Describe the bug
Executing nmap on fairly stock Windows 10 machine with tailscale VPN client installed results in nmap error about raw sockets.
To Reproduce
With tailscale 1.28.1 VPN client installed, execute nmap.
C:\Users\jeffl>nmap -sS -sU -T4 -A -v 192.168.10.0/22
Starting Nmap 7.94 ( https://nmap.org ) at 2023-09-21 19:59 Eastern Daylight Time
NSE: Loaded 156 scripts for scanning.
NSE: Script Pre-scanning.
Initiating NSE at 19:59
Completed NSE at 19:59, 0.00s elapsed
Initiating NSE at 19:59
Completed NSE at 19:59, 0.00s elapsed
Initiating NSE at 19:59
Completed NSE at 19:59, 0.00s elapsed
Initiating Ping Scan at 19:59
Only ethernet devices can be used for raw scans on Windows, and
"unk0" is not an ethernet device. Use the --unprivileged option
for this scan.
QUITTING!
C:\Users\jeffl>
Expected behavior
nmap should scan the specified IPv4 prefix without erroring out.
Version info (please complete the following information):
- OS: Windows 10 22H2
- Output of
nmap --version:
C:\Users\jeffl>nmap --version
Nmap version 7.94 ( https://nmap.org )
Platform: i686-pc-windows-windows
Compiled with: nmap-liblua-5.4.4 openssl-3.0.8 nmap-libssh2-1.10.0 nmap-libz-1.2.13 nmap-libpcre-7.6 Npcap-1.75 nmap-libdnet-1.12 ipv6
Compiled without:
Available nsock engines: iocp poll select
C:\Users\jeffl>
- Output of
nmap --iflist
C:\Users\jeffl>nmap --iflist
Starting Nmap 7.94 ( https://nmap.org ) at 2023-09-21 20:05 Eastern Daylight Time
************************INTERFACES************************
DEV (SHORT) IP/MASK TYPE UP MTU MAC
unk0 (unk0) fd7a:115c:a1e0:ab12:4843:cd96:6262:1678/128 other up 1280
unk0 (unk0) fe80::d8ff:5060:f230:9168/64 other up 1280
unk0 (unk0) 100.98.22.120/32 other up 1280
eth0 (eth0) 2600:4040:4024:5500::1c77/128 ethernet up 1500 6C:2B:59:EC:10:73
eth0 (eth0) 2600:4040:4024:5500:5645:ac9e:6d1e:769c/64 ethernet up 1500 6C:2B:59:EC:10:73
eth0 (eth0) fd6c:3ece:8a8d:0:d3cf:8fdb:b890:8df7/64 ethernet up 1500 6C:2B:59:EC:10:73
eth0 (eth0) fdab::3676:8756:35a2:13e1/64 ethernet up 1500 6C:2B:59:EC:10:73
eth0 (eth0) fde7:2e0f:a545:85f1:78ea:5d06:7fa2:323/64 ethernet up 1500 6C:2B:59:EC:10:73
eth0 (eth0) 2600:4040:4024:5500:6157:85a7:389b:4de7/128 ethernet up 1500 6C:2B:59:EC:10:73
eth0 (eth0) fd6c:3ece:8a8d:0:6157:85a7:389b:4de7/128 ethernet up 1500 6C:2B:59:EC:10:73
eth0 (eth0) fdab::6157:85a7:389b:4de7/128 ethernet up 1500 6C:2B:59:EC:10:73
eth0 (eth0) fde7:2e0f:a545:85f1:6157:85a7:389b:4de7/128 ethernet up 1500 6C:2B:59:EC:10:73
eth0 (eth0) fe80::9e3a:7c9c:f511:e854/64 ethernet up 1500 6C:2B:59:EC:10:73
eth0 (eth0) 192.168.11.73/20 ethernet up 1500 6C:2B:59:EC:10:73
eth1 (eth1) fe80::ec43:37b5:f485:8bbc/64 ethernet up 1500 00:50:56:C0:00:01
eth1 (eth1) 192.168.139.1/24 ethernet up 1500 00:50:56:C0:00:01
eth2 (eth2) fe80::37c9:431d:d446:a895/64 ethernet up 1500 00:50:56:C0:00:08
eth2 (eth2) 192.168.190.1/24 ethernet up 1500 00:50:56:C0:00:08
lo0 (lo0) ::1/128 loopback up -1
lo0 (lo0) 127.0.0.1/8 loopback up -1
eth3 (eth3) fe80::bc00:b319:f23b:9e0f/64 ethernet up 1500 00:15:5D:BE:29:2B
eth3 (eth3) 172.19.176.1/20 ethernet up 1500 00:15:5D:BE:29:2B
eth4 (eth4) fe80::ed78:6b57:8769:2530/64 ethernet up 1500 00:15:5D:FE:8D:CE
eth4 (eth4) 172.22.80.1/20 ethernet up 1500 00:15:5D:FE:8D:CE
DEV WINDEVICE
unk0 \Device\NPF_{37217669-42DA-4657-A55B-0D995D328250}
unk0 \Device\NPF_{37217669-42DA-4657-A55B-0D995D328250}
unk0 \Device\NPF_{37217669-42DA-4657-A55B-0D995D328250}
eth0 \Device\NPF_{270EA881-7CF4-476A-B6BE-121D9693E7C4}
