[Winpcap-bugs] winpcap fails to capture packets

Gianluca Varenni gianluca.varenni at cacetech.com
Fri Dec 28 14:54:21 GMT 2007 

Do Wireshark or windump receive packets on the same interfaces? Have you asked the nmap mailing list about this specific issue (although I'm subscribed to that mailing list, I don't remember offhand if you already asked there)?

Have a nice day
GV

  ----- Original Message ----- 
  From: bob 
  To: winpcap-bugs at winpcap.org 
  Sent: Wednesday, December 19, 2007 7:12 AM
  Subject: [Winpcap-bugs] winpcap fails to capture packets


  Nmap fails to do a network scan i.e. a ping scan, SYN scan (haven't tried connect() scan). I think it plain fails to receive any packet. Have tried using UAC+Admin privileges.


    C:\Users\bob.bob-PC>nmap -d3 -sP scanme.nmap.org
    ***WinIP***  trying to initialize WinPcap
    Winpcap present, dynamic linked to: WinPcap version 4.0.2 (packet.dll version 4.
    0.0.1040), based on libpcap version 0.9.5

    Starting Nmap 4.50 ( http://insecure.org ) at 2007-12-19 20:14 India Standard Ti
    me
    Fetchfile found C:\Program Files\Nmap\nmap-services 

    The max # of sockets we are using is: 0
    --------------- Timing report ---------------
      hostgroups: min 1, max 100000
      rtt-timeouts: init 1000, min 100, max 10000
      max-scan-delay: TCP 1000, UDP 1000 
      parallelism: min 0, max 0
      max-retries: 10, host-timeout: 0
    ---------------------------------------------
    Initiating Ping Scan at 20:14
    Scanning 205.217.153.62 [2 ports]
    Pcap filter: dst host 192.168.1.33 and (icmp or ((tcp or udp) and (src host 205.
    217.153.62)))
    Packet capture filter (device eth4): dst host 192.168.1.33 and (icmp or ((tcp or
     udp) and (src host 205.217.153.62)))
    SENT (0.4390s) TCP 192.168.1.33:62804 > 205.217.153.62:80 A ttl=47 id=4543 iplen
    =40  seq=1303778152 win=4096 ack=30481
    **TIMING STATS** (0.4420s): IP, probes active/freshportsleft/retry_stack/outstan
    ding/retranwait/onbench, cwnd/ccthresh/delay, timeout/srtt/rttvar/ 
       Groupstats (1/1 incomplete): 1/*/*/*/*/* 10.00/75/* 1000000/-1/-1
    SENT (0.4530s) ICMP 192.168.1.33 > 205.217.153.62 echo request (type=8/code=0) t 
    tl=37 id=5096 iplen=28
    **TIMING STATS** (0.4560s): IP, probes active/freshportsleft/retry_stack/outstan
    ding/retranwait/onbench, cwnd/ccthresh/delay, timeout/srtt/rttvar/
       Groupstats (1/1 incomplete): 2/*/*/*/*/* 10.00/75/* 1000000/-1/-1
    **TIMING STATS** (1.4390s): IP, probes active/freshportsleft/retry_stack/outstan
    ding/retranwait/onbench, cwnd/ccthresh/delay, timeout/srtt/rttvar/
       Groupstats (1/1 incomplete): 1/*/*/*/*/* 10.00/75/* 1000000/-1/-1
    SENT (2.4420s) ICMP 192.168.1.33 > 205.217.153.62 echo request (type=8/code=0) t
    tl=48 id=4998 iplen=28 
    SENT (2.4450s ) TCP 192.168.1.33:62805 > 205.217.153.62:80 A ttl=51 id=31498 iple
    n=40  seq=1303843689 win=4096 ack=593 
    **TIMING STATS** (2.4500s): IP, probes active/freshportsleft/retry_stack/outstan 
    ding/retranwait/onbench, cwnd/ccthresh/delay, timeout/srtt/rttvar/
       Groupstats (1/1 incomplete): 2/*/*/*/*/* 10.00/75/* 1000000/-1/-1
    **TIMING STATS** (3.4430s): IP, probes active/freshportsleft/retry_stack/outstan 
    ding/retranwait/onbench, cwnd/ccthresh/delay, timeout/srtt/rttvar/
       Groupstats (1/1 incomplete): 1/*/*/*/*/* 10.00/75/* 1000000/-1/-1
    **TIMING STATS** (3.4500s): IP, probes active/freshportsleft/retry_stack/outstan 
    ding/retranwait/onbench, cwnd/ccthresh/delay, timeout/srtt/rttvar/
       Groupstats (1/1 incomplete): 0/*/*/*/*/* 10.00/75/* 1000000/-1/-1
    ultrascan_host_probe_update called for machine 205.217.153.62 state UNKNOWN -> H
    OST_DOWN (trynum 1 time: 1017000)
    ultrascan_host_probe_update called for machine 205.217.153.62 state HOST_DOWN ->
     HOST_DOWN (trynum 1 time: 1016000) 
    Moving 205.217.153.62 to completed hosts list with 2 outstanding probes.
    Completed Ping Scan at 20:14, 3.25s elapsed (1 total hosts)
    pcap stats: 16 packets received by filter, 0 dropped by kernel. 
    mass_rdns: Using DNS server 192.168.1.1
    Host 205.217.153.62 appears to be down.
    Read from C:\Program Files\Nmap: nmap-services. 
    Note: Host seems down. If it is really up, but blocking our ping probes, try -PN 

    Nmap done: 1 IP address (0 hosts up) scanned in 3.492 seconds
               Raw packets sent: 4 (136B) | Rcvd: 0 (0B)



  I have nmap 4.50 installed and my vista is updated. When I try to scan other computers in the same subnet it succeeds. A ping scan using the ping command from prompt succeeds. 



------------------------------------------------------------------------------


  _______________________________________________
  Winpcap-bugs mailing list
  Winpcap-bugs at winpcap.org
  https://www.winpcap.org/mailman/listinfo/winpcap-bugs
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.winpcap.org/pipermail/winpcap-bugs/attachments/20071228/e9828a38/attachment.htm

More information about the Winpcap-bugs mailing list