Nmap Development mailing list archives

Re: same issues with no resolve? npcap

From: 食肉大灰兔V5 <hsluoyz () gmail com>
Date: Mon, 25 Jul 2016 22:06:20 +0800

Hi Mike,

On Mon, Jul 25, 2016 at 9:17 PM, Mike . <dmciscobgp () hotmail com> wrote:

just noticed the status for that adapter is in a continuous
"identifying..." mode. no clue on that. as far at the list here

This is NOT normal. My side shows "Unidentified network" which should be a
normal sign.

I suggest you disable and re-enable this adapter. See if it stops
showing "identifying...". If this doesn't fix, you can do as what Robert
said, reboot, reinstall Npcap, then reboot again.


DEV  (SHORT) IP/MASK         TYPE     UP MTU  MAC
lo0  (lo0)   ::1/128         loopback up 1500
lo0  (lo0)   127.0.0.1/8     loopback up 1500
eth0 (eth0)  192.168.0.16/24 ethernet up 1500 00:1C:25:74:AB:E1

DEV    WINDEVICE
lo0    <none>
lo0    <none>


This is NOT normal either. My side shows as below. the WINDEVICE of lo0
adapter should has something.

------------------------------------------------------------------------
DEV  WINDEVICE
eth0 \Device\NPF_{5343DA6B-7495-4DFF-83AD-033E04FB8793}
eth0 \Device\NPF_{5343DA6B-7495-4DFF-83AD-033E04FB8793}
lo0  \Device\NPF_{DD9518B2-04F9-48E5-83AE-5E445C31C9F3}
lo0  \Device\NPF_{DD9518B2-04F9-48E5-83AE-5E445C31C9F3}
eth1 \Device\NPF_{C5C7E6A2-0952-4177-82DD-1FEE841AE165}
eth1 \Device\NPF_{C5C7E6A2-0952-4177-82DD-1FEE841AE165}
tun0 <none>
tun0 <none>
tun1 <none>
tun2 <none>
------------------------------------------------------------------------

I suggest you another way to check:
1) Open an Administrator CMD, "cd" into the Npcap installation folder
"C:\Program Files\Npcap".
2) Type in "NPFInstall.exe -ul" to uninstall "Npcap Loopback Adapter". Show
me any error messages about this command.
3) Type in "NPFInstall.exe -il" to re-install "Npcap Loopback Adapter".
Show me any error messages about this command.


Cheers,
Yang

eth0   \Device\NPF_{E6793762-9633-432B-B8A6-B4C2F6AA5179}
<none> \Device\NPF_NdisWanIpv6
<none> \Device\NPF_NdisWanIp

**************************ROUTES**************************
DST/MASK           DEV  METRIC GATEWAY
192.168.0.16/32    eth0 266
255.255.255.255/32 eth0 266
192.168.0.255/32   eth0 266
255.255.255.255/32 lo0  286
169.254.255.255/32 lo0  286
169.254.244.1/32   lo0  286
127.0.0.1/32       lo0  306
255.255.255.255/32 eth0 306
127.255.255.255/32 lo0  306
192.168.0.0/24     eth0 266
169.254.0.0/16     lo0  286
127.0.0.0/8        lo0  306
224.0.0.0/4        eth0 266
224.0.0.0/4        lo0  286
224.0.0.0/4        eth0 306
0.0.0.0/0          eth0 266    192.168.0.1
::1/128            lo0  306



lastly, wireshark does not even show or recognize lo adapter

------------------------------

*From:* 食肉大灰兔V5 <hsluoyz () gmail com>
*Sent:* Monday, July 25, 2016 12:15 PM

*To:* Mike .; Nmap-dev
*Subject:* Re: same issues with no resolve? npcap

Hi Mike,

On Mon, Jul 25, 2016 at 7:54 PM, Mike . <dmciscobgp () hotmail com> wrote:

excuse me sir. but i have the exact same issues with "localhost"! btw,
chime in. what is the difference between the "real" loopback and my local
ip intranet side?

