Nmap Development mailing list archives
Re: Limit WinPcap use by unprivileged users
From: "DePriest, Jason R." <jrdepriest () gmail com>
Date: Fri, 24 Sep 2010 20:23:46 -0500
Wouldn't stopping npf would also prevent regular users from using anything else that uses winpcap like Wireshark / tshark / windump. On Fri, Sep 24, 2010 at 6:22 PM, David Fifield <> wrote:
I looked at this TODO item: o Investigate ways to limit Winpcap privileges so that only administrative users or a certain accounts can sniff. Maybe there is a solution people use for Wireshark or does it always cause this issue (allowing any user to sniff the network) when it is installed? There's a page about it: http://wiki.wireshark.org/CaptureSetup/CapturePrivileges "It might not be desirable that any local user can also capture from the network while the driver is loaded, but this can't be currently circumvented. Please note that this is not a limitation of the Wireshark implementation, but of the underlying WinPcap driver; see this note in the WinPcap FAQ (http://www.winpcap.org/misc/faq.htm#Q-7)." The best solution I can currently think of is to completely stop the NPF driver when Nmap finishes. We already run "net start npf" if necessary at startup; we could add a "net stop npf" at the end. But there are problems with that idea. If you're running two Nmaps at once, you don't want to stop the driver when then first of them finishes. The same goes for any other program using WinPcap concurrently. I guess that there's no way in WinPcap to limit it to only certain users, but I haven't found in the source what makes that so. Does someone have another idea? Does anyone regularly use a batch file or something to "net stop npf" when the driver is no longer needed? David Fifield
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Limit WinPcap use by unprivileged users David Fifield (Sep 24)
- Re: Limit WinPcap use by unprivileged users DePriest, Jason R. (Sep 24)
- Re: Limit WinPcap use by unprivileged users David Fifield (Sep 24)
- Re: Limit WinPcap use by unprivileged users Patrik Karlsson (Sep 25)
- Re: Limit WinPcap use by unprivileged users Gianluca Varenni (Sep 27)
- Re: Limit WinPcap use by unprivileged users David Fifield (Sep 27)
- Re: Limit WinPcap use by unprivileged users Fyodor (Sep 28)
- Re: Limit WinPcap use by unprivileged users Gianluca Varenni (Sep 30)
- Re: Limit WinPcap use by unprivileged users David Fifield (Sep 24)
- Re: Limit WinPcap use by unprivileged users DePriest, Jason R. (Sep 24)