Re: SoC Idea: Pcap compatible output for received packets

[Kris Katterjohn <katterjohn () gmail com>]

Justin Knox wrote:
> Kris, I really like that idea. Would it be possible to record the
> packets sent by the scanning host as well? Seems like when using a
> connect() scan this might not be possible, but if we're doing SYN or
> other where the pcap library is being used already...
>
> capture filter for inbound packets would be your target host's IP (or
> any hosts you're bouncing from...)
>
>
> Wow. I'm interested to see what others have to say ;)
> --Justin

Hmm... I was thinking about doing it a different way, but you saying
that made me think differently.


The existing pcap filters currently basically limit it to incoming
packets from our targets.  I suppose I could change it so that we can
get our sent ones as well.  But that might mean a couple of things:

1) We get too much traffic and it slows the scans down because we have
to process them all

2) The pcap filters (or code creating them) get overly complicated and
mistakes are made


But hopefully not :) I'll see if I can write up a fairly simple patch.


Thanks!,
Kris Katterjohn

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org