Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

nmap not working #1349

Closed
yasharne opened this issue Nov 11, 2016 · 79 comments

Comments

Projects
None yet
@yasharne
Copy link

commented Nov 11, 2016

yashar@DESKTOP-MHBRT96:~$ sudo nmap -sP 192.168.1.0/24 Starting Nmap 6.40 ( http://nmap.org ) at 2016-11-11 23:37 STD route_dst_netlink: cannot bind AF_NETLINK socket: Invalid argument

@misenesi misenesi added the network label Nov 11, 2016

@benhillis

This comment has been minimized.

Copy link
Member

commented Nov 14, 2016

When opening issues please fill out the provided template. Which windows build are you running?

@rtfmoz

This comment has been minimized.

Copy link

commented Nov 18, 2016

  1. Title

nmap fails to open socket.

  1. Brief description

cannot bind AF_NETLINK socket when running nmap

  1. Windows version / build number

Microsoft Windows [Version 10.0.14393]

  1. Steps required to reproduce

apt-get install nmap
nmap -sn 192.168.0.*

  1. Copy of the terminal output

root@DESKTOP-5UFF8C5:~# nmap -sn 192.168.0.*

Starting Nmap 6.40 ( http://nmap.org ) at 2016-11-19 10:42 DST
route_dst_netlink: cannot bind AF_NETLINK socket: Invalid argument

  1. Expected Behavior

Should perform scan of local network.

  1. Strace of the failing command

https://gist.github.com/rtfmoz/bb41c6e0148d223a3e3bc310217e05ba

@sunilmut

This comment has been minimized.

Copy link
Member

commented Nov 19, 2016

@JasonLinMS as FYI
@rtfmoz - Thanks for the trace. From the trace it looks like it relies on the NETLINK_ROUTE\RTM_GETROUTE message with the given , which we haven't yet implemented. I have opened a bug to track this internally.

@sunilmut sunilmut added the feature label Nov 21, 2016

@rtfmoz

This comment has been minimized.

Copy link

commented Nov 22, 2016

I have just installed the latest preview build of Windows 10.0.14971 which has Ubuntu 16.04 Xenial. It appears nmap on this is version 7.01 and suffers similar issues.

  1. Title

nmap fails to open socket.

  1. Brief description

AF_NETLINK operation not supported: route_dst_netlink

  1. Windows version / build number

Microsoft Windows [Version 10.0.14971]

  1. Steps required to reproduce

apt-get install nmap
nmap -sn 192.168.0.*

  1. Copy of the terminal output

root@DESKTOP-5UFF8C5:~# nmap -sn 192.168.0.*

Starting Nmap 7.01 ( https://nmap.org ) at 2016-11-22 20:57 DST
route_dst_netlink: cannot sendmsg: Operation not supported

  1. Expected Behavior

Should perform scan of local network.

  1. Strace of the failing command

https://gist.github.com/anonymous/9445b29cfce828a2eed7df96f2d970fb

@lab1005

This comment has been minimized.

Copy link

commented Apr 12, 2017

i just installed creators update and did a clean install to WSL and nmap is still not working

~$ sudo nmap -sP 192.168.1.0/24

Starting Nmap 7.01 ( https://nmap.org ) at 2017-04-12 15:33 STD
dnet: Failed to open device wifi0
QUITTING!
@gpotter2

This comment has been minimized.

Copy link

commented Apr 12, 2017

@lab1005 That's partially because AF_PACKET family is not supported yet. You may upvote this to speed up the process...

Edited: official Uservoice issue
https://wpdev.uservoice.com/forums/266908-command-prompt-console-bash-on-ubuntu-on-windo/suggestions/17817685-support-af-packet-address-family-tcpdump-wireshar

@mothinx

This comment has been minimized.

Copy link

commented Aug 15, 2017

Any news about the nmap feature ?

@bitcrazed bitcrazed added the bug label Oct 12, 2017

@sunilmut

This comment has been minimized.

Copy link
Member

commented Oct 26, 2017

There are no interesting updates at this moment. As mentioned previously, this requires support for AF_PACKET on Windows. Some dependencies that are outside of WSL. We are working with the right set of teams to track these dependencies. But, this is not planned yet. Although, we understand the interest here and appreciate the feedback (which helps us make a case for this).

