Re: Exp Features: -oP (pcap output format) and --version-ports

[Kris Katterjohn <katterjohn () gmail com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

jah wrote:
> On 28/04/2008 19:18, Kris Katterjohn wrote:
> > Hey everyone,
> >
> > I've committed a couple of new features in my branch (/nmap-exp/kris):
> >
> > 1) -oP is a new output option to save sent/received raw IP packets and
> > Ethernet frames in pcap format for use with pcap-capable programs like
> > Wireshark.
> That's cool.  I often use wireshark to capture nmap scans which always
> means starting wireshark before scanning, possibly setting up capture
> and/or display filters and being present to stop the capture when the
> scan ends....
> It would be useful to be able to capture NSOCK stuff too, especially NSE
> activity - something for the future perhaps.

Indeed it would be great to have Nsock data in it as well; however,
since AFAIK Nsock just uses connect() for the communications (except for
the pcap change used for NSE), it would be awkward to get it working
just as it would be for connect() scans.

Not only awkward for actually building the pcap file, but getting the
packet data from Nsock to the pcap descriptors in Nmap would be hackish
at best (judging from my very limited Nsock experience), unless every
call to Nsock is followed by a call to log the data.

But besides all of that, do you (or anybody) think the functionality
as-is would be good for Nmap proper?  I find the ability to log just the
raw packets quite useful, and any ideas for connect() logging can be
added later if implemented.

> Regards,
> jah

Thanks a lot,
Kris Katterjohn

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQIVAwUBSCtwQv9K37xXYl36AQJnIQ//YGHNsnz+bWWMFyXirJ7zvZ1CCsAA07mV
SnF0YzRpndiIYvwULGB85YM2+VtJwvxEVIvOxcgXoEZ5XNVjgkCSr/40Hn/7AAb7
Emsk5C2k8Imuxg5QaN6czuUJQb65t/6pXg0TKkyKwWn5tGdKZhW5PIU6GU8hFrJo
/UAClXZvcX/efNojnBm2C7VZJ8cAtYbgbCiA11velH7diMcbJ3TiZdJqdHIzMxH3
/AHqjK8cAZeChtpWXBE7j+nJPJoOuXjJS0d/Fox6R0fyLIyGwI7FQXsPRb8SA+ws
Z4tpHMXL7xY1Kxeb6H/5OUowRNE58dZyJ7xtw6P1rWA2T8WthEXb22Vtq0aWxTOa
3cL64RLgemQuhTzWPMxD2dvQ6SCatNJtwJv/RLp9KArsfi+zYGJyjd+S7WZqtY1w
s45tUmmdKT1rk8e/Bk8Xs2wEiDfnVAGwTveO+muR4i3WQS3QWEpfg68xrZgzeAkY
8eNqEcpc5/ZA1keMuA4MoBvJ9+MxS5XdF40Q/ZsqWUvJwtGXCeCXaF4aX4aL1SHI
S0pxfOGE0jpAMYqBEeDi8HkCJWUmjAx768Zdc9QKxPiIp2TMibIFcDYONo7ipFLf
pydqnKHD1Aw6PB4kQSxOHG0T2zKkz/pQbe0hEWMv2PkgAUSmNntg2mgP7jsYXw/C
P0vD25GvH+k=
=ZNou
-----END PGP SIGNATURE-----

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org