Re: same issues with no resolve? npcap

[食肉大灰兔V5 <hsluoyz () gmail com>]

Hi Mike,

On Mon, Jul 25, 2016 at 7:25 PM, Mike . <dmciscobgp () hotmail com> wrote:

> ok. thanks for getting back to me
>
>
> nmap -n -T3 -ttl 64 -d2 -open -Pn -max-retries 1 2> nul -F 192.168.0.16
>
>
> This command has nothing to do with localhost. If you want to scan
localhost, please use the IP: 127.0.0.1.

So at my side, I used my router, 192.168.0.1 as the target. The result
seems to be fine.

---------------------------------------------------------------
C:\Windows\system32>nmap -n -T3 -ttl 64 -d2 -open -Pn -max-retries 1 2> nul
-F 192.168.0.1

Starting Nmap 7.25BETA1 ( https://nmap.org ) at 2016-07-25 19:34 China
Standard Time
Fetchfile found C:\Program Files (x86)\Nmap/nmap-services
PORTS: Using top 100 ports found open (TCP:100, UDP:0, SCTP:0)
npf service is already running.
Winpcap present, dynamic linked to: Npcap version 0.07, based on WinPcap
version 4.1.3 (packet.dll version 4.1.0.2980), based on libpcap version 1.0
branch 1_0_rel0b (20091008)
Fetchfile found C:\Program Files (x86)\Nmap/nmap.xsl
The max # of sockets we are using is: 0
--------------- Timing report ---------------
  hostgroups: min 1, max 100000
  rtt-timeouts: init 1000, min 100, max 10000
  max-scan-delay: TCP 1000, UDP 1000, SCTP 1000
  parallelism: min 0, max 0
  max-retries: 1, host-timeout: 0
  min-rate: 0, max-rate: 0
---------------------------------------------
Fetchfile found C:\Program Files (x86)\Nmap/nmap-payloads
Initiating ARP Ping Scan at 19:34
Scanning 192.168.0.1 [1 port]
Packet capture filter (device eth3): arp and arp[18:4] = 0xE094678F and
arp[22:2] = 0xFF3E
ultrascan_host_probe_update called for machine 192.168.0.1 state UNKNOWN ->
HOST_UP (trynum 0 time: 4000)
Changing ping technique for 192.168.0.1 to ARP
Changing global ping host to 192.168.0.1.
Completed ARP Ping Scan at 19:34, 0.60s elapsed (1 total hosts)
Overall sending rates: 1.66 packets / s, 69.65 bytes / s.
Initiating SYN Stealth Scan at 19:34
192.168.0.1 pingprobe type ARP is inappropriate for this scan type;
resetting.
Scanning 192.168.0.1 [100 ports]
Packet capture filter (device eth3): dst host 192.168.0.107 and (icmp or
icmp6 or ((tcp or udp or sctp) and (src host 192.168.0.1)))
Discovered open port 80/tcp on 192.168.0.1
Changing ping technique for 192.168.0.1 to tcp to port 80; flags: S
Discovered open port 1900/tcp on 192.168.0.1
Changing global ping host to 192.168.0.1.
Completed SYN Stealth Scan at 19:34, 1.72s elapsed (100 total ports)
Overall sending rates: 115.52 packets / s, 5082.85 bytes / s.
Nmap scan report for 192.168.0.1
Fetchfile found C:\Program Files (x86)\Nmap/nmap-mac-prefixes
Host is up, received arp-response (0.0051s latency).
Scanned at 2016-07-25 19:34:52 China Standard Time for 3s
Not shown: 98 filtered ports
Reason: 98 no-responses
PORT     STATE SERVICE REASON
80/tcp   open  http    syn-ack ttl 64
1900/tcp open  upnp    syn-ack ttl 64
MAC Address: FC:D7:33:8D:06:CE (Tp-link Technologies)
Final times for host: srtt: 5125 rttvar: 5062  to: 100000

Read from C:\Program Files (x86)\Nmap: nmap-mac-prefixes nmap-payloads
nmap-services.
Nmap done: 1 IP address (1 host up) scanned in 2.66 seconds
           Raw packets sent: 199 (8.740KB) | Rcvd: 6 (294B)

C:\Windows\system32>
---------------------------------------------------------------

> connect scans work fine BUT they take FOREVER to do a complete 65000+
> scan! no other scans will work against localhost without error occuring.

What localhost command has you tried? Has you tried "nmap -v -A 127.0.0.1“?
Please give me the feedback of the Nmap.

Cheers,
Yang



> i am on win7 x86 w/ no antivirus or wall whatsoever and as far as the
> winpcap install option i chose that loopback adapter option and left all
> others unchecked
>
> ------------------------------
> *From:* 食肉大灰兔V5 <hsluoyz () gmail com>
> *Sent:* Monday, July 25, 2016 11:02 AM
> *To:* Mike .
> *Cc:* nmap-group
> *Subject:* Re: same issues with no resolve? npcap
>
> Hi Mike,
>
> Sorry for the delay! I have several questions which will help my
> troubleshooting process.
>
> 1) Which Nmap command did you use? I think you are typing in the Nmap
> commands in a CMD, right? Please just paste the whole content (the command
> + the nmap feedback) in your mail.
>
> 2) I think you are using the shipped Npcap 0.07 r17, right? Which options
> do you choose when installing Npcap? And which OS are you using? x86 or x64?
>
> 3) Have you enabled any anti-virus, firewall softwares? Please disable
> them then try again. Also try to use an Administrator CMD to run Nmap.
>
> 4) Try Wireshark latest development version, it should show an interface
> called "Npcap Loopback Adapter". Capture packets on this "Npcap Loopback
> Adapter", then "ping 127.0.0.1" in CMD and see if the corresponding ICMP
> packet shows up on Wireshark.
>
> Thanks!
>
>
> Cheers,
> Yang
>
>
> On Mon, Jul 25, 2016 at 6:46 PM, Mike . <dmciscobgp () hotmail com> wrote:
>
> > not sure if what i posted on this was just ignored or never seen. still
> > getting these issues with this npcap install. here is the debug output
> >
> >
> > CONN (1.1190s) TCP localhost > 127.0.0.1:995 => No connection could be
> > made because the target machine actively
> >
> > that is not truncated btw. why am i seeing this and why is that error
> > written that way incomplete? also get this when i try anything other than a
> > connect scan --->
> > dnet: Failed to open device lo0
> > QUITTING!
> >
> > ty
> >
> > Mike
> >
> >
> > _______________________________________________
> > Sent through the dev mailing list
> > https://nmap.org/mailman/listinfo/dev
> > Archived at http://seclists.org/nmap-dev/
_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/