Nmap Development mailing list archives
Re: SoC Idea: Pcap compatible output for received packets
From: Kris Katterjohn <katterjohn () gmail com>
Date: Sat, 09 Jun 2007 18:35:06 -0500
Justin Knox wrote:
Kris, I really like that idea. Would it be possible to record the packets sent by the scanning host as well? Seems like when using a connect() scan this might not be possible, but if we're doing SYN or other where the pcap library is being used already... capture filter for inbound packets would be your target host's IP (or any hosts you're bouncing from...) Wow. I'm interested to see what others have to say ;) --Justin
Hmm... I was thinking about doing it a different way, but you saying that made me think differently. The existing pcap filters currently basically limit it to incoming packets from our targets. I suppose I could change it so that we can get our sent ones as well. But that might mean a couple of things: 1) We get too much traffic and it slows the scans down because we have to process them all 2) The pcap filters (or code creating them) get overly complicated and mistakes are made But hopefully not :) I'll see if I can write up a fairly simple patch. Thanks!, Kris Katterjohn
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- SoC Idea: Pcap compatible output for received packets Kris Katterjohn (Jun 09)
- Re: SoC Idea: Pcap compatible output for received packets Justin Knox (Jun 09)
- Re: SoC Idea: Pcap compatible output for received packets Kris Katterjohn (Jun 09)
- Re: SoC Idea: Pcap compatible output for received packets Justin Knox (Jun 09)