Response to your question on IRC

[Daniel Miller <bonsaiviking () gmail com>]

2014-08-04T17:00:35  <klaudiu> hi, is there a way to run a script against
an UDP service, without requiring root permission
2014-08-04T17:12:03  <klaudiu> I thought raw sockets were needed only for
host discovery, so, if I disable it (-Pn), it shouldn't need root

Hi, Claudiu,

Nmap's UDP port scanner uses raw sockets to build and send UDP packets, and
therefore must use libpcap to sniff for responses, since this is handled
entirely outside the OS's networking stack. Just like TCP SYN scans have
speed benefits over TCP Connect scans, doing UDP scanning this way is just
faster.

Nsock, however, uses the host's TCP/IP stack to do UDP communications, so
sending and receiving UDP packets is no problem within NSE, even without
privileges. For instance, this is how many of the DNS scripts work,
including my recent fcrdns.nse.

Jacek's GSOC project is a replacement of the current select-based TCP
Connect scan with a Nsock-based one. If this is completed, it may be
feasible to implement a "UDP Connect" scan type as a fallback for
unprivileged users.

I'm CC'ing the dev mailing list with this, because I think it might
interest some of the folks there, and it serves as a good way to archive
the discussion in case anyone else has the same or a similar question.

Dan
_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/