Nmap Development mailing list archives
Re: "sniffer" category
From: Patrik Karlsson <patrik () cqure net>
Date: Tue, 8 Nov 2011 21:43:29 +0100
On Tue, Nov 8, 2011 at 9:27 PM, David Fifield <david () bamsoftware com> wrote:
On Tue, Nov 08, 2011 at 05:23:52PM +0100, Patrik Karlsson wrote:On Tue, Nov 8, 2011 at 5:10 PM, David Fifield <david () bamsoftware com>wrote:On Fri, Oct 07, 2011 at 05:35:40PM -0700, David Fifield wrote:Hi, Why does targets-sniffer.nse not use promiscuous mode? As it is, itonlyfinds addresses that communicate with the scanning host, which is not that useful. Why don't we change false to true here? sock:pcap_open(interface, 104, false, "ip")I turned on promiscuous mode for this script. David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/I'll check the broadcast-listener script for this as well. In regards to these sniffing scripts I would like to create the "sniffer" category and place them in there, rather than in the broadcast category as we've discussed earlier. I guess that the new category needs to be documented somewhere inadditionto changing the category in the scripts? Where would that place be, andis"sniffer" the category name to go with?Is "sniffer" really what we want to express? It seems to me what people want is a category for "scripts that run on the whole network with a fixed delay that I don't care about when I'm just scanning a few hosts." I think that people use "broadcast" with that meaning now, mostly in the form "and not broadcast". So "broadcast" might not be the right name for the category, but breaking out a separate "sniffer" is just going to make people change to "and not broadcast and not sniffer". David Fifield
Well, to be honest, I'm not sure what people want. Personally, I usually run quite "narrow" scans with only a few scripts (called by name) at a time and don't really make that big use of the categories. But the subject was discussed recently here: http://seclists.org/nmap-dev/2011/q4/160 I tend to agree that grouping scripts that do active broadcast/multicast requests with a a few passive scripts that sniff the wire in a category called broadcast could be confusing. I also see your point of: "and not broadcast and not sniffer" ... So suggestions are welcome ... //Patrik -- Patrik Karlsson http://www.cqure.net http://twitter.com/nevdull77 _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- targets-sniffer not using promiscuous mode? David Fifield (Oct 07)
- Re: targets-sniffer not using promiscuous mode? David Fifield (Nov 08)
- Re: targets-sniffer not using promiscuous mode? Patrik Karlsson (Nov 08)
- "sniffer" category David Fifield (Nov 08)
- Re: "sniffer" category Patrik Karlsson (Nov 08)
- Re: "sniffer" category Luis MartinGarcia. (Nov 08)
- Re: "sniffer" category David Fifield (Nov 08)
- Re: "sniffer" category Patrik Karlsson (Nov 08)
- Re: "sniffer" category David Fifield (Nov 08)
- Re: targets-sniffer not using promiscuous mode? Patrik Karlsson (Nov 08)
- Re: targets-sniffer not using promiscuous mode? David Fifield (Nov 08)