Recent Changes - Search:

PmWiki

pmwiki.org

edit SideBar

Nmap /

WindowsInterfaces

MIB is Management Information Base. Seems to be data types related to SNMP network management.

The IP Helper API allows access to Windows network configuration. It uses data structures from the MIB. Functions in IP Helper have names like GetNetworkParams and GetIfTable.

GetIfEntry returns an MIB_IFROW.

libdnet assigns its own ad-hoc interface names to Windows devices depending on their type: eth0, eth1, lo0, ppp0 (see _ifcombo_name). Switching from the dnet name to the pcap name is done by DnetName2PcapName.

Just like send-ip on Windows if interface type is unrecognized even if canonicalized.

When you do nmap --iflist on Windows, you get a display like 

************************INTERFACES************************
DEV  (SHORT) IP/MASK          TYPE     UP MAC
eth0 (eth0)  192.168.1.178/24 ethernet up 00:15:E9:72:DB:8C
eth1 (eth1)  192.168.0.197/24 ethernet up 00:00:39:04:C1:F0
lo0  (lo0)   127.0.0.1/8      loopback up

DEV  WINDEVICE
eth0 \Device\NPF_{43939745-59EC-4539-AA18-FA1950DEABD7}
eth1 \Device\NPF_{2E9F517C-BB63-4CDC-88DC-9EE3BC9F8270}
lo0  \Device\NPF_GenericDialupAdapter

The DEV-WINDEVICE section is a mapping from short libdnet names like "eth0" to long libpcap names like "\Device\NPF_{43939745-59EC-4539-AA18-FA1950DEABD7}".

The list is created with the following loop. 

    for(p_iface_iter = p_ifaces; p_iface_iter != NULL && i >= 1; i--) {
      Tbl->addItem(i, 0, false, iflist[i-1].devname);
      Tbl->addItem(i, 1, false, p_iface_iter->name);
      p_iface_iter = p_iface_iter->next;
    }

Look how this loop is iterating through two lists of interfaces: p_ifaces, the one returned by getpcapinterfaces; and iflist, the one returned by getinterfaces. getpcapinterfaces reads from libpcap and getinterfaces reads from libdnet. There is no guarantee that the two lists will be synchronized.

Open a network connection, do TCP/IP properties, choose "Use the following IP address", and type in IP information. Then click "Advanced", and add a different IP address (doesn't have to be on the same subnet or anything). This is how you create an interface alias in Windows.

Here I added an address 192.168.3.101. Now run nmap --iflist. 

************************INTERFACES************************
DEV  (SHORT) IP/MASK          TYPE     UP MAC
eth0 (eth0)  192.168.1.178/24 ethernet up 00:15:E9:72:DB:8C
eth1 (eth1)  192.168.0.197/24 ethernet up 00:00:39:04:C1:F0
eth1 (eth1)  192.168.3.101/24 ethernet up 00:00:39:04:C1:F0
lo0  (lo0)   127.0.0.1/8      loopback up

DEV  WINDEVICE
eth1 \Device\NPF_{43939745-59EC-4539-AA18-FA1950DEABD7}
eth1 \Device\NPF_{2E9F517C-BB63-4CDC-88DC-9EE3BC9F8270}
lo0  \Device\NPF_GenericDialupAdapter

Look how eth0 has disappeared from the DEV-WINDEVICE section, and how eth1 appears twice. That's because there are now two entries for eth1 in the **INTERFACES** list. The two lists are not synchronized. 

DEV  WINDEVICE
eth0 \Device\NPF_{43939745-59EC-4539-AA18-FA1950DEABD7}
eth1 \Device\NPF_{2E9F517C-BB63-4CDC-88DC-9EE3BC9F8270}
eth1 \Device\NPF_{2E9F517C-BB63-4CDC-88DC-9EE3BC9F8270}
lo0  <unknown>

DEV    WINDEVICE
eth0   \Device\NPF_{43939745-59EC-4539-AA18-FA1950DEABD7}
eth1   \Device\NPF_{2E9F517C-BB63-4CDC-88DC-9EE3BC9F8270}
eth1   \Device\NPF_{2E9F517C-BB63-4CDC-88DC-9EE3BC9F8270}
lo0    <none>
<none> \Device\NPF_GenericDialupAdapter
Edit - History - Print - Recent Changes - Search
Page last modified on June 12, 2008, at 10:56 AM