@OvermindDL1

This comment has been minimized.

Copy link

commented Oct 26, 2017

You may upvote this to speed up the process...

@gpotter2 The 'this' link just goes to a Forbidden page?

@LFBernardo

This comment has been minimized.

Copy link

commented Oct 30, 2017

One would think that Wireshark, Tshark and Nmap could be considered default requirements in an enterprise environment?

@shura35

This comment has been minimized.

Copy link

commented Nov 23, 2017

nmap, wireshark and many other tools that use AF_PACKET are very used. The lack of this feature is really blocking.

@jdgregson

This comment has been minimized.

Copy link

commented Nov 30, 2017

An acceptable workaround is just to put the Windows version of nmap in your path somewhere.

@shura35

This comment has been minimized.

Copy link

commented Nov 30, 2017

This is already what I do for nmap, but many other tools and business or personal developments are not available in Windows version. The lack of this feature is really blocking.

@therealkenc

This comment has been minimized.

Copy link
Collaborator

commented Nov 30, 2017

What is your development use case and we can try to help you with a work-around while you wait for AF_PACKET support. "Blocking" is a term that means there is none (for example say lack of inotify support back in the day).

If you explain a novel scenario that may (no guarantees) help MSFT to prioritise when they review their backlog. The User Voice has six pages of pointless +1s (why folks do that on a page with a vote button I will never understand) but is absent a single: "In my development workflow I do <insert your scenario>, but I am unable to to <thing> because there is no AF_PACKET support in WSL". In this context <thing> is a development goal you are trying to achieve, not "run native Linux wireshark" (which is a means not a goal). If you have a widespread compelling use-case that kind of stuff does end up getting attention, measured against many other competing scenarios that also need attention.

@LFBernardo

This comment has been minimized.

Copy link

commented Nov 30, 2017

Well I can answer that one easily, I use tcpdump, tshark nmap in my day to day tasks. Having this on one machine instead of having a separate machine will save me a ton of time as well as having to lug more than one machine around. I will try what was stated above to install windows binaries and stick it in the path. Not sure if it will work or not.

@therealkenc

This comment has been minimized.

Copy link
Collaborator

commented Nov 30, 2017

You can try the Windows binaries; I have had a fairly good experience with tshark on Windows. But worst case here don't go lugging around another physical machine unless you have unrelated reasons to do so. Wireshark in VirtualBox (which supports bridged promiscuous mode) works surprisingly well. For the time being, WSL's focus is on development related scenarios, not enterprise scenarios (for some definition of either category). A VM might be a better fit for you for now, and there's nothing wrong with that. Bonne chance.

@LFBernardo

This comment has been minimized.

Copy link

commented Nov 30, 2017

I have come to realise this. But in the bigger picture of things it's just simpler to wipe my windows and install Kali with windows running as a vm. Just thought it would have made life simpler with default OS and bash implemented. Oh well, Cest la vie.

@AnneTheAgile

This comment has been minimized.

Copy link

commented Dec 6, 2017

@therealkenc ty for the interesting remark: "WSL's focus is on development related scenarios, not enterprise scenarios (for some definition of either category)."
TL;DR: Is there a blog post that describes this distinction in more detail, perhaps with more compelling use cases than https://msdn.microsoft.com/en-us/commandline/wsl/faq ?

Detailed comments, questions;
I've been really excited by WSL and am trying to figure out for myself how /when I can use it. (I have a windows machine I love, but my current shop is mac based. ) I already think Powershell's Bash sugar support is terrific.

Perhaps this is really a marketing / product placement question that apparently many of us share. If so , maybe you all can clarify and show us the win(s).

The idea of WSL focusing on dev not enterprise scenarios confuses me.

