nmap not working

[yasharne]

yashar@DESKTOP-MHBRT96:~$ sudo nmap -sP 192.168.1.0/24 Starting Nmap 6.40 ( http://nmap.org ) at 2016-11-11 23:37 STD route_dst_netlink: cannot bind AF_NETLINK socket: Invalid argument

[benhillis]

When opening issues please fill out the provided template. Which windows build are you running?

[rtfmoz]

1. Title

nmap fails to open socket.

2. Brief description

cannot bind AF_NETLINK socket when running nmap

3. Windows version / build number

Microsoft Windows [Version 10.0.14393]

4. Steps required to reproduce

apt-get install nmap
nmap -sn 192.168.0.*

5. Copy of the terminal output

root@DESKTOP-5UFF8C5:~# nmap -sn 192.168.0.*

Starting Nmap 6.40 ( http://nmap.org ) at 2016-11-19 10:42 DST
route_dst_netlink: cannot bind AF_NETLINK socket: Invalid argument

6. Expected Behavior

Should perform scan of local network.

7. Strace of the failing command

https://gist.github.com/rtfmoz/bb41c6e0148d223a3e3bc310217e05ba

[sunilmut]

@JasonLinMS as FYI
@rtfmoz - Thanks for the trace. From the trace it looks like it relies on the NETLINK_ROUTE\RTM_GETROUTE message with the given , which we haven't yet implemented. I have opened a bug to track this internally.

[rtfmoz]

I have just installed the latest preview build of Windows 10.0.14971 which has Ubuntu 16.04 Xenial. It appears nmap on this is version 7.01 and suffers similar issues.

1. Title

nmap fails to open socket.

2. Brief description

AF_NETLINK operation not supported: route_dst_netlink

3. Windows version / build number

Microsoft Windows [Version 10.0.14971]

4. Steps required to reproduce

apt-get install nmap
nmap -sn 192.168.0.*

5. Copy of the terminal output

root@DESKTOP-5UFF8C5:~# nmap -sn 192.168.0.*

Starting Nmap 7.01 ( https://nmap.org ) at 2016-11-22 20:57 DST
route_dst_netlink: cannot sendmsg: Operation not supported

6. Expected Behavior

Should perform scan of local network.

7. Strace of the failing command

https://gist.github.com/anonymous/9445b29cfce828a2eed7df96f2d970fb

[gpotter2]

For tcpdump/wireshark/some nmap functions, upvote
https://wpdev.uservoice.com/forums/266908-command-prompt-console-bash-on-ubuntu-on-windo/suggestions/17817685-support-af-packet-address-family-tcpdump-wireshar

[lab1005]

i just installed creators update and did a clean install to WSL and nmap is still not working

~$ sudo nmap -sP 192.168.1.0/24

Starting Nmap 7.01 ( https://nmap.org ) at 2017-04-12 15:33 STD
dnet: Failed to open device wifi0
QUITTING!

[gpotter2]

@lab1005 That's partially because AF_PACKET family is not supported yet. You may upvote this to speed up the process...

Edited: official Uservoice issue
https://wpdev.uservoice.com/forums/266908-command-prompt-console-bash-on-ubuntu-on-windo/suggestions/17817685-support-af-packet-address-family-tcpdump-wireshar

[mothinx]

Any news about the nmap feature ?

[sunilmut]

There are no interesting updates at this moment. As mentioned previously, this requires support for AF_PACKET on Windows. Some dependencies that are outside of WSL. We are working with the right set of teams to track these dependencies. But, this is not planned yet. Although, we understand the interest here and appreciate the feedback (which helps us make a case for this).

[OvermindDL1]

You may upvote this to speed up the process...

@gpotter2 The 'this' link just goes to a Forbidden page?

[LFBernardo]

One would think that Wireshark, Tshark and Nmap could be considered default requirements in an enterprise environment?

[shura35]

nmap, wireshark and many other tools that use AF_PACKET are very used. The lack of this feature is really blocking.

[jdgregson]

An acceptable workaround is just to put the Windows version of nmap in your path somewhere.

[shura35]

This is already what I do for nmap, but many other tools and business or personal developments are not available in Windows version. The lack of this feature is really blocking.

