Nmap Development mailing list archives

Payload Hexdump in --packet-trace and -d4 output

From: jrf <jay.fink () gmail com>
Date: Wed, 2 Jun 2010 13:24:10 -0400

All,

Attached is a patch of perhaps limited interest. While testing the
payloads from a file code David wrote a nice print function to dump
out the UDP payload. I thought it would be cool if we could include
this as part of a trace/debug output. I adapted David's function and
have attached it for anyone interested. Note this should be printing
all UDP payloads not just those we load up from the file. 

Per David's suggestion to invoke this type:

 nmap -sU --packet-trace -d4 [host[s] spec]

For speedier test results I suggest using --top-ports<=64

Comments, suggestions, bricks all welcome.


Thanks,
 j

Index: utils.h
===================================================================
--- utils.h     (revision 17780)
+++ utils.h     (working copy)
@@ -240,4 +240,5 @@
 int win32_munmap(char *filestr, int filelen);
 #endif /* WIN32 */
 
+void print_hexdump(const unsigned char *data, size_t len); /* XXX jrf
UDPPrint */
 #endif /* UTILS_H */
Index: utils.cc
===================================================================
--- utils.cc    (revision 17780)
+++ utils.cc    (working copy)
@@ -925,3 +925,32 @@
 }
 
 #endif
+
+/* XXX jrf - UDP Printer */
+void print_hexdump (const unsigned char *data, size_t len) {
+  unsigned int i, j;
+
+  i = 0;
+  while (i < len) {
+    printf("%04X ", i);
+    for (j = 0; j < 16; j++) {
+      if (j == 8)
+        printf(" ");
+      if (i + j < len)
+        printf(" %02X", data[i + j]);
+      else
+        printf("   ");
+    }
+    printf("  ");
+    for (j = 0; j < 16; j++) {
+      if (j == 8)
+        printf(" ");
+      if (i + j < len)
+        printf("%c", isprint(data[i + j]) ? data[i + j] : '.');
+      else
+        printf(" ");
+    }
+    i += j;
+    printf("\n");
+  }
+}
Index: scan_engine.cc
===================================================================
--- scan_engine.cc      (revision 17780)
+++ scan_engine.cc      (working copy)
@@ -3193,6 +3193,10 @@
 
     payload = get_udp_payload(pspec->pd.udp.dport, &payload_length);
 
+    /* XXX jrf UDP payload print */
+    if ((o.packetTrace()) && (o.debugging > 3)) 
+      print_hexdump((unsigned char *) payload, payload_length);
+
     for(decoy = 0; decoy < o.numdecoys; decoy++) {
       packet = build_udp_raw(&o.decoys[decoy],
hss->target->v4hostip(),
                             o.ttl, ipid, IP_TOS_DEFAULT, false,

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

Current thread:

Payload Hexdump in --packet-trace and -d4 output jrf (Jun 02)
- Re: Payload Hexdump in --packet-trace and -d4 output Luis MartinGarcia. (Jun 02)
  - Re: Payload Hexdump in --packet-trace and -d4 output jrf (Jun 02)
    - Re: Payload Hexdump in --packet-trace and -d4 output jrf (Jun 02)
    - Re: Payload Hexdump in --packet-trace and -d4 output David Fifield (Jun 02)
    - Re: Payload Hexdump in --packet-trace and -d4 output jrf (Jun 02)