Nmap Development mailing list archives
Re: pcap-tcp Proof of Concept hack
From: Jay Fink <jay.fink () gmail com>
Date: Sun, 28 Jun 2009 14:10:00 -0400
All, Per fyodor's suggestion I am attaching a patch and file for ncat to invoke a pcap reader. Note that this is proof of concept and right now literally just fires up a looper. I would eventually want it to automatically filter for the port, set the device and have the option to pass additional filter arguments and have a timed and/or polls count. Fyodor posed a few questions which I went ahead and answered.
Thanks Jay. I'm not sure if this feature should be added to Ncat or not, but it is definitely worth sending to nmap-dev so folks can try it out and let you know what they think.
sending to nmap-dev in this email; all see my replies below.
I assume you added this feature because you personally find a need for it?
as per the norm, pure laziness. I've had the need recently to use ncat to troubleshoot a problem. So I had to fireup tcpdump in another window while watching output. So basically having it as an option in ncat (or whatever) saves me the time. I'm also thinking that ncat could set up a few things ahead of time like automatically assign a filter (for the port), set the device and so forth - once again saving me time (albeit not much) plus a few things I mentioned above.
In what situations do you find that a pcap save is more useful than the session output format Ncat already has?
when I want pcap specific data (which I might load up into wireshark for a replay later).
Why is it only TCP? Couldn't you do the same thing when Ncat is in UDP mode?
yes - it certainly could, since this is POC stuff I didn't want to take it too far. thanks, j
Attachment:
ncat_tcp_poc.patch
Description:
Attachment:
ncat_pcap_tcp.c
Description:
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Re: pcap-tcp Proof of Concept hack Jay Fink (Jun 28)
- Re: pcap-tcp Proof of Concept hack Jay Fink (Jun 29)
- Re: pcap-tcp Proof of Concept hack David Fifield (Jun 29)
- Re: pcap-tcp Proof of Concept hack Jay Fink (Jun 29)
- Re: pcap-tcp Proof of Concept hack Jay Fink (Jun 29)
- Re: pcap-tcp Proof of Concept hack David Fifield (Jun 29)
- Re: pcap-tcp Proof of Concept hack Jay Fink (Jun 29)