RE: Most final release candidate yet: Nmap 4.49RC6

["Fred" <sfred92 () free fr>]

Thanks for response, Rob.

Yes, I have UAC disabled, and I work with an Administrator Group account.
And I re-confirm that Windump and Wireshark work.
I can also confirm that Nmap works OK in Fedora 8 and FreeBSD 6.2 running in
VMWare virtual machines (on same Vista system).

Also, I've just tried to configure fixed IP address with netsh command
instead of GUI ==> no changes.

Here are some outputs:

_______________________________________________________

*** WITH DHCP ***

c:\>nmap --iflist

Starting Nmap 4.49RC6 ( http://insecure.org ) at 2007-12-10 12:16 Paris,
Madrid
************************INTERFACES************************
DEV   (SHORT) IP/MASK          TYPE     UP   MAC
net0  (net0)  (null)/0         other    down
net1  (net1)  (null)/0         other    down
eth0  (eth0)  (null)/0         ethernet up   CC:9E:20:52:41:53
eth1  (eth1)  (null)/0         ethernet up   CC:9E:20:52:41:53
eth2  (eth2)  (null)/0         ethernet down 00:A0:D5:FF:FF:85
eth3  (eth3)  (null)/0         ethernet up   CC:9E:20:52:41:53
eth4  (eth4)  192.168.10.18/24 ethernet up   00:1C:25:16:D9:FB
eth5  (eth5)  (null)/0         ethernet up   CC:9E:20:52:41:53
eth6  (eth6)  (null)/0         ethernet down 00:1C:26:D6:2C:8B
eth7  (eth7)  (null)/0         ethernet down 00:A0:D5:FF:FF:85
eth8  (eth8)  (null)/0         ethernet up   CC:9E:20:52:41:53
eth9  (eth9)  (null)/0         ethernet up   CC:9E:20:52:41:53
eth10 (eth10) (null)/0         ethernet up   00:1C:25:16:D9:FB
eth11 (eth11) (null)/0         ethernet down 00:50:56:C0:00:01
eth12 (eth12) (null)/0         ethernet down 00:50:56:C0:00:08
ppp0  (ppp0)  (null)/0         other    up
ppp1  (ppp1)  (null)/0         other    up
lo0   (lo0)   127.0.0.1/8      loopback up
eth13 (eth13) (null)/0         ethernet down 00:13:E8:ED:50:E1
eth14 (eth14) (null)/0         ethernet down 00:13:E8:ED:50:E1
eth15 (eth15) (null)/0         ethernet down 00:13:E8:ED:50:E1
net2  (net2)  (null)/0         other    up
net3  (net3)  (null)/0         other    up
net4  (net4)  (null)/0         other    down
net5  (net5)  (null)/0         other    down
net6  (net6)  (null)/0         other    up
net7  (net7)  (null)/0         other    down

DEV  WINDEVICE
net4 \Device\NPF_{22F84D82-9CF5-4155-B981-B169DFA5A78F}
net5 \Device\NPF_{9D0AB38D-20DF-4881-AE56-90A695F0E4AA}
net6 \Device\NPF_{2D308C17-120C-41C0-B53A-A94AE561A5B9}
net7 \Device\NPF_{F0EE849D-0E77-4565-830B-5F0925E3753E}

**************************ROUTES**************************
DST/MASK           DEV  GATEWAY
192.168.10.18/32   eth4 192.168.10.18
255.255.255.255/32 lo0  127.0.0.1
127.0.0.1/32       lo0  127.0.0.1
127.255.255.255/32 lo0  127.0.0.1
192.168.10.255/32  eth4 192.168.10.18
255.255.255.255/32 eth4 192.168.10.18
192.168.10.0/0     eth4 192.168.10.18
127.0.0.0/0        lo0  127.0.0.1
224.0.0.0/0        eth4 192.168.10.18
224.0.0.0/0        lo0  127.0.0.1
0.0.0.0/0          eth4 192.168.10.1


c:\>nmap -sS 192.168.10.1

Starting Nmap 4.49RC6 ( http://insecure.org ) at 2007-12-10 12:16 Paris,
Madrid
Interesting ports on worf (192.168.10.1):
Not shown: 1709 closed ports
PORT   STATE SERVICE
22/tcp open  ssh
53/tcp open  domain
MAC Address: 00:0D:28:13:9B:D6 (Cisco)

