Network interface error when scanning with Nessus

Leave a reply

Ok, so you have installed Nessus scanner on a Microsoft Windows Virtual Machine, and you get this error when attempting to scan a host.

“The network interface ‘\Device\{xxxxxx-xxxxxx-xxxxxxx-xxxxx}’ does not support packet forgery. This prevents Nessus from determining whether some of the target hosts are alive and from performing a full port scan against them. You may partially work around this problem by editing your scan settings to disable ‘Ping’ (Uncheck General->Ping host) and by providing Nessus with credentials to the remote host to prevent a port scan from taking place, however it would be preferable to scan over a different network interface.”

If you experience this error it has most likely been caused by the Microsoft ISATAP Adapter. Open cmd prompt, do an ipconfig /all, and you will be able to identify the culprit. It will have the same xxxx interface ID as in the error message above.

To fix, do the following;

(In device manager, the ISATAP adapter may not always be visible. If not, we first need to display all devices in device manager).  

  1. Click Start, click Run, type cmd.exe, and then press ENTER.
  2. Type set devmgr_show_nonpresent_devices=1, and then press ENTER.
  3. Type Start DEVMGMT.MSC, and then press ENTER.
  4. Click View, and then click Show Hidden Devices.
  5. Expand the Network Adapters tree.
  6. Right click on all ISATAP adapters, and select disable (Of course, you must not be reliant Ipv6 in order to disable these adapters)  
  7. Close the Nessus browser.
  8. Go to services and restart the Tenable Nessus service.
  9. Restart you Nessus browser, and attempt a re-scan.  

Add your own root CA to Nessus’ scanner

Leave a reply

Hi all,

Having scanned a host with nessus I happended upon this error: “The server’s X.509 certificate does not have a signature from a known public certificate authority. This situation can occur in three different ways, each of which results in a break in the chain below which certificates cannot be trusted.”

Whilst having a certificate signed by a known Certificate Authority (CA) is a basic SSL requirement, many organisations will have their own root CA.

The wonderful people at Tenable created a Nessus plugin for this problem back in December 2010. It basically supports custom CA’s, and allows you to add your own root CA into the Nessus scanners’ trusted list.

Simply do the following:

1. Save your root CA(s) public certificate in PEM format into a text file (You can put multiple certificates in the same file).

2. Rename that file to custom_CA.inc

3.  Move this file to your plugins directory (/opt/nessus/lib/nessus/plugins on Linux, C:\Program Files\Tenable\Nessus\plugins\ on Windows and /Library/Nessus/run/lib/nessus/plugins on Mac OS X)

4. That’s it. There’s no need to restart Nessus. You’re free to re-scan.

Tune in to my next post when I will be talking about Nessus NIC compatibility errors (especially with VM’s), and also why, when wearing jeans to a strip club, you don’t get your money’s worth…