eth0 \Device\NPF_{270EA881-7CF4-476A-B6BE-121D9693E7C4}
eth0 \Device\NPF_{270EA881-7CF4-476A-B6BE-121D9693E7C4}
eth0 \Device\NPF_{270EA881-7CF4-476A-B6BE-121D9693E7C4}
eth0 \Device\NPF_{270EA881-7CF4-476A-B6BE-121D9693E7C4}
eth0 \Device\NPF_{270EA881-7CF4-476A-B6BE-121D9693E7C4}
eth0 \Device\NPF_{270EA881-7CF4-476A-B6BE-121D9693E7C4}
eth0 \Device\NPF_{270EA881-7CF4-476A-B6BE-121D9693E7C4}
eth0 \Device\NPF_{270EA881-7CF4-476A-B6BE-121D9693E7C4}
eth0 \Device\NPF_{270EA881-7CF4-476A-B6BE-121D9693E7C4}
eth0 \Device\NPF_{270EA881-7CF4-476A-B6BE-121D9693E7C4}
eth1 \Device\NPF_{0428F217-800D-4DAB-B0E5-D5AEFB8D89EA}
eth1 \Device\NPF_{0428F217-800D-4DAB-B0E5-D5AEFB8D89EA}
eth2 \Device\NPF_{80900FA3-3EE3-406B-9CB1-9E7F623960EE}
eth2 \Device\NPF_{80900FA3-3EE3-406B-9CB1-9E7F623960EE}
lo0 \Device\NPF_Loopback
lo0 \Device\NPF_Loopback
eth3 \Device\NPF_{231248FE-FB97-4B90-AD9E-10563FE7169A}
eth3 \Device\NPF_{231248FE-FB97-4B90-AD9E-10563FE7169A}
eth4 \Device\NPF_{B712D541-539D-4DF4-B746-68C19339215B}
eth4 \Device\NPF_{B712D541-539D-4DF4-B746-68C19339215B}
<none> \Device\NPF_{CC46B589-2A5E-4793-A91F-9DFE0E7238C8}
<none> \Device\NPF_{F5C6D481-D857-4444-8EC6-1A4364592915}
<none> \Device\NPF_{D3B5F3AB-2A9A-4379-8935-EA593B6DF062}
**************************ROUTES**************************
DST/MASK DEV METRIC GATEWAY
100.106.211.40/32 unk0 5
100.73.177.111/32 unk0 5
100.75.142.30/32 unk0 5
100.86.14.14/32 unk0 5
100.96.247.50/32 unk0 5
100.98.164.91/32 unk0 5
100.108.120.111/32 unk0 5
100.100.100.100/32 unk0 5
100.114.170.17/32 unk0 5
100.107.124.102/32 unk0 5
100.98.22.120/32 unk0 261
192.168.15.255/32 unk0 261
192.168.11.73/32 eth0 281
255.255.255.255/32 eth0 281
192.168.15.255/32 eth0 281
192.168.139.255/32 eth1 291
255.255.255.255/32 eth2 291
192.168.139.1/32 eth1 291
192.168.190.255/32 eth2 291
192.168.190.1/32 eth2 291
255.255.255.255/32 eth1 291
255.255.255.255/32 lo0 331
127.255.255.255/32 lo0 331
127.0.0.1/32 lo0 331
172.19.176.1/32 eth3 5256
172.22.95.255/32 eth4 5256
172.22.80.1/32 eth4 5256
255.255.255.255/32 eth4 5256
172.19.191.255/32 eth3 5256
255.255.255.255/32 eth3 5256
192.168.190.0/24 eth2 291
192.168.139.0/24 eth1 291
192.168.0.0/20 unk0 5
192.168.0.0/20 eth0 281
172.22.80.0/20 eth4 5256
172.19.176.0/20 eth3 5256
127.0.0.0/8 lo0 331
224.0.0.0/4 eth0 281
224.0.0.0/4 eth2 291
224.0.0.0/4 eth1 291
224.0.0.0/4 lo0 331
224.0.0.0/4 eth3 5256
224.0.0.0/4 eth4 5256
0.0.0.0/0 eth0 25 192.168.0.1
fd7a:115c:a1e0:ab12:4843:cd96:6262:1678/128 unk0 261
fde7:2e0f:a545:85f1:6157:85a7:389b:4de7/128 eth0 281
fe80::9e3a:7c9c:f511:e854/128 eth0 281
fde7:2e0f:a545:85f1:78ea:5d06:7fa2:323/128 eth0 281
2600:4040:4024:5500::1c77/128 eth0 281
2600:4040:4024:5500:5645:ac9e:6d1e:769c/128 eth0 281
2600:4040:4024:5500:6157:85a7:389b:4de7/128 eth0 281
fdab::3676:8756:35a2:13e1/128 eth0 281
fdab::6157:85a7:389b:4de7/128 eth0 281
fd6c:3ece:8a8d:0:6157:85a7:389b:4de7/128 eth0 281
fd6c:3ece:8a8d:0:d3cf:8fdb:b890:8df7/128 eth0 281
fe80::ec43:37b5:f485:8bbc/128 eth1 291
fe80::37c9:431d:d446:a895/128 eth2 291
::1/128 lo0 331
fe80::bc00:b319:f23b:9e0f/128 eth3 5256
fe80::ed78:6b57:8769:2530/128 eth4 5256
fdab::/64 unk0 5
fdab::/64 eth0 281
fd43:25f5:b60c:1::/64 eth0 281 fe80::b6b7:42ff:fed0:f735
fde7:2e0f:a545:85f1::/64 eth0 281
2600:4040:4024:5500::/64 eth0 281
fd6c:3ece:8a8d::/64 eth0 281
fe80::/64 eth0 281
fe80::/64 eth2 291
fe80::/64 eth1 291
fe80::/64 eth3 5256
fe80::/64 eth4 5256
fd7a:115c:a1e0::/48 unk0 5
fd6c:3ece:8a8d::/48 eth0 281 fe80::eade:27ff:fef6:f2f6
ff00::/8 eth0 281
