Nmap Development mailing list archives
Re: Exp Features: -oP (pcap output format) and --version-ports
From: Kris Katterjohn <katterjohn () gmail com>
Date: Wed, 14 May 2008 18:05:42 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 jah wrote:
On 28/04/2008 19:18, Kris Katterjohn wrote:Hey everyone, I've committed a couple of new features in my branch (/nmap-exp/kris): 1) -oP is a new output option to save sent/received raw IP packets and Ethernet frames in pcap format for use with pcap-capable programs like Wireshark.That's cool. I often use wireshark to capture nmap scans which always means starting wireshark before scanning, possibly setting up capture and/or display filters and being present to stop the capture when the scan ends.... It would be useful to be able to capture NSOCK stuff too, especially NSE activity - something for the future perhaps.
Indeed it would be great to have Nsock data in it as well; however, since AFAIK Nsock just uses connect() for the communications (except for the pcap change used for NSE), it would be awkward to get it working just as it would be for connect() scans. Not only awkward for actually building the pcap file, but getting the packet data from Nsock to the pcap descriptors in Nmap would be hackish at best (judging from my very limited Nsock experience), unless every call to Nsock is followed by a call to log the data. But besides all of that, do you (or anybody) think the functionality as-is would be good for Nmap proper? I find the ability to log just the raw packets quite useful, and any ideas for connect() logging can be added later if implemented.
Regards, jah
Thanks a lot, Kris Katterjohn -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQIVAwUBSCtwQv9K37xXYl36AQJnIQ//YGHNsnz+bWWMFyXirJ7zvZ1CCsAA07mV SnF0YzRpndiIYvwULGB85YM2+VtJwvxEVIvOxcgXoEZ5XNVjgkCSr/40Hn/7AAb7 Emsk5C2k8Imuxg5QaN6czuUJQb65t/6pXg0TKkyKwWn5tGdKZhW5PIU6GU8hFrJo /UAClXZvcX/efNojnBm2C7VZJ8cAtYbgbCiA11velH7diMcbJ3TiZdJqdHIzMxH3 /AHqjK8cAZeChtpWXBE7j+nJPJoOuXjJS0d/Fox6R0fyLIyGwI7FQXsPRb8SA+ws Z4tpHMXL7xY1Kxeb6H/5OUowRNE58dZyJ7xtw6P1rWA2T8WthEXb22Vtq0aWxTOa 3cL64RLgemQuhTzWPMxD2dvQ6SCatNJtwJv/RLp9KArsfi+zYGJyjd+S7WZqtY1w s45tUmmdKT1rk8e/Bk8Xs2wEiDfnVAGwTveO+muR4i3WQS3QWEpfg68xrZgzeAkY 8eNqEcpc5/ZA1keMuA4MoBvJ9+MxS5XdF40Q/ZsqWUvJwtGXCeCXaF4aX4aL1SHI S0pxfOGE0jpAMYqBEeDi8HkCJWUmjAx768Zdc9QKxPiIp2TMibIFcDYONo7ipFLf pydqnKHD1Aw6PB4kQSxOHG0T2zKkz/pQbe0hEWMv2PkgAUSmNntg2mgP7jsYXw/C P0vD25GvH+k= =ZNou -----END PGP SIGNATURE----- _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Exp Features: -oP (pcap output format) and --version-ports Kris Katterjohn (Apr 28)
- Re: Exp Features: -oP (pcap output format) and --version-ports jah (Apr 29)
- Re: Exp Features: -oP (pcap output format) and --version-ports Kris Katterjohn (May 14)
- Re: Exp Features: -oP (pcap output format) and --version-ports jah (May 14)
- Re: Exp Features: -oP (pcap output format) and --version-ports Kris Katterjohn (May 14)
- Re: Exp Features: -oP (pcap output format) and --version-ports Kris Katterjohn (May 14)
- Re: Exp Features: -oP (pcap output format) and --version-ports jah (Apr 29)