[therealkenc]

What is your development use case and we can try to help you with a work-around while you wait for AF_PACKET support. "Blocking" is a term that means there is none (for example say lack of inotify support back in the day).

If you explain a novel scenario that may (no guarantees) help MSFT to prioritise when they review their backlog. The User Voice has six pages of pointless +1s (why folks do that on a page with a vote button I will never understand) but is absent a single: "In my development workflow I do <insert your scenario>, but I am unable to to <thing> because there is no AF_PACKET support in WSL". In this context <thing> is a development goal you are trying to achieve, not "run native Linux wireshark" (which is a means not a goal). If you have a widespread compelling use-case that kind of stuff does end up getting attention, measured against many other competing scenarios that also need attention.

[LFBernardo]

Well I can answer that one easily, I use tcpdump, tshark nmap in my day to day tasks. Having this on one machine instead of having a separate machine will save me a ton of time as well as having to lug more than one machine around. I will try what was stated above to install windows binaries and stick it in the path. Not sure if it will work or not.

[therealkenc]

You can try the Windows binaries; I have had a fairly good experience with tshark on Windows. But worst case here don't go lugging around another physical machine unless you have unrelated reasons to do so. Wireshark in VirtualBox (which supports bridged promiscuous mode) works surprisingly well. For the time being, WSL's focus is on development related scenarios, not enterprise scenarios (for some definition of either category). A VM might be a better fit for you for now, and there's nothing wrong with that. Bonne chance.

[LFBernardo]

I have come to realise this. But in the bigger picture of things it's just simpler to wipe my windows and install Kali with windows running as a vm. Just thought it would have made life simpler with default OS and bash implemented. Oh well, Cest la vie.

[AnneTheAgile]

@therealkenc ty for the interesting remark: "WSL's focus is on development related scenarios, not enterprise scenarios (for some definition of either category)."
TL;DR: Is there a blog post that describes this distinction in more detail, perhaps with more compelling use cases than https://msdn.microsoft.com/en-us/commandline/wsl/faq ?

Detailed comments, questions;
I've been really excited by WSL and am trying to figure out for myself how /when I can use it. (I have a windows machine I love, but my current shop is mac based. ) I already think Powershell's Bash sugar support is terrific.

Perhaps this is really a marketing / product placement question that apparently many of us share. If so , maybe you all can clarify and show us the win(s).

The idea of WSL focusing on dev not enterprise scenarios confuses me.

• For pure 'development,' ie writing code, I can do that almost anywhere with a text editor nowadays.
• For certain coding, like simple bash scripts, windows powershell already provides some interop with linux - no WSL required, right? (or maybe it is/was?)
• The FAQ for WSL, above, references MS's desire to support dev on ruby stacks that use long filepaths and such. Are those scenarios satisfactorily solved without networking, ie this ticket nmap not working #1349 , fully supported? [1]
• The WSL FAQ states an intent not to support server tasks and references other tools like Docker, but aren't alot of the complex ruby programs related to server usage? In fact, isn't it exactly Linux's 'free enterprise services' such as nmap, tcpdump, etc that got it into the market(s) (of RubyRails hosting for ex.)? As one anonymous poster wrote on the UserVoice, above, November 24, 2017 17:43 "we use linux because we are nerds; dev nerds, infra nerds, network nerds, or all of the above. " That rings true to me, and I'm wondering what dev projects I should/not think of with WSL.

Your complaint is well taken that Uservoice is lacking and ' absent a single: "In my development workflow I do , but I am unable to to because there is no AF_PACKET support in WSL". In this context is a development goal you are trying to achieve, not "run native Linux wireshark" (which is a means not a goal). '

I checked and found the most substantial comments were:

• James commented July 30, 2017 22:54 Pls support, don't want to have to run a VM to get these tools to work, kinda meant to be able to replace the need to have a VM to get a real Linux CLI... => this is the same concern as on this issue ticket, ie we thought WSL would replace needing also to have a VM. But here James doesn't say why he wants to use it.
• Anonymous March 19, 2017 12:12 Yes, +1. Every few months I try out the latest Linux subsystem on my wifes laptop to see if it can replace my MacBook for mobile development. As of now, it can't. I develop apps that use libpcap and/or netmap on Linux. The great thing is, they compile and I can read from pcap files files. Its just when I want to do a "live " test it fails.