ff00::/8 eth2 291
ff00::/8 eth1 291
ff00::/8 lo0 331
ff00::/8 eth4 5256
ff00::/8 eth3 5256
::/0 eth0 281 fe80::215:17ff:feef:4751
C:\Users\jeffl>
Additional context
Uninstalling tailscale VPN client results in nmap no longer encountering the issue.
When I run nmap -sP 192.168.27.0/24 I get:
Starting Nmap 7.92 ( https://nmap.org ) at 2022-04-09 21:54 Central Daylight Time
Only ethernet devices can be used for raw scans on Windows, and
«ppp0» is not an ethernet device. Use the —unprivileged option
for this scan.
QUITTING!
I am using an ethernet connection I’m confused 🤔
Granted I am also connected over a VPN could that be the cause of those ppp0 error?
If I use nmap -sP 192.168.27.0/24 —unprivileged it works but the information returned on the scan is extremely limited basically only up IPs no MAC addresses or any info about said devices.
I’d very much appreciate any advice, info & insight 🤓
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
- Pick a username
- Email Address
- Password
By clicking “Sign up for GitHub”, you agree to our terms of service and
privacy statement. We’ll occasionally send you account related emails.
Already on GitHub?
Sign in
to your account
Комп подключен к интернету через ADSL модем (который соединен с компом через сетевуху и UTP-кабель).
Проблема в том, что NMAP отказывается работать, как я понял из-за интерфейса pppoe:
WARNING: Using raw sockets because ppp0 is not an ethernet device. This probably won’t work on Windows.
pcap_open_live(ppp0, 100, 0, 2) FAILED. Reported error: Error opening adapter: Системе не удается найти указанное устройство. (20). Will wait 5 seconds then retry.
*WINDOWS: Nmap only supports ethernet interfaces on Windows for most operations because Microsoft disabled raw sockets as of Windows XP SP2. Depending on the reason for this error, it is possible that the —unprivileged command-line argument will help.
Но дело в том, что мой комп раздает интернет на локалку через wifi (wifi подключен к моему компу через ethernet). И NMAP на компах локалки работает. т.е. в итоге NMAP всётаки работает через pppoe, хоть и косвенно.
Как заставить работать NMAP?
Добавлено через 34 секунды
p.s. windows XP SP3 на всех компах и на моём
i was sacning an ip and get this with Nmap …. only ethernet devices can be used for raw scans on windows, and «ppp0» is not an ethernet device. use the —unprivileged option for this scan
went to the Nmap web site and find this
While IPv6 hasn’t exactly taken the world by storm, it gets significant use in some (usually Asian) countries and most modern operating systems support it. To use Nmap with IPv6, both the source and target of your scan must be configured for IPv6. If your ISP (like most of them) does not allocate IPv6 addresses to you, free tunnel brokers are widely available and work fine with Nmap. I use the free IPv6 tunnel broker service at http://www.tunnelbroker.net. Other tunnel brokers are listed at Wikipedia. 6to4 tunnels are another popular, free approach.
On Windows, raw-socket IPv6 scans are supported only on ethernet devices (not tunnels), and only on Windows Vista and later. Use the —unprivileged option in other situations.
so now on the www.tunnelbroker.net i did get a account and loged in but don’t know what to do now ??
wana be able to get info about an ip adress when do a scan and Solve the problem of Nmap >>>only ethernet devices can be used for raw scans on windows, and «ppp0» is not an ethernet device. use the —unprivileged option for this scan