npcap
npcap copied to clipboard
nmap
Nmap issue : Error compiling our pcap filter: expression rejects all packets
Hi All,
We are getting below error with Nmap 7.91 while doing port scanning.
Issue : Nmap port scan fails with Error compiling our pcap filter: expression rejects all packets
Description : When we are running Nmap port scanning from Windows we get below error with details
nmap.exe" -oX - --privileged --min-rtt-timeout 500ms -sS -sU -T4 -PE -p T:513,5985,5986,3940,5988,902,135,5989,80,21,22,23,443,U:161 10.77.160.110 10.66.0.112 10.97.128.111 172.29.0.113 107.0.0.112 10.4.0.114 10.4.0.112 10.72.0.112 172.25.0.113 169.254.0.58 169.254.0.113 172.19.0.110
We then ran same command for only two problematic IPS:
nmap.exe" -oX - --privileged --min-rtt-timeout 500ms -sS -sU -T4 -PE -p T:513,5985,5986,3940,5988,902,135,5989,80,21,22,23,443,U:161 169.254.0.58 169.254.0.113
We again ran same command, excluding two problematic IPS: This time it works
nmap.exe" -oX - --privileged --min-rtt-timeout 500ms -sS -sU -T4 -PE -p T:513,5985,5986,3940,5988,902,135,5989,80,21,22,23,443,U:161 10.77.160.110 10.66.0.112 10.97.128.111 172.29.0.113 107.0.0.112 10.4.0.114 10.4.0.112 10.72.0.112 172.25.0.113 172.19.0.110
We then ran same commands by connecting to our corporate network (VPN) and all commands pass just fine. Please refer attached output.
*So we want to know why we get error for 169.x series of IPS? Is this known issue? nmap_queries.txt *
This is being handled as nmap/nmap#2381, since the code changes need to be handled there. Npcap is behaving correctly, though there is a leftover Npcap Loopback Adapter causing problems (#55). We'll keep this issue open for now until the Nmap issue is resolved.
Hi I'm still getting this error, I believe I downloaded the latest stable version from nmap.org and I only get this error when connected to a VPN (NordVPN). Is this something to do with my VPN or a bug/issue with Nmap? "Error compiling our pcap filter: expression rejects all packets" I was running a "Intense Scan".
@LimesKey The issue has not been resolved. To work around, ensure all legacy and leftover Npcap Loopback Adapters have been removed (follow instructions at #55: uninstall Npcap, uninstall "Npcap Loopback Adapter" via devmgmt.msc, install the latest Npcap).
@LimesKey The issue has not been resolved. To work around, ensure all legacy and leftover Npcap Loopback Adapters have been removed (follow instructions at #55: uninstall Npcap, uninstall "Npcap Loopback Adapter" via
devmgmt.msc, install the latest Npcap).
Hi this is my first time installing NMAP on my PC so I shouldn't have any old NpCap loopback adapters but I did check device manager and there were no network adapters created by NMAP in my network adapters. I just deleted Zenmap and reinstalled Npcap 1.70 and in the Zenmap installer it told me "npcap 1.70 exists replace with npcap 1.50 instead?" I selected no. Again there is still no network adapters created by Nmap or Zenamp or Npcap.
Nothing on the nmap command line is a pcap filter expression; @dmiller-nmap, @fyodor - any idea what the pcap filter generated by that command line is? If it tests only IP addresses, it should work on all "normal" devices capable of doing IPv4/IPv6, but if it tests something at the link layer such as a MAC address, that won't work on the loopback device - on what devices would it try to capture traffic?
Ahhh guys I fixed it, you guys didn't explain it well enough. Npcap doesn't create a separate network adapter it just links onto a current one's properties. So what I did was I went to my NordLynx (nordvpn network adapter) and right-clicked properties and on the top of the list, it should say a NpCap in the "This connection uses the following items" then just uninstall the NPCap one. That's all I did and it fixed the issue.
@dmiller-nmap if NordLynx uses a TAP adapter, could it be providing the wrong link-layer type or something such as that? It looks as if the OpenVPN driver uses NdisMedium802_3, but I don't know what the driver used for NordVPN does.
@guyharris On my PC NordVPN installed both a "Tap-NordVPN Windows Adapter - Ethernet 2" and a "NordLynx 2 - NordLynx Tunnel" Your free to also install NordVPN without having an account with them and it'll also install the NordLynx adapter and TAP to your pc if you want to go looking around.
Ahhh guys I fixed it, you guys didn't explain it well enough. Npcap doesn't create a separate network adapter it just links onto a current one's properties. So what I did was I went to my NordLynx (nordvpn network adapter) and right-clicked properties and on the top of the list, it should say a NpCap in the "This connection uses the following items" then just uninstall the NPCap one. That's all I did and it fixed the issue.
You bypassed the problem, by disabling npcap on the NordLynx adapter -> this means, you dont NMAP through the VPN anymore... I have the same issue, cant do NMAP with NORDVPN enabled..