  • For pure 'development,' ie writing code, I can do that almost anywhere with a text editor nowadays.
  • For certain coding, like simple bash scripts, windows powershell already provides some interop with linux - no WSL required, right? (or maybe it is/was?)
  • The FAQ for WSL, above, references MS's desire to support dev on ruby stacks that use long filepaths and such. Are those scenarios satisfactorily solved without networking, ie this ticket #1349 , fully supported? [1]
  • The WSL FAQ states an intent not to support server tasks and references other tools like Docker, but aren't alot of the complex ruby programs related to server usage? In fact, isn't it exactly Linux's 'free enterprise services' such as nmap, tcpdump, etc that got it into the market(s) (of RubyRails hosting for ex.)? As one anonymous poster wrote on the UserVoice, above, November 24, 2017 17:43 "we use linux because we are nerds; dev nerds, infra nerds, network nerds, or all of the above. " That rings true to me, and I'm wondering what dev projects I should/not think of with WSL.

Your complaint is well taken that Uservoice is lacking and ' absent a single: "In my development workflow I do , but I am unable to to because there is no AF_PACKET support in WSL". In this context is a development goal you are trying to achieve, not "run native Linux wireshark" (which is a means not a goal). '

I checked and found the most substantial comments were:

  • James commented July 30, 2017 22:54 Pls support, don't want to have to run a VM to get these tools to work, kinda meant to be able to replace the need to have a VM to get a real Linux CLI... => this is the same concern as on this issue ticket, ie we thought WSL would replace needing also to have a VM. But here James doesn't say why he wants to use it.
  • Anonymous March 19, 2017 12:12 Yes, +1. Every few months I try out the latest Linux subsystem on my wifes laptop to see if it can replace my MacBook for mobile development. As of now, it can't. I develop apps that use libpcap and/or netmap on Linux. The great thing is, they compile and I can read from pcap files files. Its just when I want to do a "live " test it fails.

Some thoughts as an observer about the use case are above, but also once there are daemons [2], how about this scenario;

  • I start my dev ruby rails server on my linux box, it runs in background after I hide wsl
  • now periodically I want to check its network performance.
  • would I not need nmap etc on WSL to do so?
  • Similarly, or for the same scenario, if the website/process is a dockerized container , wouldn't I need these tools?

Since the FAQ seems to say I should never do this, I want the FAQ to specify more of the advantages of MS's proposed division of labor.

thank you for the project! I am definitely speaking as an amateur / explorer here so all/any resources appreciated.
Anne

Notes
[1] NB: Right now 2017-12-06 those scenarios might have some trouble as well , iff the files-intermittently-missing is not fixed completely by the latest update. I am not sure if it is - maybe no per #2712 but maybe yes per #2448 .

[2] Server work likely wouldn't make sense before getting background processes going, https://wpdev.uservoice.com/forums/266908-command-prompt-console-bash-on-ubuntu-on-windo/suggestions/13653522-consider-enabling-cron-jobs-daemons-and-backgroun

//edit; add TLDR , reorg

@WSLUser

This comment has been minimized.

Copy link

commented Dec 6, 2017

To second what @AnneTheAgile said, most developers are developing for the purposes of an enterprise solution or at least something that can be easily made to suit an enterprise environment as a company gets larger. There are some 'enterprise' specific scenarios that don't involve development but all development scenarios revolve around enterprise solutions and services (for those who have an enterprise environment of course). A proper project creating or modifying something involves not just the planning and development but also the testing of the feature just as MS is doing with the Insider Preview builds. There is no difference between what MS does and what other companies do (that follow industry standards/best practices anyways). Part of testing is obviously security testing and that means needing to check networking components of a software that utilizes network connections and/or possibly makes a change to the OS. Use of NMAP, Wireshark, etc. would then be required for use and is often needed by Linux developers/testers. The whole purpose of WSL is to bring Linux and Windows developers together to harness the technologies and abilities of both to work smarter not harder. Therefore the support of AF_Packet is absolutely essential if MS wants to attract more Linux developers/testers over to Windows.

@gpotter2

This comment has been minimized.

Copy link

commented Dec 6, 2017

I'm going to quote @sunilmut for his comment in another thread (#69 (comment))

The major blocker behind mtr, tracepath, nmap et. al. is the support for AF_PACKET, as correctly pointed out by mateusmedeiros. Unfortunately, Windows itself does not has support for raw access to the ehternet. We (WSL team) continue to work with the Windows networking team to bring some of these features natively to Windows, which then can be lightened up in WSL.
And, yes, we do take the uservoice page seriously while prioritizing features. So, the best bet here is to head down to uservoice page and help us prioritize by casting your votes there.

