Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: nmap.bind to set NSE socket source address

From: Tom Sellers <nmap () fadedcode net>
Date: Thu, 15 Oct 2009 18:04:01 -0500
David Fifield wrote:
Take a look at the attached .pcap file -- I did DHCPINFORM, which worked fine with the changes, then I did DHCPDISCOVER, which didn't. 

Do you know if there's any way to receive broadcast packets without a pcap?


The DHCP server in my router sends back a unicast DHCP offer in response
to DHCPDISCOVER, so it must not be every server that does that.

I think what you would normally do is make a socket bound to
255.255.255.255:67 and try to receive on it. In Python this works:

import socket
s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM, socket.IPPROTO_UDP)
s.bind("255.255.255.255", 67)
print s.recv()

But that currently won't work in NSE, because the socket descriptor
isn't created until a connection is attempted. There's no way to create
a socket without also connecting it. Something about the connection
keeps the receive from working. This is what I tried:

s = nmap.new_socket()
assert(s:bind("255.255.255.255", 67))
assert(s:connect(host.ip, 68, "udp"))
status, data = s:receive()

So we would have to rearchitect part of Nsock to allocate a socket on
nsi_new, which I think is pretty reasonable.

David Fifield



I have never used them, but would nmap.pcap_open [1] and nmap.pcap_receive be
useful for this?  It looks like some work, but it looks like pcap_open
will take a filter expression that could limit the amount of data you have
to process.

Tom


1.  http://nmap.org/nsedoc/lib/nmap.html#pcap_open

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
Previous By Date Next
Previous By Thread Next

Current thread: