Nmap Development mailing list archives
Re: [NSE] Draft - targets-sniffer.nse
From: Nick Nikolaou <nikolasnikolaou1 () gmail com>
Date: Mon, 28 Mar 2011 18:41:43 +0100
Not exactly, at least not if timeout stands for "total execution time". In case the timeout is set to 4sec for instance, and if the script receives a packet after 3.90 sec, it will start a loop for another 4 seconds. Maybe it is an intended behavior but I think that most users will expect the script to sniff for the exact duration they supplied. You could update the timeout at each iteration to have a finer control of the execution time.
You are right, I meant to set the socket timeout as a constant (example 1-2 seconds) and that way depending on the frequency of packets it would always timeout within 1 or 2 seconds. Your way makes more sense since it would allow the script to sniff for the exact time specified and there's no reason for all the extra receive calls. Cool! Unless I am missing a reason not to do so, you could even move
the last call into the prerule function
Done.
Finally, I would also suggest to use stdnse.get_script_args() instead of reading arguments from the registry. This could be combined with the addition of a default value for the timeout.
Good idea, thanks. I made all the changes. Thanks again for your help. Nick On 28 March 2011 15:48, Henri Doreau <henri.doreau () greenbone net> wrote:
Hi Nick, 2011/3/28 Nick Nikolaou <nikolasnikolaou1 () gmail com>:Hello everyone once again, I made some further changes to the script: 1. Removed the simple *.*.*.255 broadcast check since it wouldn't do anything on a VLSM network. The script now gets the broadcast address using Djalal's patch and iface_info.broadcast. 2. Changed the way IP addresses are extracted from packets. That is nowdoneusing the packet library.Nice work.3. Timeout works as it should.Not exactly, at least not if timeout stands for "total execution time". In case the timeout is set to 4sec for instance, and if the script receives a packet after 3.90 sec, it will start a loop for another 4 seconds. Maybe it is an intended behavior but I think that most users will expect the script to sniff for the exact duration they supplied. You could update the timeout at each iteration to have a finer control of the execution time. Here is an example: <...> sock:pcap_open(iface, 104, false , "ip") stdnse.print_debug(1, "Using interface %s", iface) repeat local start_time = nmap.clock_ms() -- Used for script timeout sock:set_timeout(timeout) local status, _, _, layer3 = sock:pcap_receive() if status then local ip_src, ip_dst = get_ip_addresses(layer3) <...check and store IP addresses...> end -- update timeout timeout = timeout - (nmap.clock_ms() - start_time) until timeout <= 0 sock:pcap_close() <...> This code uses a repeat...until form that avoid duplicate calls to pcap_receive(). The timeout is also set before the call to pcap_receive().4. As per Henri's suggestion most of the initializations are now inside functions (with a couple of exceptions) and code should be easier tofollow.I also checked that variables and functions have the correct scope.Cool! Unless I am missing a reason not to do so, you could even move the last call into the prerule function: <...> if nmap.is_privileged() then iface = nmap.get_interface() if iface then return true <...>5. The script doesn't default to eth0 if no interface is specified but prints an error message. As you know by now, the script relies heavily on Djalal's interface patchsothe patch needs to be added first in order to use the script.Finally, I would also suggest to use stdnse.get_script_args() instead of reading arguments from the registry. This could be combined with the addition of a default value for the timeout. <...> local timeoutstr = stdnse.get_script_args("targets-sniffer.timeout") or tostring(DEFAULT_TIMEOUT_SEC) local timeout = stdnse.parse_timespec(timeoutstr) * 1000 <...>I hope you find this useful. Cheers, NickRegards. -- Henri Doreau | Greenbone Networks GmbH | http://www.greenbone.net Neuer Graben 17, 49074 Osnabrueck, Germany | AG Osnabrueck, HR B 202460 Executive Directors: Lukas Grunwald, Dr. Jan-Oliver Wagner
Attachment:
targets-sniffer.nse
Description:
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [NSE] Draft - targets-sniffer.nse Nick Nikolaou (Mar 22)
- Re: [NSE] Draft - targets-sniffer.nse Kris Katterjohn (Mar 22)
- Re: [NSE] Draft - targets-sniffer.nse David Fifield (Mar 22)
- Re: [NSE] Draft - targets-sniffer.nse Djalal Harouni (Mar 22)
- Re: [NSE] Draft - targets-sniffer.nse Nick Nikolaou (Mar 24)
- Re: [NSE] Draft - targets-sniffer.nse Nick Nikolaou (Mar 26)
- Re: [NSE] Draft - targets-sniffer.nse Nick Nikolaou (Mar 26)
- Re: [NSE] Draft - targets-sniffer.nse Henri Doreau (Mar 26)
- Re: [NSE] Draft - targets-sniffer.nse Nick Nikolaou (Mar 28)
- Re: [NSE] Draft - targets-sniffer.nse Henri Doreau (Mar 28)
- Re: [NSE] Draft - targets-sniffer.nse Nick Nikolaou (Mar 28)
- Re: [NSE] Draft - targets-sniffer.nse Djalal Harouni (Mar 29)
- Re: [NSE] Draft - targets-sniffer.nse Toni Ruottu (Mar 29)
- Re: [NSE] Draft - targets-sniffer.nse Abuse007 (Mar 30)
- Re: [NSE] Draft - targets-sniffer.nse Djalal Harouni (Mar 22)
- Re: [NSE] Draft - targets-sniffer.nse Nick Nikolaou (Mar 22)
- Re: [NSE] Draft - targets-sniffer.nse Patrick Donnelly (Mar 22)