Nmap Development mailing list archives

Re: ncat udp

From: David Fifield <david () bamsoftware com>
Date: Thu, 26 Mar 2009 09:29:02 -0600

On Thu, Mar 26, 2009 at 11:54:57AM +0100, Marius Sturm wrote:

thanks for your comments. I followed your suggestions and the patch
looks much cleaner now.


Thanks a lot! It works great. The --exec and --sh-exec options now work
in UDP mode like they do in TCP mode. The server accepts multiple
concurrent connections and forks off a handler for each of them. I
removed all the while loops from the examples in
http://nmap.org/ncat/guide/ncat-simple-services.html.

Now that we allow multiple connections, could you implement the
--max-conns option in ncat_listen_udp? It just involves updating and
checking the conn_count variable like in ncat_listen_tcp.

The only remaining difference is UDP is listen mode without an exec
option. That still only accepts one client. Making that work like TCP
mode will be more difficult because we will have to maintain a list of
connected clients and somehow decide when to remove a client from the
list.

Only two points, should the ncat client be terminated after receiving a
datagram like in tcp mode?


No, because the server may have more than one datagram to send:

ncat -l --udp --sh-exec "echo one; sleep 1; echo two"

I think it's okay to leave clients hanging; that's just the nature of
UDP.

And, should --send-only/--recv-only effect the --exec option?


Hmm, I hadn't thought of that. The diagnostic service examples use those
options but they don't actually have an effect with an executed command.
With TCP (maybe UDP too?) we could shutdown one direction of the socket
before handing it to the subprogram. However --send-only and --recv-only
don't work like that in other parts of Ncat. --send-only actually does
recv data, it just doesn't write it to standard output. Likewise
--recv-only reads from standard input, it just doesn't send what it
reads. I don't know if that's the correct behavior or not.

David Fifield

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org

Current thread:

ncat udp Marius Sturm (Mar 25)
- Re: ncat udp David Fifield (Mar 25)
- <Possible follow-ups>
- Re: ncat udp Marius Sturm (Mar 26)
  - Re: ncat udp David Fifield (Mar 26)
    - Re: ncat udp Marius Sturm (Mar 27)
    - Re: ncat udp David Fifield (Mar 27)
    - Re: ncat udp David Fifield (Mar 27)