Nmap Development mailing list archives
Re: NMAP shows local machine as down
From: micro dev <microdev1 () yahoo com>
Date: Fri, 11 Jul 2003 15:24:30 -0700 (PDT)
Hi Andy, Thanks for your explanation. But actually, I am not able to comprehend it. 1) About this statement - "The strange behavior you see is due to some logic I added that, IIRC, falsifies the routing information for the local computer when it is in a range of other IPs.". Why routing information come into picture here.Especially for a client who is issuing a request. I can easily ping my local IP address using it's actual IP address. Actually, what is the difference between issuing a single IP request and a range of IP address ? 2) I am also not able to understand the diagram. I guess, it got messed up in the mail. 3) I remember writing code in the past where I used to send packets using raw sockets and receive packets using WinPCap.And I could easily receive the packets, even if the response was for local IP address. Do you mean to say that there is an issue in sending packets to local IP using WinPcap ? Thanks Ashish luto () stanford edu wrote: Quoting micro dev :
Thanks kevin. Where can I find that doc. Please give me the pointer to that doc.
[snip]
I tried to snoop the packets thru Ethereal. And what I deduce that I always see this stuff. Source - 10.25.125.203 Destination - 11.25.125.203 Protocol - ICMP Info - Echo (ping) reply
I don't remember, but since I wrote it, here goes ;) winpcap (up to v2.3 at least -- i haven't played with v3) can neither monitor nor inject packets into the loopback interface. For some reason I couldn't get winpcap to scan localhost by using a different interface either -- I assume that windows does not see injected packets as recieved, even though ethereal (which uses winpcap) does, so these packets are effectively dropped -- so there is no way (other than connect()) to scan localhost. SOCK_RAW will not bind localhost on win2k or xp. Ugly diagram of what might be happening (assuming IP 10.0.0.1) IP stack winpcap layer NIC 10.0.0.1->10.0.0.2 -----------------------------------> (10.0.0.2 here) 10.0.0.1->10.0.0.1 ------------> (no listener here) ^ ^ windows misses it Ethereal catches because there is no the packet here packet here The strange behavior you see is due to some logic I added that, IIRC, falsifies the routing information for the local computer when it is in a range of other IPs. I think I did this because the alternative would be to try to route the packets to the local machine over the localhost interface, which confused something. Fixing this oddity would be pointless, because it is still impossible to scan the local machine. Hope this helps. Andy --------------------------------------------------------------------- For help using this (nmap-dev) mailing list, send a blank email to nmap-dev-help () insecure org . List run by ezmlm-idx (www.ezmlm.org). --------------------------------- Do you Yahoo!? SBC Yahoo! DSL - Now only $29.95 per month!
Current thread:
- NMAP shows local machine as down micro dev (Jul 08)
- Re: NMAP shows local machine as down ~Kevin DavisĀ³ (Jul 08)
- Re: NMAP shows local machine as down Chad Loder (Jul 09)
- Re: NMAP shows local machine as down micro dev (Jul 09)
- Re: NMAP shows local machine as down luto (Jul 09)
- Re: NMAP shows local machine as down K_aneda (Jul 10)
- Re: NMAP shows local machine as down micro dev (Jul 11)
- Re: NMAP shows local machine as down ~Kevin DavisĀ³ (Jul 08)