If 192.168.0.16 is your one of your own host IPs, then it's equivalent to
127.0.0.1.

both reflect the same addy. my router is 192.168.0.1. my addy is 16. yes
i know wth a loopback addy is. anyway, just to show you, same error:


nmap -n -T3 -ttl 64 -d2 -open -Pn -max-retries 1 -F 127.0.0.1

Starting Nmap 7.25BETA1 ( https://nmap.org ) at 2016-07-25 06:49 Central
Dayligh
t Time
Fetchfile found C:\Program Files\Nmap/nmap-services
PORTS: Using top 100 ports found open (TCP:100, UDP:0, SCTP:0)
npcap service is already running.
Winpcap present, dynamic linked to: Npcap version 0.07, based on WinPcap
version
 4.1.3 (packet.dll version 4.1.0.2980), based on libpcap version 1.0
branch 1_0_
rel0b (20091008)
Fetchfile found C:\Program Files\Nmap/nmap.xsl
The max # of sockets we are using is: 0
--------------- Timing report ---------------
  hostgroups: min 1, max 100000
  rtt-timeouts: init 1000, min 100, max 10000
  max-scan-delay: TCP 1000, UDP 1000, SCTP 1000
  parallelism: min 0, max 0
  max-retries: 1, host-timeout: 0
  min-rate: 0, max-rate: 0
---------------------------------------------
Fetchfile found C:\Program Files\Nmap/nmap-payloads
Initiating SYN Stealth Scan at 06:49
dnet: Failed to open device lo0
QUITTING!

A reason that I can think of is the status of the adapter. Have you
enabled the "Npcap Loopback Adapter" in your "Control Panel\Network and
Internet\Network Connections"? Can you paste your "nmap --iflist" result
here? Also please try Wireshark like I said, it can help the
troubleshooting.

Thanks.


Cheers,
Yang


guess im outta luck
Mike

------------------------------
*From:* 食肉大灰兔V5 <hsluoyz () gmail com>
*Sent:* Monday, July 25, 2016 11:41 AM
*To:* Mike .; Nmap-dev

*Subject:* Re: same issues with no resolve? npcap

Hi Mike,

On Mon, Jul 25, 2016 at 7:25 PM, Mike . <dmciscobgp () hotmail com> wrote:

ok. thanks for getting back to me


nmap -n -T3 -ttl 64 -d2 -open -Pn -max-retries 1 2> nul -F 192.168.0.16



This command has nothing to do with localhost. If you want to scan

localhost, please use the IP: 127.0.0.1.

So at my side, I used my router, 192.168.0.1 as the target. The result
seems to be fine.

---------------------------------------------------------------
C:\Windows\system32>nmap -n -T3 -ttl 64 -d2 -open -Pn -max-retries 1 2>
nul -F 192.168.0.1

Starting Nmap 7.25BETA1 ( https://nmap.org ) at 2016-07-25 19:34 China
Standard Time
Fetchfile found C:\Program Files (x86)\Nmap/nmap-services
PORTS: Using top 100 ports found open (TCP:100, UDP:0, SCTP:0)
npf service is already running.
Winpcap present, dynamic linked to: Npcap version 0.07, based on WinPcap
version 4.1.3 (packet.dll version 4.1.0.2980), based on libpcap version 1.0
branch 1_0_rel0b (20091008)
Fetchfile found C:\Program Files (x86)\Nmap/nmap.xsl
The max # of sockets we are using is: 0
--------------- Timing report ---------------
  hostgroups: min 1, max 100000
  rtt-timeouts: init 1000, min 100, max 10000
  max-scan-delay: TCP 1000, UDP 1000, SCTP 1000
  parallelism: min 0, max 0
  max-retries: 1, host-timeout: 0
  min-rate: 0, max-rate: 0
---------------------------------------------
Fetchfile found C:\Program Files (x86)\Nmap/nmap-payloads
Initiating ARP Ping Scan at 19:34
Scanning 192.168.0.1 [1 port]
Packet capture filter (device eth3): arp and arp[18:4] = 0xE094678F and
arp[22:2] = 0xFF3E
ultrascan_host_probe_update called for machine 192.168.0.1 state UNKNOWN
-> HOST_UP (trynum 0 time: 4000)
Changing ping technique for 192.168.0.1 to ARP
Changing global ping host to 192.168.0.1.
Completed ARP Ping Scan at 19:34, 0.60s elapsed (1 total hosts)
Overall sending rates: 1.66 packets / s, 69.65 bytes / s.
Initiating SYN Stealth Scan at 19:34
192.168.0.1 pingprobe type ARP is inappropriate for this scan type;
resetting.
Scanning 192.168.0.1 [100 ports]
Packet capture filter (device eth3): dst host 192.168.0.107 and (icmp or
icmp6 or ((tcp or udp or sctp) and (src host 192.168.0.1)))
Discovered open port 80/tcp on 192.168.0.1
Changing ping technique for 192.168.0.1 to tcp to port 80; flags: S
Discovered open port 1900/tcp on 192.168.0.1
Changing global ping host to 192.168.0.1.
Completed SYN Stealth Scan at 19:34, 1.72s elapsed (100 total ports)
Overall sending rates: 115.52 packets / s, 5082.85 bytes / s.
Nmap scan report for 192.168.0.1
Fetchfile found C:\Program Files (x86)\Nmap/nmap-mac-prefixes
Host is up, received arp-response (0.0051s latency).
Scanned at 2016-07-25 19:34:52 China Standard Time for 3s
Not shown: 98 filtered ports
Reason: 98 no-responses
PORT     STATE SERVICE REASON
80/tcp   open  http    syn-ack ttl 64
1900/tcp open  upnp    syn-ack ttl 64
MAC Address: FC:D7:33:8D:06:CE (Tp-link Technologies)
Final times for host: srtt: 5125 rttvar: 5062  to: 100000

