Nmap Development mailing list archives
Re: Qscan in NSE: qscan.nse
From: Kris Katterjohn <katterjohn () gmail com>
Date: Thu, 15 Apr 2010 15:11:01 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 04/14/2010 07:57 PM, Brandon Enright wrote:
I decided to test my idea of probing faster. My results are very promising. I tested the following way. First I sent 10 packets at 1pps to an open port, roughly like qscan. I then sent 100 packets at 10pps which takes the same amount of time. I then sent 100 packets at 100pps for 10x time savings.
Sorry for not getting the chance to give a meaningful reply yet. I've been busy, but I've been hoping to look into this stuff soon (but "soon" keeps changing). I thought your idea was an interesting one, and I especially do now that you give examples. In order to scan in the way you describe, qscan (and so any NSE script) needs the ability to get times for raw packet receives. Libpcap obviously gives programs this information, but AFAIK the NSE pcap code doesn't expose this to scripts. I just used the current time (clock_ms()) when qscan reads the packet itself, so this data would be useful even if your fast-paced method isn't used. Either way I like your idea, and your results really are promising.
Brandon
Cheers, Kris Katterjohn -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQIcBAEBAgAGBQJLx3LUAAoJEEQxgFs5kUfuxN0P/RQERU0bcmMfsUEBMkawqfaG a3WxJxEApjxWEWlGn2C/SnHzhMl7PA5pyuHyC62WDmbo1PvbpgvaXK02bbo39/Pv ia5WNvjFvFSRT6OsV3ffyR1qPSImp/ZwLYba/d5PooE/5oBj07wsrcrydA0bRc4t q93PkhXru6YlSfIZmQ1q2WrKgdd2AUoWWwb8SuPyF7E2PZCj2g5kx1cVrDJL3mFG rBoJNz3lT/JcES//vMZMPAeXTk4bYB/JmF3nax+QhA0HMaM7OVsRiagklQSqnNnw cd7hXE07jhiNmTjTRCs+521r042Bu2/lhvyW4urQH7Rt1nhkS+Q9dAql+hXLfqIS DwN+T4BG9CgJoQsUx1E8f3iHTHFYOExcKIeA/4BV/YMCEPC84+7OgaSZDDlFldQi znjQvx6Vo+9RJ08gcCPSxt/i/yh8knL28som/GVG9zCuDHmCHvlU1Bnbj/s3WwD5 Llaw8zmbpmvNhvE7yvXCR2xerR0c8T81BvrNNp1aCibrzRNaBTSjCVIRxAzhHsS/ Nb/Wno0EyfzoUeiPxsY0bYW7iW/TfE6rznXNHNZmcDupRtDDmO5/ucFVGbKpXgNj jRNryL5/LCl2W14wXyjuc9vf2I3LdPcjke+YE66c29N6zPUWJQ1fThErhhzx6nyH 9vFsClZhpRRQXV+5YLyR =Aq3a -----END PGP SIGNATURE----- _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Re: Qscan in NSE: qscan.nse Ron (Apr 08)
- Re: Qscan in NSE: qscan.nse Brandon Enright (Apr 08)
- Re: Qscan in NSE: qscan.nse Kris Katterjohn (Apr 08)
- Re: Qscan in NSE: qscan.nse Ron (Apr 08)
- Re: Qscan in NSE: qscan.nse Brandon Enright (Apr 08)
- Re: Qscan in NSE: qscan.nse Brandon Enright (Apr 08)
- Re: Qscan in NSE: qscan.nse Brandon Enright (Apr 14)
- Re: Qscan in NSE: qscan.nse Kris Katterjohn (Apr 15)
- Re: Qscan in NSE: qscan.nse David Fifield (Apr 21)
- Re: Qscan in NSE: qscan.nse doug (Apr 15)