gpotter2
commented
6 years ago Hi !
Could you post the result of
IFACES
In a scapy shell ?
Closed ushkyr closed 6 years ago
gpotter2
commented
6 years ago Hi !
Could you post the result of
IFACES
In a scapy shell ?
ushkyr
commented
6 years ago hi, here it comes. with loopback driver uninstalled would show empty table headers
>>> from scapy.all import *
>>> ifaces
INDEX IFACE IP MAC
22 Адаптер замыкания на себя Microsoft KM_ 127.0.0.1 00:00:00:00:00:00
>>>>>> conf
ASN1_default_codec = <ASN1Codec BER[1]>
AS_resolver = <scapy.as_resolvers.AS_resolver_multi instance at 0x029EB490>
BTsocket = <BluetoothRFCommSocket: read/write packets on a connected L2CAP...
L2listen = <L2pcapListenSocket: read packets at layer 2 using libpcap>
L2socket = <L2pcapSocket: read/write packets at layer 2 using only libpcap>
L3socket = <L3pcapSocket: read/write packets at layer 3 using only libpcap>
auto_crop_tables = True
auto_fragment = 1
cache_iflist = ['\\Device\\NPF_{C851219D-897B-4FA5-BE4A-24A55401F3F2}']
cache_ipaddrs = {'\\Device\\NPF_{C851219D-897B-4FA5-BE4A-24A55401F3F2}': '\x...
checkIPID = 0
checkIPaddr = 1
checkIPinIP = True
checkIPsrc = 1
check_TCPerror_seqack = 0
color_theme = <NoTheme>
commands = IPID_count : Identify IP id values classes in a list of packets...
contribs = {}
crypto_valid = False
crypto_valid_advanced = False
debug_dissector = 0
debug_match = 0
debug_tls = 0
default_l2 = <class 'scapy.packet.Raw'>
emph = <Emphasize []>
ethertypes = <ethertypes/ n_802_1AE n_802_AD>
except_filter = ''
extensions_paths = '.'
fancy_prompt = True
geoip_city = None
histfile = 'C:\\Users\\\xc0\xe4\xec\xe8\xed\xe8\xf1\xf2\xf0\xe0\xf2\xee\xf...
iface = <NetworkInterface Адаптер замыкания на себя Microsoft KM-TEST {...
iface6 = <NetworkInterface Адаптер замыкания на себя Microsoft KM-TEST {...
interactive = False
interactive_shell = ''
ipv6_enabled = True
l2types = 0x0 -> Loopback (Loopback) 0x1 <- Dot3 (802.3) 0x1 <-> Ether (E...
l3types = 0x3 -> IP (IP) 0x800 <-> IP (IP) 0x806 <-> ARP (ARP) 0x86dd <->...
layers = Packet : <member 'name' of 'Packet' objects> NoPayload : <membe...
load_layers = ['l2', 'inet', 'dhcp', 'dns', 'dot11', 'gprs', 'hsrp', 'inet6'...
logLevel = 30
manufdb = None
mib = <MIB/ roleOccupant id_ad_caRepository keyUsageRestriction EV_Ce...
min_pkt_size = 60
neighbor = Ether -> IPv6 Ether -> LLC Ether -> ARP Dot3 -> LLC Dot3 -> IP ...
netcache = arp_cache: 0 valid items. Timeout=120s in6_neighbor: 0 valid it...
noenum = <Resolve []>
padding = 1
padding_layer = <class 'scapy.packet.Padding'>
prog = cmd = 'C:\\Windows\\system32\\cmd.exe' cscript = 'C:\\Windows\\...
promisc = 1
prompt = '>>> '
protocols = <C:\Windows\system32\drivers\etc\protocol/ rvd udp ipv6_route g...
raw_layer = <class 'scapy.packet.Raw'>
raw_summary = False
resolve = <Resolve []>
route = Network Netmask Gateway Iface Output IP Metric 127.0.0.0 255.0....
route6 = Destination Next Hop Iface Src candidates Metric ::1/128 :: Ада...
services_tcp = <C:\Windows\system32\drivers\etc\services-tcp/ kpop efs knetd...
services_udp = <C:\Windows\system32\drivers\etc\services-udp/ ms_rome p2pgro...
session = ''
sniff_promisc = 1
stats_classic_protocols = [<class 'scapy.layers.inet.TCP'>, <class 'scapy.la...
stats_dot11_protocols = [<class 'scapy.layers.inet.TCP'>, <class 'scapy.laye...