Some thoughts as an observer about the use case are above, but also once there are daemons [2], how about this scenario;

• I start my dev ruby rails server on my linux box, it runs in background after I hide wsl
• now periodically I want to check its network performance.
• would I not need nmap etc on WSL to do so?
• Similarly, or for the same scenario, if the website/process is a dockerized container , wouldn't I need these tools?

Since the FAQ seems to say I should never do this, I want the FAQ to specify more of the advantages of MS's proposed division of labor.

thank you for the project! I am definitely speaking as an amateur / explorer here so all/any resources appreciated.
Anne

Notes
[1] NB: Right now 2017-12-06 those scenarios might have some trouble as well , iff the files-intermittently-missing is not fixed completely by the latest update. I am not sure if it is - maybe no per #2712 but maybe yes per #2448 .

[2] Server work likely wouldn't make sense before getting background processes going, https://wpdev.uservoice.com/forums/266908-command-prompt-console-bash-on-ubuntu-on-windo/suggestions/13653522-consider-enabling-cron-jobs-daemons-and-backgroun

//edit; add TLDR , reorg

[WSLUser]

To second what @AnneTheAgile said, most developers are developing for the purposes of an enterprise solution or at least something that can be easily made to suit an enterprise environment as a company gets larger. There are some 'enterprise' specific scenarios that don't involve development but all development scenarios revolve around enterprise solutions and services (for those who have an enterprise environment of course). A proper project creating or modifying something involves not just the planning and development but also the testing of the feature just as MS is doing with the Insider Preview builds. There is no difference between what MS does and what other companies do (that follow industry standards/best practices anyways). Part of testing is obviously security testing and that means needing to check networking components of a software that utilizes network connections and/or possibly makes a change to the OS. Use of NMAP, Wireshark, etc. would then be required for use and is often needed by Linux developers/testers. The whole purpose of WSL is to bring Linux and Windows developers together to harness the technologies and abilities of both to work smarter not harder. Therefore the support of AF_Packet is absolutely essential if MS wants to attract more Linux developers/testers over to Windows.

[gpotter2]

I'm going to quote @sunilmut for his comment in another thread (#69 (comment))

The major blocker behind mtr, tracepath, nmap et. al. is the support for AF_PACKET, as correctly pointed out by mateusmedeiros. Unfortunately, Windows itself does not has support for raw access to the ehternet. We (WSL team) continue to work with the Windows networking team to bring some of these features natively to Windows, which then can be lightened up in WSL.
And, yes, we do take the uservoice page seriously while prioritizing features. So, the best bet here is to head down to uservoice page and help us prioritize by casting your votes there.

We may also have a look at #69 (comment)

We're working on improving support for several tools, inc. traceroute, route, etc.

To me, the situation has slightly evolved since #1349 (comment). It seems that that kind of new feature is "on its way"

But, this is not planned yet.

Microsoft teams are not communicating a lot about this though, even if it seems to be slowly going forward :/ @sunilmut Any pseudo-official news you could give us ? Is this still "not planned" ?

If you explain a novel scenario that may (no guarantees) help MSFT to prioritise when they review their backlog. If you have a widespread compelling use-case that kind of stuff does end up getting attention, measured against many other competing scenarios that also need attention.

Even though https://wpdev.uservoice.com/forums/266908-command-prompt-console-bash-on-ubuntu-on-windo/suggestions/17817685-support-af-packet-address-family-tcpdump-wireshar is full of useless comments, the interest of people in this is definatly shown by the number of upvotes, or by comments as great and developed as the above one on this thread. The uservoice page is also one of the most rated one on the uservoice. If you're still not convinced, have a look at #2039

WSL's focus is on development related scenarios

Developing any linux machine network-based software require at some point a native AF_PACKET integration, and wireshark/tcpdump might be used a lot when coding or in unit tests. If you're trying to develop a software based on AF_PACKET made for linux, you definatly need AF_PACKET to be supported. Because developing softwares is the main goal of WSL, that feature is intended to be supported.

For instance, we’re not looking for a way to make our software work on windows (scapy), because it already does using the winpcap alternatives, but for a way to test it under its Linux form within WSL, which requires AF_PACKET.

[Karasuni]

What is the roadmap for this issue?

[nikkoenggaliano]

This issue still not resolved? But already closed?

[holyavengerone]

@nikko : in wsl 2.0 (currently on the insider fast ring afaik), I believe the issue is no longer relevant as the way wsl is running the nix kernel fully virtualized within the Windows kernel.

[Samsongff]

https://wpdev.uservoice.com/forums/266908-command-prompt-console-windows-subsystem-for-l/suggestions/17817685-support-af-packet-address-family-tcpdump-wireshar is not a valid link anymore. Any alternatives?

$ sudo mv /usr/bin/nmap /usr/bin/nmap-really
$ # use your own path to Windows nmap.exe, natch
$ sudo ln -s "/mnt/c/Program Files (x86)/Nmap/nmap.exe" /usr/bin/nmap

May I ask if above workaround would help me use wireshark in WSL? Thanks!

[gpotter2]

This is fixed in WSL 2.0
@therealkenc You might want to lock this.

[LFBernardo]

WSL2 is not a viable option for many as it doesn't get along with VMware workstation.

[HenkPoley]

as it doesn't get along with VMware workstation.

Vmware is finally working on that; the Windows hypervisor was introduced in Windows Server 2003 R2, on 6 December 2005: https://blogs.vmware.com/workstation/2019/08/workstation-hyper-v-harmony.html

Btw, the Hyper-V hypervisor is also used in:

• Windows Defender Memory Isolation, protecting you from insecure drivers
• Windows Sandbox, optionally protecting you from insecure applications
• isolated Edge browser in "Windows Defender Application Guard", optionally protecting you from an insecure browser (😉)
• Device Guard & Credential Guard, Windows 10 Enterprise & Education features..
• WSL2, a Windows 10 20H1 feature

[LFBernardo]

You will note the year 2020 for proper release of the integration. :) I note and appreciate the nudge. Unfortunately many of us have to run vmware workstation right now and are heavily dependent on it. Deploying wsl2 is a breaking change.

[HenkPoley]

Yeah for as long this isn't fixed in WSL1 this ticket ought to remain open, since it is not fixed. And WSL2 is not in even in any 'gold master' or what you want to call a release of Windows.

[mailinglists35]

it is unrealistic to expect this issue to be fixed in WSL1 when microsoft is clearly going the WSL2 way. unsubscribing from this spam.

[javaherobrine]

出现了这个问题：
Warning: Nmap may not work correctly on Windows Subsystem for Linux.

[ghost]

where is nmap

[sudo-jake]

Microsoft please support AF_PACKET for WSL that would be amazing!

[InigoMontoyaMorgan]

I'd be really really helpful if you guys had nmap in linux and could use raw sockets. I for one consider using another platform just for Nmap.

[bitcrazed]

@InigoMontoyaMorgan Have you tried WSL2 which runs distros atop a genuine Linux kernel in a VM and, thus, is not affected by Windows' networking stack?

[InigoMontoyaMorgan]

No. I'm totally new at penetration testing and security and am still learning.to be honest I've never even heard of WSL or bistro lol. If you could guide me in the right direction though that would be greatly appreciated.

[bitcrazed]

@InigoMontoyaMorgan You may want to start with the WSL2 comparison docs, and the other [WSL docs pages](https://docs.microsoft.com/en-us/windows/wsl/.

I'd strongly encourage you to make sure you're running at least Windows 10 2009 (build 19041), and then convert existing WSL distros to WSL2, and update your WSL to set the default WSL version to WSL2 (so that future WSL distros are created as WSL2). Read this page for more details.

[Kreijstal]

libpcap when?

[MotherOfProgrammers]

i just installed creators update and did a clean install to WSL and nmap is still not working

~$ sudo nmap -sP 192.168.1.0/24

Starting Nmap 7.01 ( https://nmap.org ) at 2017-04-12 15:33 STD
dnet: Failed to open device wifi0
QUITTING!

"sudo apt install net-tools" This command will help you to resolve your above error very well!
And some devices doesn't support yet after install them!