Nmap Development mailing list archives
Re: dhcp script (version 2)
From: Fyodor <fyodor () insecure org>
Date: Wed, 9 Sep 2009 16:33:42 -0700
On Tue, Sep 08, 2009 at 09:19:25PM -0500, Ron wrote:
I made a couple changes to address issues I saw here: a) Changed DHCPINFORM to DHCPDISCOVER, and updated the name/comments appropriately (now it's dhcp-discover.nse) b) Changed the timeout on the socket from 3000ms to 5000ms to fix a timeout issue I've attached the new patch that I'm hoping to check in. Let me know if there are any further issues!
Hi Ron. This script is great. It works well for me, and I support checking it in. Here are some notes and suggestions: o Against the DHCP server on my home network (ISC DHCP server 4.1.0), I get no response to DHCPINFORM, but both DHCPDISCOVER and DHCPREQUEST give me (basically the same) detailed responses. o I don't know much about DHCP, but if DHCPINFORM is significantly less intrusive than DISCOVER or REQUEST, it might be worth trying that first and falling back to DHCPDISCOVER otherwise (and maybe even REQUEST if that fails, though we don't want the script to take too long). I like the ideas people have suggested about making this less intrusive by reducing the lease time requested or any other techniques you can think of. o This is very valuable information and making this script run by default is worth consideration, IMHO. o I'd suggest making the script less verbose by printing only the most important fields by default. With verbose mode (which should kick in automatically now if the script is specified directly), it could continue printing all the fields. From the example output below, I've put a star by the fields which look most important to me: 67/udp open dhcps script-set | dhcp-discover: | DHCP Message Type: DHCPOFFER |* Server Identifier: 192.168.0.100 | IP Address Lease Time (client): 3232235520 |* Subnet Mask: 255.255.0.0 |* Router: 192.168.0.6 |* Domain Name Server: 192.168.0.100 |* Broadcast Address: 192.168.255.255 | Renewal Time Value: 1616117760 |_ Rebinding Time Value: 2828206080 If the Server Identifier is almost always just the target IP (I have no idea), then we can probably omit that by default too. There may be other important fields which I just don't see in my responses. Perhaps a list of fields to ignore by default would be better than a list of interesting fields. o Perhaps the script could have an option for using raw packets to send a broadcast request on the network? o It is a trivial thing, but this part of the docs still needs to be updated for your recent changes: --@args dhcptype The type of DHCP request to make. By default, DHCPDISCOVER is sent, but this argument --can change it to DHCPDISCOVER, DHCPOFFER, DHCPREQUEST, DHCPDECLINE, DHCPACK, DHCPNAK, --or DHCPRELEASE. Not all types will evoke a response from all servers. Cheers, Fyodor _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Re: dhcp script!, (continued)
- Re: dhcp script! David Fifield (Sep 09)
- Re: dhcp script! Brandon Enright (Sep 09)
- Re: dhcp script! Walt Scrivens (Sep 09)
- Re: dhcp script! Walt Scrivens (Sep 09)
- Re: dhcp script! Brandon Enright (Sep 09)
- Re: dhcp script! David Fifield (Sep 09)
- Re: dhcp script! Walt Scrivens (Sep 12)
- Re: dhcp script! David Fifield (Sep 22)
- Re: dhcp script! Walt Scrivens (Sep 23)
- Re: dhcp script (version 2) Fyodor (Sep 09)
- Re: dhcp script (version 2) Ron (Sep 09)
- Re: dhcp script (version 2) Fyodor (Sep 10)
- Re: DHCP payload probe? Ron (Sep 10)
- Re: DHCP payload probe? David Fifield (Sep 10)