stealth = 'not implemented'
temp_files = []
teredoPrefix = '2001::'
teredoServerPort = 3544
use_bpf = False
use_dnet = False
use_npcap = True
use_pcap = False
use_pypy = False
use_winpcapy = True
verb = 2
version = 'git-archive.dev617920fdd'
warning_threshold = 5
wepkey = ''Well scapy only detects one single interface: the loopback one. Please check that you are connected to Internet :/
If you think there is a bug, please submit the result of the following commands in powershell:
Get-NetAdapter | select InterfaceDescription, InterfaceIndex, Name, InterfaceGuid, MacAddress, InterfaceAlias | flGet-WmiObject Win32_NetworkAdapter | select Name, InterfaceIndex, InterfaceDescription, GUID, MacAddress, NetConnectionID | flknocked off the loopback to check. ifaces returned empty table
>>> from scapy.all import *
>>> ifaces
INDEX IFACE IP MAC
>>>�pinged google - I'm connected
PS C:\Users\Администратор> ping google.com
Обмен пакетами с google.com [74.125.131.101] с 32 байтами данных:
Ответ от 74.125.131.101: число байт=32 время=15мс TTL=48
Ответ от 74.125.131.101: число байт=32 время=15мс TTL=48
Ответ от 74.125.131.101: число байт=32 время=15мс TTL=48
Ответ от 74.125.131.101: число байт=32 время=15мс TTL=48
Статистика Ping для 74.125.131.101:
Пакетов: отправлено = 4, получено = 4, потеряно = 0
(0% потерь)
Приблизительное время приема-передачи в мс:
Минимальное = 15мсек, Максимальное = 15 мсек, Среднее = 15 мсек�PS C:\Users\Администратор> Get-NetAdapter | select InterfaceDescription, InterfaceIndex, Name, InterfaceGuid, MacAddress, InterfaceAlias | fl
InterfaceDescription : Citrix PV Network Adapter #0
InterfaceIndex : 12
Name : Ethernet
InterfaceGuid : {E155A952-6C7F-4107-91A1-7AA40FA1F4F6}
MacAddress : DE-64-D4-21-BF-2E
InterfaceAlias : Ethernet�PS C:\Users\Администратор> Get-WmiObject Win32_NetworkAdapter | select Name, InterfaceIndex, InterfaceDescription, GUID, MacAddress, NetConnectionID | fl
Name : Мини-порт глобальной сети (L2TP)
InterfaceIndex : 2
InterfaceDescription :
GUID :
MacAddress :
NetConnectionID :
Name : Мини-порт глобальной сети (SSTP)
InterfaceIndex : 3
InterfaceDescription :
GUID :
MacAddress :
NetConnectionID :
Name : Мини-порт глобальной сети (IKEv2)
InterfaceIndex : 4
InterfaceDescription :
GUID :
MacAddress :
NetConnectionID :
Name : Мини-порт глобальной сети (PPTP)
InterfaceIndex : 5
InterfaceDescription :
GUID :
MacAddress :
NetConnectionID :
Name : Мини-порт глобальной сети (PPPOE)
InterfaceIndex : 6
InterfaceDescription :
GUID :
MacAddress :
NetConnectionID :
Name : Мини-порт глобальной сети (IP)
InterfaceIndex : 7
InterfaceDescription :
GUID :
MacAddress :
NetConnectionID :
Name : Мини-порт глобальной сети (IPv6)
InterfaceIndex : 8
InterfaceDescription :
GUID :
MacAddress :
NetConnectionID :
Name : Мини-порт глобальной сети (Сетевой монитор)
InterfaceIndex : 9
InterfaceDescription :
GUID :
MacAddress :
NetConnectionID :
Name : Сетевой адаптер с отладкой ядра (Майкрософт)
InterfaceIndex : 10
InterfaceDescription :
GUID :
MacAddress :
NetConnectionID :
Name : RAS асинхронный адаптер
InterfaceIndex : 11
InterfaceDescription :
GUID :
MacAddress :
NetConnectionID :
Name : Адаптер Microsoft ISATAP
InterfaceIndex : 15
InterfaceDescription :
GUID :
MacAddress :
NetConnectionID :
Name : Citrix PV Network Adapter #0
InterfaceIndex : 12
InterfaceDescription :
GUID : {E155A952-6C7F-4107-91A1-7AA40FA1F4F6}
MacAddress : DE:64:D4:21:BF:2E
NetConnectionID : Ethernet
Name : Адаптер Microsoft 6to4
InterfaceIndex : 13
InterfaceDescription :
GUID :
MacAddress :
NetConnectionID :
Name : Teredo Tunneling Pseudo-Interface
InterfaceIndex : 14
InterfaceDescription :
GUID :
MacAddress :
NetConnectionID :
Name : Адаптер Microsoft ISATAP #2
InterfaceIndex : 26
InterfaceDescription :
GUID :
MacAddress :
NetConnectionID :Thanks a lot ! I will need additional data to investigate:
import platform; platform.release()get_if_list()get_windows_if_list()ushkyr
commented
6 years ago Hi, here it comes
>>> import platform; platform.release()
'2012Server'
>>> get_if_list()
[]
>>> get_windows_if_list()
[{'name': 'Citrix PV Network Adapter #0', 'netid': 'Ethernet', 'mac': 'DE:64:D4:
21:BF:2E', 'win_index': '12', 'guid': '{E155A952-6C7F-4107-91A1-7AA40FA1F4F6}',
'description': ''}]
>>>Hmmm
get_if_list returns the interfaces that Npcap detects. It seems that it’s broken on their end.
Could you try to uninstall Npcap and use winpcap instead ? Can’t say if it will work but it’s worth a try
ushkyr
commented
6 years ago worked!!! thank you so much! winpcap made it.
>>> from scapy.all import *
>>> get_if_list()
['\\Device\\NPF_{E155A952-6C7F-4107-91A1-7AA40FA1F4F6}']
>>> sniff()
<Sniffed: TCP:16 UDP:541 ICMP:0 Other:2644>
>>>EDITED: You may want to post your story in https://github.com/nmap/nmap/issues/1031 which is basically the same issue as yours
gpotter2
commented
6 years ago @guedou May be closed (unrelated to scapy)
installed scapy + npcap 0.99 r1 at windows server 2012 r2 attempted to sniff - only loopback activity tracked. tried pushing ethernet interface through:
same wtih loopback interface (22) works - scapy sniffs loopback activity.
also tried to push interface to conf by conf.iface='Citrix PV Network Adapter #0', use 'iface = 'Citrix PV Network Adapter #0' as sniff() parameter - all to no avail.
interfaces as seen from PowerShell