Nmap Announce mailing list archives
Re: libpcap change in nmap ?
From: Fyodor <fyodor () dhp com>
Date: Fri, 29 Jan 1999 07:09:53 -0500 (EST)
On Thu, 28 Jan 1999, fzef fzef wrote:
I want to use the libpcap under linux , but i would like to know what are the change with the libcap modified ? thanks ....
The only changes I have made are bugfixes in the Linux specific code. For example, the timeout value passed to pcap_open_live is completely ignored with the stock libpcap (and nmap uses this timeout extensively). Patches have been sent to the maintainers. Of course, I did not fix all the bugs. Here is one that you can verify with normal tcpdump: In window 1 type: tcpdump -i lo "dst host 127.0.0.1" And in window 2: telnet 127.0.0.1 80 You should see the TCP handshaking but instead you see nothing on most systems I have tried. This problem seems specific to localhost (note that you may have to use a different name than lo). Nmap solves it with the ugly solution: if (target->source_ip.s_addr == htonl(0x7F000001)) filter[0] = '\0'; If anyone sends a fix for libpcap , I'll certainly incorporate it! In other news, this list has grown very well! I originally figured there would be a couple hundred nmap hackers at most, but the list is now at
1200 and still growing strong. A quick grep on the list shows members
from many diverse domains: sun.com, hp.com, microsoft.com, cisco.com, mit.edu, caltech.edu, iss.net, checkpoint.com, nasa.gov, navy.mil, army.mil, ncsc.mil, af.mil, etc. I guess this shows that we at least have the attention of the vendors (and the US military!). Anyway, now that each message affects more than 1000 people, I decided it was worth it for me to invest the time to moderate posts. This took effect last week. Posts may take a little longer to get through, but at least we won't have any more AOL trollers (or the 50 responses to them). The basic rule as to what posts are accepted is simple: posts must relate to nmap or similar issues like port scanning, system probing, etc. In other news, fingerprints are still pouring in. I'll try to release a new minor release within a week or so. After that, I think I'll work on some ambitious (but really cool!) new features. Cheers, Fyodor -- Fyodor 'finger pgp () www insecure org | pgp -fka' Frustrated by firewalls? Try nmap: http://www.insecure.org/nmap/ The cow is quick. The cow is intellegent. The cow has learned to recognize our truck. --Raman Kumar Sharma, New Delhi cheif cow catcher
Current thread:
- libpcap change in nmap ? fzef fzef (Jan 28)
- Re: libpcap change in nmap ? Fyodor (Jan 29)
- Re: libpcap change in nmap ? Lamont Granquist (Jan 29)
- Re: libpcap change in nmap ? Fyodor (Jan 29)
- Re: libpcap change in nmap ? Lamont Granquist (Jan 29)
- <Possible follow-ups>
- Re: libpcap change in nmap ? johann sebastian bach (Jan 29)
- Re: libpcap change in nmap ? Fyodor (Jan 29)