23 Feb 2008 22:07
Re: scapy-win: registry issue with 1.2.0.2-win
William Stearns <wstearns <at> pobox.com>
2008-02-23 21:07:47 GMT
2008-02-23 21:07:47 GMT
Good evening, Dirk, all,
On Sat, 23 Feb 2008, Dirk Loss wrote:
> William Stearns wrote:
>> File "c:\python25\lib\scapy.py", line 377, in _update_pcapdata key =
>> _winreg.OpenKey(_winreg.HKEY_LOCAL_MACHINE, keyname) WindowsError: [Error
>> 2] The system cannot find the file specified
>
> Thanks for the bug report. There's a problem getting some values from
> your Windows registry. (We need them to construct a mapping between
> dnet's and pcap's names for your network interfaces, because they name
> them differently.)
>
> The following info could be helpful:
> - Your Windows version (e.g. output of "winver"). I myself have only
> been testing Scapy-win on Windows XP.
Microsoft Windows XP Professional
Version 5.1 (Build 2600.xpsp_sp2_gdr.07022702254 : Service pack 2
> - If you start "regedit", can you open the following key and its
> subkeys?
> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet
> \Services\Tcpip\Parameters\Interfaces\
Yes. There are 17 "{hex_and_dashes}" interfaces. They range from
having 8 keys to 34 keys.
> - The number and type of your network cards.
Now, and when I submitted that report, I had 7 interfaces under
Control Panel/Network Connections:
Dial up:
America Online
Lan or high-speed internet
Local Area Connection cable unplugged Intel Pro/100 VE
Local Area Connection 4 disabled Microsoft loopback adapter
Local Area Connection 5 disabled Microsoft loopback adapter #2
VMWare VMNet1 connected VMWare virtual adapter for VMnet1
VMWare VMNet8 connected VMWare virtual adapter for VMnet8
Wireless net con 4 connected Netgear WG511v2 54 Mbps wireless PC card
That last entry is the live connection to the lan.
> I have committed a new version to the repository which gives some
> debugging output. Please update, try again and share the startup outputs
> with me. If you consider any values confidential, feel free to anonymize
> them as you need. Or just email me privately.
Hey, if I can admit using AOL in the past... 
Trying out the new version:
"Couldn't open 'HKEY.......Interfaces/{F22....159}' (for guessed pcap
iface name "eth4")
Warning: no matching pcap interface name for dnet interface eth1 (IP=None)
found
Warning: no matching pcap interface name for dnet interface eth1 (IP=None)
found
As you might have guessed, the F22...159 key doesn't show up under
"Interfaces" in regedit. This system has had a lot of nics used
plugged in at different points in its life.
> As a temporary workaround you can try to deactivate all your network
> interfaces except for the single one you need. Because the above code is
> only needed for hosts having multiple network interfaces, you then can
> ignore the warnings. You'll need the updated Scapy-win version to get
> past the initial registry access errors though.
If I change all other interfaces to "Disabled" in "Network
Connections", I am able to successfully "import scapy" or "from scapy
import *" without any warnings. When I go to "p=sniff(count=1)", it never
returns even when I successfully ping or tcp connect to remote systems.
We're getting closer, though.
Thanks for your help. I'll be away through Wednesday.
Cheers,
- Bill
---------------------------------------------------------------------------
"God grant me the senility to accept the things I cannot change,
The frustration to try to change things I cannot affect, and the wisdom
to tell the difference."
(Courtesy of Mike Ricketts <rickettm <at> ox.compsoc.net>)
--------------------------------------------------------------------------
William Stearns (wstearns <at> pobox.com, tools and papers: www.stearns.org)
Top-notch computer security training at www.sans.org , www.giac.net
--------------------------------------------------------------------------
---------------------------------------------------------------------
To unsubscribe, send a mail to scapy.ml-unsubscribe <at> secdev.org
RSS Feed