Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: dhcp script!

From: Walt Scrivens <walts () gate net>
Date: Tue, 8 Sep 2009 19:15:28 -0400

On Sep 8, 2009, at 4:48 PM, Ron wrote:


[SNIP]
It looks like the script wasn't able to get any information. Can you try adding --script-args=dhcptype=DHCPDISCOVER ? 

Thanks!

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
That didn't help. (We ARE looking for a list of the addresses the server has assigned, right? Something like this list produced by the router's web interface: 
*       192.168.1.107   xx:xx:xx:xx:43:CB       1 day 00:00:00
virtual-1       192.168.1.111   xx:xx:xx:xx:DC:B4       1 day 00:00:00
Nokia-N800-43-7 192.168.1.130   xx:xx:xx:xx:6A:57       1 day 00:00:00
Cheryl-dv5      192.168.1.135   xx:xx:xx:xx:E1:8E       1 day 00:00:00
Work11n 192.168.1.136   xx:xx:xx:xx:3E:A9       1 day 00:00:00
TestComputer    192.168.1.144   xx:xx:xx:xx:EB:B1       1 day 00:00:00

*********************
Here's the nmap output:
•••••••••••••••••••••••••
sh-3.2# nmap --send-ip -d -sU -p67 --script=dhcp-inform --script- args=dhcptype=DHCPDISCOVER 192.168.1.1 

Starting Nmap 5.00 ( http://nmap.org ) at 2009-09-08 19:06 EDT
--------------- Timing report ---------------
  hostgroups: min 1, max 100000
  rtt-timeouts: init 1000, min 100, max 10000
  max-scan-delay: TCP 1000, UDP 1000, SCTP 1000
  parallelism: min 0, max 0
  max-retries: 10, host-timeout: 0
  min-rate: 0, max-rate: 0
---------------------------------------------
NSE: Loaded 1 scripts for scanning.
Warning: Unable to open interface vmnet8 -- skipping it.
Warning: Unable to open interface vmnet1 -- skipping it.
Initiating Ping Scan at 19:06
Scanning 192.168.1.1 [4 ports]
Packet capture filter (device en1): dst host 192.168.1.144 and (icmp or ((tcp or udp or sctp) and (src host 192.168.1.1))) We got a ping packet back from 192.168.1.1: id = 35277 seq = 0 checksum = 30258 
Completed Ping Scan at 19:06, 0.01s elapsed (1 total hosts)
Overall sending rates: 341.79 packets / s, 12988.12 bytes / s.
mass_rdns: Using DNS server 208.67.222.222
mass_rdns: Using DNS server 208.67.220.220
Initiating Parallel DNS resolution of 1 host. at 19:06
mass_rdns: 0.07s 0/1 [#: 2, OK: 0, NX: 0, DR: 0, SF: 0, TR: 1]
Completed Parallel DNS resolution of 1 host. at 19:06, 0.07s elapsed
DNS resolution of 1 IPs took 0.07s. Mode: Async [#: 2, OK: 0, NX: 1, DR: 0, SF: 0, TR: 1, CN: 0] 
Initiating UDP Scan at 19:06
Scanning 192.168.1.1 [1 port]
Packet capture filter (device en1): dst host 192.168.1.144 and (icmp or ((tcp or udp or sctp) and (src host 192.168.1.1))) 
Completed UDP Scan at 19:06, 0.21s elapsed (1 total ports)
Overall sending rates: 9.37 packets / s, 262.33 bytes / s.
NSE: Script scanning 192.168.1.1.
NSE: Starting runlevel 1 scan
Initiating NSE at 19:06
NSE: NSE Script Threads (1) running:
NSE: Starting dhcp-inform against 192.168.1.1:67.
NSE: Finished dhcp-inform against 192.168.1.1:67.
Completed NSE at 19:06, 3.00s elapsed
NSE: Script Scanning completed.
Host 192.168.1.1 is up, received echo-reply (0.0043s latency).
Scanned at 2009-09-08 19:06:55 EDT for 3s
Interesting ports on 192.168.1.1:
PORT   STATE         SERVICE REASON
67/udp open|filtered dhcps   no-response
MAC Address: 00:0F:66:3E:98:EB (Cisco-Linksys)
Final times for host: srtt: 4250 rttvar: 5000  to: 100000

Read from /usr/local/share/nmap: nmap-mac-prefixes nmap-services.
Nmap done: 1 IP address (1 host up) scanned in 3.46 seconds
           Raw packets sent: 6 (208B) | Rcvd: 1 (28B)
**********************

Walt

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
Previous By Date Next
Previous By Thread Next

Current thread: