Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [NSE] Raw ethernet frame questions and NSE library questions

From: Fyodor <fyodor () insecure org>
Date: Thu, 4 Feb 2010 14:09:03 -0800
On Thu, Feb 04, 2010 at 10:58:03AM -0600, Kris Katterjohn wrote:


I bring all this up because if you like it and find it useful then hopefully
it can get into trunk in one form or another.


Sounds very interesting.  Be sure to keep us on nmap-dev informed of
the status and progress of the system.  Your demonstration script
(checking IPID sequence predictability) is a clever and useful one!


The only problem is right now it doesn't work on machines with broken raw
sockets (the Windows).  However that should be a matter of recognizing this
and trying to use ethernet anyway, if supported (but see my log message for
more).


Why not use Nmap's existing functionality for sending IP packets
(e.g. send_ip_raw() or, at a lower level, send_ip_packet())?  That way
Nmap decides whether to send it on the raw device by building an
ethernet frame or to use raw IP packets, based on the capabilities of
the system (e.g. now raw sockets on Windows) and user options
(--send-ip, --send-eth)?

It does seem like NSE should be able to send raw packets.


I only ask because Marek used to have (a while ago obviously) a
patch for raw IP sending for NSE, but it never got into Nmap proper.


I don't remember why it didn't.  Maybe there was a reason, or maybe it
just fell through the cracks?  It is probably worth looking at again,
though I don't know if it that old patch will still work with current
Nmap.  Maybe Kris's new patch can bring out the best ideas from
Marek's patch, plus Kris's own improvements.


Cheers,
-F
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: