SoC Idea: Pcap compatible output for received packets

[Kris Katterjohn <katterjohn () gmail com>]

Hey everyone!

I thought of this idea a couple days ago, and in looking I see that
Unicornscan implements it all ready.

Basically, an option to output the received packets in pcap compatible
format so they can later be read by programs like tcpdump, ettercap, and
wireshark.

It should be pretty easy to do, but doesn't really need to be in Nmap
unless people will use it.  So if you can give me a yay or nay, that'd
be cool.  And if you can give examples of what you'd use it for, that'd
be even better.

I would love to be able to get the sent packets outputted in this format
as well, but since libpcap is a packet _capturing_ library, I don't know
how to do that when scanning something other than localhost :) If you
think you know how, please say so!  Because that would be awesome!
Aside from hacking libpcap anyway :)

Well, please let me know what you think!


Thanks,
Kris Katterjohn

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org