Nmap done: 1 IP address (1 host up) scanned in 3.728 seconds

_______________________________________________________

*** WITH FIXED IP ADDRESS ***

c:\>nmap --iflist

Starting Nmap 4.49RC6 ( http://insecure.org ) at 2007-12-10 12:20 Paris,
Madrid
************************INTERFACES************************
DEV   (SHORT) IP/MASK          TYPE     UP   MAC
net0  (net0)  (null)/0         other    down
net1  (net1)  (null)/0         other    down
eth0  (eth0)  (null)/0         ethernet up   CC:9E:20:52:41:53
eth1  (eth1)  (null)/0         ethernet up   CC:9E:20:52:41:53
eth2  (eth2)  (null)/0         ethernet down 00:A0:D5:FF:FF:85
eth3  (eth3)  (null)/0         ethernet up   CC:9E:20:52:41:53
eth4  (eth4)  192.168.10.99/24 ethernet up   00:1C:25:16:D9:FB
eth5  (eth5)  (null)/0         ethernet up   CC:9E:20:52:41:53
eth6  (eth6)  (null)/0         ethernet down 00:1C:26:D6:2C:8B
eth7  (eth7)  (null)/0         ethernet down 00:A0:D5:FF:FF:85
eth8  (eth8)  (null)/0         ethernet up   CC:9E:20:52:41:53
eth9  (eth9)  (null)/0         ethernet up   CC:9E:20:52:41:53
eth10 (eth10) (null)/0         ethernet up   00:1C:25:16:D9:FB
eth11 (eth11) (null)/0         ethernet down 00:50:56:C0:00:01
eth12 (eth12) (null)/0         ethernet down 00:50:56:C0:00:08
ppp0  (ppp0)  (null)/0         other    up
ppp1  (ppp1)  (null)/0         other    up
lo0   (lo0)   127.0.0.1/8      loopback up
eth13 (eth13) (null)/0         ethernet down 00:13:E8:ED:50:E1
eth14 (eth14) (null)/0         ethernet down 00:13:E8:ED:50:E1
eth15 (eth15) (null)/0         ethernet down 00:13:E8:ED:50:E1
net2  (net2)  (null)/0         other    up
net3  (net3)  (null)/0         other    up
net4  (net4)  (null)/0         other    down
net5  (net5)  (null)/0         other    down
net6  (net6)  (null)/0         other    up
net7  (net7)  (null)/0         other    down

DEV  WINDEVICE
net4 \Device\NPF_{22F84D82-9CF5-4155-B981-B169DFA5A78F}
net5 \Device\NPF_{9D0AB38D-20DF-4881-AE56-90A695F0E4AA}
net6 \Device\NPF_{2D308C17-120C-41C0-B53A-A94AE561A5B9}
net7 \Device\NPF_{F0EE849D-0E77-4565-830B-5F0925E3753E}

**************************ROUTES**************************
DST/MASK           DEV  GATEWAY
192.168.10.99/32   eth4 192.168.10.99
255.255.255.255/32 lo0  127.0.0.1
127.0.0.1/32       lo0  127.0.0.1
127.255.255.255/32 lo0  127.0.0.1
192.168.10.255/32  eth4 192.168.10.99
255.255.255.255/32 eth4 192.168.10.99
192.168.10.0/0     eth4 192.168.10.99
127.0.0.0/0        lo0  127.0.0.1
224.0.0.0/0        eth4 192.168.10.99
224.0.0.0/0        lo0  127.0.0.1
0.0.0.0/0          eth4 192.168.10.1


c:\>nmap -sS 192.168.10.1

Starting Nmap 4.49RC6 ( http://insecure.org ) at 2007-12-10 12:20 Paris,
Madrid
dnet: Failed to open device eth4
QUITTING!

_______________________________________________________


Fred



-----Message d'origine-----
De : nmap-dev-bounces () insecure org [mailto:nmap-dev-bounces () insecure org] De
la part de Rob Nicholls
Envoyé : lundi 10 décembre 2007 12:04
À : nmap-dev () insecure org
Objet : RE: Most final release candidate yet: Nmap 4.49RC6

Morning,

> For information, I have following bug with Nmap 4.49RC6.
>
> - If I use Ethernet + DHCP, everything works OK.
> - If I use Ethernet + fixed IP address:

That's a bit odd, because it works fine for me with a static IP :S

I spent two weeks last month hopping around several networks and dozens of
vlans using a whole series of static IP addresses (the UAC prompt that
appears when you change your IP address did finally start to get
annoying), using one of the 4.22SOC versions IIRC, which should be pretty
similar to RC6. And I've just tried RC6 using a static IP against a couple
of servers (one plugged into the same switch, the other is 9 hops away
across the internet) without noticing any problems.

Fred, have you got UAC disabled? If not, do you have any more luck if you
use an elevated Command Prompt? It might help if you could provide the
outputs (when you're using a static and dynamic IP) from

nmap --iflist

I think the last time I saw the message you're seeing on Vista was when I
had UAC enabled and before I'd changed the registry setting so WinPcap was
already loaded*; but if Wireshark works fine then it suggests to me that
WinPcap might not be at fault (unless you're running Wireshark elevated,
but nmap should work fine after you've done that as the WinPcap driver
will already be successfully loaded for nmap to use).


Rob

* HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NPF\Start set to
the value 2 (instead of the default of 3)



_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org