Read from C:\Program Files (x86)\Nmap: nmap-mac-prefixes nmap-payloads
nmap-services.
Nmap done: 1 IP address (1 host up) scanned in 2.66 seconds
           Raw packets sent: 199 (8.740KB) | Rcvd: 6 (294B)

C:\Windows\system32>
---------------------------------------------------------------

connect scans work fine BUT they take FOREVER to do a complete 65000+
scan! no other scans will work against localhost without error occuring.


What localhost command has you tried? Has you tried "nmap -v -A
127.0.0.1“? Please give me the feedback of the Nmap.

Cheers,
Yang

i am on win7 x86 w/ no antivirus or wall whatsoever and as far as the
winpcap install option i chose that loopback adapter option and left all
others unchecked

------------------------------
*From:* 食肉大灰兔V5 <hsluoyz () gmail com>
*Sent:* Monday, July 25, 2016 11:02 AM
*To:* Mike .
*Cc:* nmap-group
*Subject:* Re: same issues with no resolve? npcap

Hi Mike,

Sorry for the delay! I have several questions which will help my
troubleshooting process.

1) Which Nmap command did you use? I think you are typing in the Nmap
commands in a CMD, right? Please just paste the whole content (the command
+ the nmap feedback) in your mail.

2) I think you are using the shipped Npcap 0.07 r17, right? Which
options do you choose when installing Npcap? And which OS are you using?
x86 or x64?

3) Have you enabled any anti-virus, firewall softwares? Please disable
them then try again. Also try to use an Administrator CMD to run Nmap.

4) Try Wireshark latest development version, it should show an interface
called "Npcap Loopback Adapter". Capture packets on this "Npcap Loopback
Adapter", then "ping 127.0.0.1" in CMD and see if the corresponding ICMP
packet shows up on Wireshark.

Thanks!


Cheers,
Yang


On Mon, Jul 25, 2016 at 6:46 PM, Mike . <dmciscobgp () hotmail com> wrote:

not sure if what i posted on this was just ignored or never seen. still
getting these issues with this npcap install. here is the debug output


CONN (1.1190s) TCP localhost > 127.0.0.1:995 => No connection could be
made because the target machine actively

that is not truncated btw. why am i seeing this and why is that error
written that way incomplete? also get this when i try anything other than a
connect scan --->
dnet: Failed to open device lo0
QUITTING!

ty

Mike


_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/

_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/

Current thread:

same issues with no resolve? npcap Mike . (Jul 25)
- Re: same issues with no resolve? npcap 食肉大灰兔V5 (Jul 25)
  - Message not available
    - Re: same issues with no resolve? npcap 食肉大灰兔V5 (Jul 25)
    - Message not available
    - Re: same issues with no resolve? npcap 食肉大灰兔V5 (Jul 25)
    - Message not available
    - Re: same issues with no resolve? npcap 食肉大灰兔V5 (Jul 25)
    - Message not available
    - Re: same issues with no resolve? npcap 食肉大灰兔V5 (Jul 25)
    - Message not available
    - Re: same issues with no resolve? npcap 食肉大灰兔V5 (Jul 25)
    - Message not available
    - Re: same issues with no resolve? npcap 食肉大灰兔V5 (Jul 25)
    - Message not available
    - Re: same issues with no resolve? npcap 食肉大灰兔V5 (Jul 25)
    - Message not available
    - Re: same issues with no resolve? npcap 食肉大灰兔V5 (Jul 26)