporate
environment if you've experienced virus propagation in the past and how
it worked. </Useless Rant>

 

Now if you're concerned about the syn queuing which occurs after
installing XP SP2, you can hack the tcpip.sys file located in your
%system root% dir and modify the values.  I used a patch from
www.lvlord.de <http://www.lvlord.de/>  allows you to modify the file
thereby increasing the number of SYN packets permitted to queue.  Yes,
yes I know you can send however many SYN packets as long as they're
responded to.  Let's face it, we use this tool to determine what's on
our network and there is a very good chance many packets will go
unreturned totally destroying NMAPs performance considering all SYN
packets in a SYN_SENT state will simply queue up and wait for the next
available thread.  Grrrr.

 

As for a fix while the firewall is on ... I'm not a windows coder, can't
help there.  Sorry :D

 

Anyways if this is old news, I wholeheartedly apologize!!

 

-H
Previous By Date Next
Previous By Thread Next

Current thread: