March 1, 2018

Nessus 'Network interface does not support packet forgery' Error


Users may encounter the following error when running scans:
Network interface not supported
The network interface 'example_NIC_ID' does not support packet forgery.
The error message will vary based on the NIC interface ID, but will always mention packet forgery.


A Network Interface Card (NIC) that is capable of packet forgery will be needed to run scans. Packet Forgery is necessary for many types of scans, including simple Host Discovery scans, as it allows Nessus to determine whether targets are alive, and facilitates port scanning. Many remote checks (uncredentialed plugins) will also use packet forgery to determine the presence of a vulnerability by generating packets designed to imitate attacks. Most modern NICs are capable of packet forgery, although not all are configured this way by default. To support packet forgery, WinPcap or libpcap will be installed alongside Nessus. 

The error stating that the NIC does not support packet forgery can occur if:
  • WinPcap is not installed, corrupted, or the wrong version (Windows)
  • Libpcap is not installed, corrupted, or the wrong verison (Linux and Mac OS X)
  • ISATAP and Teredo IPv6 tunneling interfaces are enabled
  • Nessus is running as a non-privileged user (Linux and Mac OS X)
  • The Nessus host is utilizing NIC teaming/bonding (Windows Server) 
  • Other Packet Capture applications are utilizing the same service driver


Execute the appropriate resolution based on the Nessus host's OS and configuration:

  • Run Nessus fix commands appropriate for your OS.
  • Uninstall WinPcap and then reinstall it. WinPcap can be downloaded from
  • Uninstall libpcap and then reinstall via yum, apt-get, or rpm
  • Disable IPv6 tunneling on the NIC
  • Disable NIC teaming or assign Nessus a single NIC
  • Disable other Packet Capture applications that utilize the same service driver as the NIC used in Nessus
  • If Nessus is running as a non-privileged user, enable the permissions needed for the NIC to run in promiscuous mode and forge packets:
# sudo setcap "cap_net_admin,cap_net_raw,cap_sys_resource+eip" /opt/nessus/sbin/nessusd
# sudo setcap "cap_net_admin,cap_net_raw,cap_sys_resource+eip" /opt/nessus/sbin/nessus-service

No comments:

Post a Comment