Re: libpcap change in nmap ?

[Fyodor <fyodor () dhp com>]

On Thu, 28 Jan 1999, fzef fzef wrote:
 
> I want to use the libpcap under linux , but i would
> like to know what are the change with the libcap modified ?
> thanks ....

The only changes I have made are bugfixes in the Linux specific code.  For
example, the timeout value passed to pcap_open_live is completely ignored
with the stock libpcap (and nmap uses this timeout extensively).  Patches
have been sent to the maintainers.

Of course, I did not fix all the bugs.  Here is one that you can verify
with normal tcpdump:

In window 1 type: tcpdump -i lo "dst host 127.0.0.1"
And in window 2: telnet 127.0.0.1 80

You should see the TCP handshaking but instead you see nothing on most
systems I have tried.  This problem seems specific to localhost (note that
you may have to use a different name than lo). Nmap solves it with the
ugly solution:

if (target->source_ip.s_addr == htonl(0x7F000001))
   filter[0] = '\0';

If anyone sends a fix for libpcap , I'll certainly incorporate it!

In other news, this list has grown very well!  I originally figured there
would be a couple hundred nmap hackers at most, but the list is now at
> 1200 and still growing strong.  A quick grep on the list shows members
from many diverse domains:  sun.com, hp.com, microsoft.com, cisco.com,
mit.edu, caltech.edu, iss.net, checkpoint.com, nasa.gov, navy.mil,
army.mil, ncsc.mil, af.mil, etc.  I guess this shows that we at least have
the attention of the vendors (and the US military!).

Anyway, now that each message affects more than 1000 people, I decided it
was worth it for me to invest the time to moderate posts.  This took
effect last week.  Posts may take a little longer to get through, but at
least we won't have any more AOL trollers (or the 50 responses to them).
The basic rule as to what posts are accepted is simple:  posts must relate
to nmap or similar issues like port scanning, system probing, etc.

In other news, fingerprints are still pouring in.  I'll try to release a
new minor release within a week or so.  After that, I think I'll work on
some ambitious (but really cool!) new features.

Cheers,
Fyodor

--
Fyodor                            'finger pgp () www insecure org | pgp -fka'
Frustrated by firewalls?          Try nmap: http://www.insecure.org/nmap/
The cow is quick.  The cow is intellegent.  The cow has learned to
recognize our truck. --Raman Kumar Sharma, New Delhi cheif cow catcher