Nmap Development mailing list archives

Re: Qscan in NSE: qscan.nse

From: Kris Katterjohn <katterjohn () gmail com>
Date: Thu, 15 Apr 2010 15:11:01 -0500

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 04/14/2010 07:57 PM, Brandon Enright wrote:

I decided to test my idea of probing faster.  My results are very
promising.

I tested the following way.  First I sent 10 packets at 1pps to an open
port, roughly like qscan.  I then sent 100 packets at 10pps which takes
the same amount of time.  I then sent 100 packets at 100pps for 10x
time savings.


Sorry for not getting the chance to give a meaningful reply yet.  I've been
busy, but I've been hoping to look into this stuff soon (but "soon" keeps
changing).  I thought your idea was an interesting one, and I especially do
now that you give examples.

In order to scan in the way you describe, qscan (and so any NSE script) needs
the ability to get times for raw packet receives.  Libpcap obviously gives
programs this information, but AFAIK the NSE pcap code doesn't expose this to
scripts.  I just used the current time (clock_ms()) when qscan reads the
packet itself, so this data would be useful even if your fast-paced method
isn't used.

Either way I like your idea, and your results really are promising.

Brandon


Cheers,
Kris Katterjohn

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQIcBAEBAgAGBQJLx3LUAAoJEEQxgFs5kUfuxN0P/RQERU0bcmMfsUEBMkawqfaG
a3WxJxEApjxWEWlGn2C/SnHzhMl7PA5pyuHyC62WDmbo1PvbpgvaXK02bbo39/Pv
ia5WNvjFvFSRT6OsV3ffyR1qPSImp/ZwLYba/d5PooE/5oBj07wsrcrydA0bRc4t
q93PkhXru6YlSfIZmQ1q2WrKgdd2AUoWWwb8SuPyF7E2PZCj2g5kx1cVrDJL3mFG
rBoJNz3lT/JcES//vMZMPAeXTk4bYB/JmF3nax+QhA0HMaM7OVsRiagklQSqnNnw
cd7hXE07jhiNmTjTRCs+521r042Bu2/lhvyW4urQH7Rt1nhkS+Q9dAql+hXLfqIS
DwN+T4BG9CgJoQsUx1E8f3iHTHFYOExcKIeA/4BV/YMCEPC84+7OgaSZDDlFldQi
znjQvx6Vo+9RJ08gcCPSxt/i/yh8knL28som/GVG9zCuDHmCHvlU1Bnbj/s3WwD5
Llaw8zmbpmvNhvE7yvXCR2xerR0c8T81BvrNNp1aCibrzRNaBTSjCVIRxAzhHsS/
Nb/Wno0EyfzoUeiPxsY0bYW7iW/TfE6rznXNHNZmcDupRtDDmO5/ucFVGbKpXgNj
jRNryL5/LCl2W14wXyjuc9vf2I3LdPcjke+YE66c29N6zPUWJQ1fThErhhzx6nyH
9vFsClZhpRRQXV+5YLyR
=Aq3a
-----END PGP SIGNATURE-----
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

Current thread:

Re: Qscan in NSE: qscan.nse Ron (Apr 08)
- Re: Qscan in NSE: qscan.nse Brandon Enright (Apr 08)
- Re: Qscan in NSE: qscan.nse Kris Katterjohn (Apr 08)
  - Re: Qscan in NSE: qscan.nse Ron (Apr 08)
  - Re: Qscan in NSE: qscan.nse Brandon Enright (Apr 08)
    - Re: Qscan in NSE: qscan.nse Brandon Enright (Apr 08)
    - Re: Qscan in NSE: qscan.nse Brandon Enright (Apr 14)
    - Re: Qscan in NSE: qscan.nse Kris Katterjohn (Apr 15)
    - Re: Qscan in NSE: qscan.nse David Fifield (Apr 21)
    - Re: Qscan in NSE: qscan.nse doug (Apr 15)