Nmap Development mailing list archives
Re: NMap 4.2 and Vista
From: "Rob Nicholls" <robert () everythingeverything co uk>
Date: Wed, 28 Feb 2007 11:26:31 -0000 (GMT)
Hi everyone, Using WinPcap 4.0, nmap 4.20, Vista Ultimate and an elevated Command Prompt, I was able to get nmap to work okay under Vista (it appears to work fine if you have UAC disabled and you're logged on with an Admin account). But here's the trick if you have UAC enabled: once you've installed WinPcap and nmap, you need to run an elevated Command Prompt. If you use a normal command prompt it'll run just like a standard user and you'll get: Initiating ARP Ping Scan at 16:45 dnet: Failed to open device eth4 QUITTING! But if you use an elevated Command Prompt you'll be able to start namp correctly and do your scan as per normal. Once you've started a scan, it appears that you can now run nmap from ANY Command Prompt, elevated or as a standard user. Every time you reboot Vista (probably far more of an annoyance for those of you that don't use Hibernate), you'll therefore need to run an elevated Command Prompt and start nmap again. Unless you decide to disable UAC, which is generally frowned upon, but if this is your pentest build then you can probably get away with it (although I suspect most pentesters will stick with Linux and/or XP). I've also tried running nmap as a standard user, and as long as you initially run nmap somewhere in an elevated Command Prompt (either by supplying your admin user's details when logged on as the standard user, or by successfully running nmap in an Admin account before switching users or logging off), you can now run nmap in any standard Command Prompt. Because nmap appears to work anywhere after you successfully run it once as an elevated Admin, it sounds to me like the issue is that nmap can't initially start/use WinPcap unless it's elevated; but once WinPcap has started running, any instance of nmap will work correctly. Until you reboot. My assumption (and hopefully I'm not making a fool of myself here...) is that the WinPcap Netgroup Packet Filter (npf.sys) driver can't load itself into the kernel unless the parent process (in this case, nmap.exe) has Admin privileges, but once it's loaded into the kernel it remains there for any subsequent user (in any user session) to use (via packet.dll). So I think that means WinPcap probably has to do something to ensure NPF can load into the kernel when Vista is initially started (perhaps install itself as a service? I believe that's what PeerGuardian 2 does). Or we all have to put up with(/workaround) this "feature". Regards, Rob Nicholls _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- NMap 4.2 and Vista Sean McClanahan (Feb 22)
- Re: NMap 4.2 and Vista majek04 (Feb 23)
- Re: NMap 4.2 and Vista Gianluca Varenni (Feb 23)
- Re: NMap 4.2 and Vista majek04 (Feb 23)
- RE: NMap 4.2 and Vista Sean McClanahan (Feb 23)
- Re: NMap 4.2 and Vista Gianluca Varenni (Feb 23)
- <Possible follow-ups>
- Re: NMap 4.2 and Vista Rob Nicholls (Feb 28)
- Re: NMap 4.2 and Vista Gianluca Varenni (Feb 28)
- Re: NMap 4.2 and Vista majek04 (Feb 23)