Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: same issues with this npcap

From: 食肉大灰兔V5 <hsluoyz () gmail com>
Date: Fri, 29 Jul 2016 00:08:52 +0800
Hi Mike,

Please do this:

1) Create a Windows loopback adapter based on this:
https://social.technet.microsoft.com/Forums/windows/en-US/259c7ef2-3770-4212-8fca-c58936979851/how-to-install-microsoft-loopback-adapter?forum=w7itpronetworking
Then look at the result of "nmap --iflist", make sure the new loopback
adapter has a "WINDEVICE" value. You can check its IP/MASK for its DEV name.
If even the created Windows loopback adapter doesn't have a "WINDEVICE"
value, you have to use your eth0 as the "Npcap Loopback Adapter". For your
machine, it's:

eth0   \Device\NPF_{E6793762-9633-432B-B8A6-B4C2F6AA5179}

You record the "WINDEVICE" value like the above
"\Device\NPF_{E6793762-9633-432B-B8A6-B4C2F6AA5179}", remove the "NPF_", so
you get "\Device\{E6793762-9633-432B-B8A6-B4C2F6AA5179}"

2) Open the registry, replace the following two registry REG_SZ values with
the above string (no double quote)
1. HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Npcap\LoopbackAdapter
2.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\npcap\LoopbackAdapter

3) Open an Administrator CMD, enter "net stop npcap" and "net start npcap"
to restart the Npcap driver.

4) enter "nmap --iflist" again to look at the result. You should see that
the Npcap Loopback Adapter (lo0) has taken the place of the specified
"WINDEVICE" value.

For the above example, you should see:

lo0   \Device\NPF_{E6793762-9633-432B-B8A6-B4C2F6AA5179}

If you see this, then this hacking method succeeds. You should be able to
normally use commands like "nmap -n -T3 -ttl 64 -d2 -open -Pn -max-retries
1  -F 127.0.0.1" now.


Cheers,
Yang

On Thu, Jul 28, 2016 at 11:01 PM, Mike . <dmciscobgp () hotmail com> wrote:


so im giving up on this. i have an interface supposedly up as you can see
here   :
DEV  (SHORT) IP/MASK         TYPE     UP MTU  MAC
eth0 (eth0)  192.168.0.16/24 ethernet up 1500 00:1C:25:74:AB:E1
lo0  (lo0)   ::1/128         loopback up -1
lo0  (lo0)   127.0.0.1/8     loopback up -1

and yet again NO recognization  as far as a created GUID in nmap or
wireshark!

DEV    WINDEVICE
eth0   \Device\NPF_{E6793762-9633-432B-B8A6-B4C2F6AA5179}
lo0    <none>
lo0    <none>
<none> \Device\NPF_NdisWanIpv6
<none> \Device\NPF_NdisWanIp


maybe you can have someone else test on win 7 because i am now getting a
headache

Mike

(lastly, everytime i go to ENABLE loopback in  network connections i get a
continuous "identifying..." is that MAC related or what?)


_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/


_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: