RE: Nmap 3.75 winpcap 3.1b4, winXPsp2 and dial-up...

["Craig Humphrey" <Craig.Humphrey () chapmantripp com>]

Hi Andy,

OK, here's the output from nmap --win_trace --win_list_interfaces
-vvvddd

C:\Program Files\nmap>nmap --win_trace --win_list_interfaces -vvvddd
***WinIP***  initializing if tables
***WinIP***  if tables complete :)
***WinIP***  trying to initialize winpcap 2.1
***WinIP***  winpcap is present
***WinIP***  testing for raw sockets
***WinIP***  rawsock is available
***WinIP***  reading winpcap interface list
***WinIP***  init \Device\NPF_GenericNdisWanAdapter (ASCII)
pcap device:  \Device\NPF_GenericNdisWanAdapter
***WinIP***  init \Device\NPF_{A5855BED-60A1-4362-B6E7-B518806D2622}
(ASCII)
pcap device:  \Device\NPF_{A5855BED-60A1-4362-B6E7-B518806D2622}
***WinIP***  init \Device\NPF_{0E44860A-D47A-4B9D-BE73-CBED7B78BA00}
(ASCII)
pcap device:  \Device\NPF_{0E44860A-D47A-4B9D-BE73-CBED7B78BA00}
 result:       physaddr (0x0010c62adb52) matches eth0
***WinIP***  init \Device\NPF_{0B5A98A0-ECA3-4EF5-9EE2-319714870DAF}
(ASCII)
pcap device:  \Device\NPF_{0B5A98A0-ECA3-4EF5-9EE2-319714870DAF}
 result:       physaddr (0x0010c62adb52) matches eth0
***WinIP***  init \Device\NPF_{BA0BE7F2-9AFC-4CA8-BE89-315FC0683F4C}
(ASCII)
pcap device:  \Device\NPF_{BA0BE7F2-9AFC-4CA8-BE89-315FC0683F4C}
 result:       physaddr (0x00904b6e7992) matches eth1
***WinIP***  init \Device\NPF_{44C1239D-2EEB-4721-B957-D8960954DBE8}
(ASCII)
pcap device:  \Device\NPF_{44C1239D-2EEB-4721-B957-D8960954DBE8}
 result:       physaddr (0x000d56e925cb) matches eth2
***WinIP***  o.isr00t = 1
Available interfaces:

Name        Raw mode  IP
loopback0   SOCK_RAW  127.0.0.1
eth0        winpcap   0.0.0.0
eth1        winpcap   0.0.0.0
eth2        winpcap   0.0.0.0
eth3        SOCK_RAW  0.0.0.0
ppp0        SOCK_RAW  166.179.17.1

What's odd, is that nmap is reporting winpcap 2.1, but I have 3.1b4
installed (or is this just hard coded in nmap?).
Ignoring the extra ethX interfaces (utp, firewire*2, WiFi), will nmap
only support the winpcap interfaces on WinXPsp2?
Ppp0 is the CDMA 2000 1X dial-up.

Thanks
Craig


> -----Original Message-----
> From: Andy Lutomirski [mailto:luto () myrealbox com] 
> Sent: Wednesday, January 12, 2005 11:23 AM
> To: Craig Humphrey
> Cc: NMap Dev
> Subject: Re: Nmap 3.75 winpcap 3.1b4, winXPsp2 and dial-up...
>
> Hmm...  Can you tell me what packet format Ethereal reports for the 
> interface?  If it's not Ethernet, then I wouldn't count on 
> nmap getting 
> it right -- the pcapsend code assumes ethernet.  Also, the output of 
> nmap --win_trace --win_list_interfaces -vvvddd would be nice.
>
> That being said, I'll put this on the list for my rewrite of 
> the packet 
> library -- it should be easy enough to support.
>
> --Andy

---------------------------------------------------------------------
For help using this (nmap-dev) mailing list, send a blank email to
nmap-dev-help () insecure org . List archive: http://seclists.org