We may also have a look at #69 (comment)

We're working on improving support for several tools, inc. traceroute, route, etc.

To me, the situation has slightly evolved since #1349 (comment). It seems that that kind of new feature is "on its way"

But, this is not planned yet.

Microsoft teams are not communicating a lot about this though, even if it seems to be slowly going forward :/ @sunilmut Any pseudo-official news you could give us ? Is this still "not planned" ?

If you explain a novel scenario that may (no guarantees) help MSFT to prioritise when they review their backlog. If you have a widespread compelling use-case that kind of stuff does end up getting attention, measured against many other competing scenarios that also need attention.

Even though https://wpdev.uservoice.com/forums/266908-command-prompt-console-bash-on-ubuntu-on-windo/suggestions/17817685-support-af-packet-address-family-tcpdump-wireshar is full of useless comments, the interest of people in this is definatly shown by the number of upvotes, or by comments as great and developed as the above one on this thread. The uservoice page is also one of the most rated one on the uservoice. If you're still not convinced, have a look at #2039

WSL's focus is on development related scenarios

Developing any linux machine network-based software require at some point a native AF_PACKET integration, and wireshark/tcpdump might be used a lot when coding or in unit tests. If you're trying to develop a software based on AF_PACKET made for linux, you definatly need AF_PACKET to be supported. Because developing softwares is the main goal of WSL, that feature is intended to be supported.

For instance, we’re not looking for a way to make our software work on windows (scapy), because it already does using the winpcap alternatives, but for a way to test it under its Linux form within WSL, which requires AF_PACKET.

@ghost

This comment has been minimized.

Copy link

commented Jul 17, 2018

Please add AF_PACKET support! Many people need to use this for their work, and windows must have this to be competitive with macos and linux for development work.

@gpotter2

This comment has been minimized.

Copy link

commented Jul 17, 2018

Hello people (I'm looking at you @eaglegeek-cts)., please stop pinging this thread if it's not with news/updates, but instead add 👍 or upvote https://wpdev.uservoice.com/forums/266908-command-prompt-console-windows-subsystem-for-l/suggestions/17817685-support-af-packet-address-family-tcpdump-wireshar

Many people are subscribed to this thread to have news, and not user-related messages !

Adding anymore "Oh please add it", or "+1" is useless (there are already plenty in this thread), and everyone (including Microsoft) is aware that this feature would be nice. All we need to do now is wait.

I don't want the thread to be closed by a mod, because of how boring it has become :/

@root2018zh

This comment has been minimized.

Copy link

commented Aug 18, 2018

root@DESKTOP-LNIM0TQ:/usr/bin# nmap -sn 192.168.2.0/24
Starting Nmap 7.70 ( https://nmap.org ) at 2018-08-18 11:15 DST
dnet: Failed to open device wifi0
QUITTING!

I use the WSL wireless network card, the result of execution is like this. How can I solve this problem?

@bwanaaa

This comment has been minimized.

Copy link

commented Sep 23, 2018

nmap still not working. my LAN is 192.168.3.0/24 Interestingly,
`sudo nmap -sV 192.168.3.10

gives this error

Starting Nmap 7.60 ( https://nmap.org ) at 2018-09-22 20:11 DST
dnet: Failed to open device eth1
QUITTING!

ifconfig in WSL shows the correct ip with the connection labeled as eth1.
however windows 10 network connections has labeled my connection as ethernet 3, and
ipconfig /all
in cmd window also shows this connection labeled as ethernet 3.

Do I need to direct nmap in WSL to eth3?

@ainsophical

This comment has been minimized.

Copy link

commented Sep 24, 2018

Same here for Kali flavor...

dnet: Failed to open device eth1
QUITTING!

@sgf

This comment has been minimized.

Copy link

commented Oct 7, 2018

Why ppl like Linux because Linux has fewer restrictions, people can do more what they want to do.
Please don't bring the limit from windows to the WSL.if only can do the windows can do,why we should be use WSL?

Soo,when could be the problem soloved?

https://wpdev.uservoice.com/forums/266908-command-prompt-console-bash-on-ubuntu-on-windo/suggestions/17817685-support-af-packet-address-family-tcpdump-wireshar

that has 1426 votes now ?
how many votes need ?

@Karasuni

This comment has been minimized.

Copy link

commented Oct 8, 2018

@Stefan2142

This comment has been minimized.

Copy link

commented Nov 11, 2018

Pinging this

@AldeBaranOZ

This comment has been minimized.

Copy link

commented Nov 15, 2018

This is marked as closed but is not resolved...?

@Stefan2142

This comment has been minimized.

Copy link

commented Nov 15, 2018

This is marked as closed but is not resolved...?

You just described Microsoft business model

@amiralkizaru

This comment has been minimized.

Copy link

commented Nov 17, 2018

@therealkenc I saw your tuto on how to make symlink from windows to WSL to make nmap works fine
Couldnt find it now can you show me plz

@therealkenc

This comment has been minimized.

Copy link
Collaborator

commented Nov 17, 2018

Couldnt find it now can you show me plz

Understandable, given the pointless noise. this:

$ sudo mv /usr/bin/nmap /usr/bin/nmap-really
$ # use your own path to Windows nmap.exe, natch
$ sudo ln -s "/mnt/c/Program Files (x86)/Nmap/nmap.exe" /usr/bin/nmap

Or, just alias nmap=nmap.exe in your .bashrc will work for most straightforward scenarios. You can get Nmap for Windows here.

@OvermindDL1

This comment has been minimized.

Copy link

commented Nov 19, 2018

Or, just alias nmap=nmap.exe in your .bashrc will work for most straightforward scenarios. You can get Nmap for Windows here.

Doesn't work if you push scripts to run on remote machines that you don't control what is installed on the Windows side, thus this is a situation-specific workaround, not a resolution.

@therealkenc

This comment has been minimized.

Copy link
Collaborator

commented Nov 19, 2018

Doesn't work if you push scripts to run on remote machines that you don't control on the Windows side, thus this is a situation-specific workaround, not a resolution.

If you don't control whether the remote side has win32 nmap installed, you sure as heck don't control whether the remote side has the optional WSL component installed, a Store App (Ubuntu) installed, and Ubuntu's nmap package installed (with enough privilege for raw sockets noless). But regardless of any given scenario, no one said the instant issue has been resolved. That issue being:

socket(AF_PACKET, SOCK_RAW, 768)        = -1 EAFNOSUPPORT (Address family not supported by protocol)
gettimeofday({tv_sec=1542647822, tv_usec=851236}, NULL) = 0
time(NULL)                              = 1542647822 (2018-11-19T09:17:02-0800)
write(2, "dnet: Failed to open device eth0", 32dnet: Failed to open device eth0) = 32

Which has plenty of dupes that remain open for the purposes of tracking the functionality gap in WSL. Contrast this tracker, which devolved into a discussion which ran its course a long time ago.

@AldeBaranOZ

This comment has been minimized.

Copy link

commented Nov 22, 2018

@therealkenc - I get that this is a complex issue and is not closed as such but it being tracked elsewhere.

I was tracking it through this "issue" which is now closed and presumably will not be updated. Do you know where the new canonical place is that is tracking AF_PACKET support so I can subscribe to that and keep an eye on the status of the support?

@therealkenc

This comment has been minimized.

Copy link
Collaborator

commented Nov 22, 2018

Do you know where the new canonical place is that is tracking AF_PACKET

#717, #1515, and #2249 are good hangouts I guess, but....

is now closed and presumably will not be updated

Nah. You are going to get plenty more (scare quote) "updates" here, unless it gets locked. Eventually you'll get a notification with much rejoicing if/when AF_PACKET (and some other stuff) is implemented, and the tag will flip to fixedininsiders.

@Karasuni

This comment has been minimized.

Copy link

commented Feb 15, 2019

What is the roadmap for this issue?

@nikkoenggaliano

This comment has been minimized.

Copy link

commented Jun 2, 2019

This issue still not resolved? But already closed?

@holyavengerone

This comment has been minimized.

Copy link

commented Jul 14, 2019

@nikko : in wsl 2.0 (currently on the insider fast ring afaik), I believe the issue is no longer relevant as the way wsl is running the nix kernel fully virtualized within the Windows kernel.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.