Nmap Development mailing list archives
Re: [NSE] Raw ethernet frame questions and NSE library questions
From: Kris Katterjohn <katterjohn () gmail com>
Date: Thu, 04 Feb 2010 20:56:15 -0600
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 02/04/2010 05:55 PM, majek04 wrote:
Take a look at promiscuous.nse. It requires raw ethernet frames.Sorry, I think you misunderstood. I didn't mean replace ethernet sending with the raw IP sending, convert existing ethernet-requiring scripts, or whatever else. I was asking if kx's script itself actually required anything at the ethernet level or if writing it with raw IP sending would be better.Ah, I did misunderstood. Thanks. Sure, most people don't care about layer 2. All the layer 3 stuff in nmap is a bit messy, due to the windows rawip hack. I think the biggest problem of my raw-ip code for nse was the limitation that it was only able to send data to targets. You couldn't send stuff to arbitrary ip address - as the routing was based on Target instances (and metadata like layer2 addresses there).
Exactly. My code allows for sending to arbitrary hosts, but doesn't keep track of what's a Target and what's not. This presents the problem of how to send over ethernet when the user requests it or when it's required for Windows. The source and next hop MAC addresses and interface name aren't simply available for non-Target hosts. I think the routing code in tcpip.cc could provide the needed information for this, but if it does then it would require some type of caching of host information. I haven't been a very active developer for a while, so my memory on what's available and what's where is a bit foggy. I'll have to look into all of this. I could be missing something more helpful. Simply moving packets across a regular raw socket is looking really good :)
MM
Thanks, Kris Katterjohn -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQIcBAEBAgAGBQJLa4jOAAoJEEQxgFs5kUfuD3wP/1d9W+c5ngbZESFpZyzPeP8k OVzv24ewCzuWO7zv0pWtm2/npxlWRnoTrfYfM5YvkHKIAMF4yEb4k/Dr/KoXeak+ RVc9A0gKqJC2zgmyCt91pgQwQuBwIFcIzz0jpByX9Y2X0mtV81zmWymoqbsIQa5B qdJxvA/naAyncGg+x0zLiGiruJb2nDRRAfkYSMMOld087n4O86LbymOFU6aV30Dy /zgtGCeDsDYjjOmwOe6Nz//Q5Kkzb14FG6qUS+sEjeYfE0AoVfgKOioIFF6jjoz9 BzvKW+L7uM39iNGodk82sbVvXT3bkS6HvVpjppj/NmMP3LtItw52KODHHnuwFGGZ BidCpKxQ+wZQZyeDbSpw9L/1NK+VfayF1LtCcpo1j7zKy9CQ+t0Phf98rA27s+eO 1pgG0ktOF47WyLnuy5BI2ZQXlgWBeBGAFWjCKGmjYCu27+SPafq+kGYPn6DPblbp Wl215oH1SngFY2Vu5t2XCTriPfx3SmH1GZ+D8L4QtlI/uk8mWTLQqILawiT++LbG HuCI+zrRjH8oUB8PM+oGA2RpCr6dD2N6N+mHuljAc/cDPjmshVTyvMaJA1y3Ewkn s748ppVL8x1WxNXAmYoj+i/0C3cVAM7LvCQfpBT2nZf76bpOdLQ5QIzQUO0dHiTv /MV2piVhaVNzTXS0OPkk =k3n2 -----END PGP SIGNATURE----- _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [NSE] Raw ethernet frame questions and NSE library questions kx (Feb 03)
- Re: [NSE] Raw ethernet frame questions and NSE library questions Kris Katterjohn (Feb 04)
- Re: [NSE] Raw ethernet frame questions and NSE library questions majek04 (Feb 04)
- Re: [NSE] Raw ethernet frame questions and NSE library questions Kris Katterjohn (Feb 04)
- Re: [NSE] Raw ethernet frame questions and NSE library questions kx (Feb 04)
- Re: [NSE] Raw ethernet frame questions and NSE library questions majek04 (Feb 04)
- Re: [NSE] Raw ethernet frame questions and NSE library questions Kris Katterjohn (Feb 04)
- Re: [NSE] Raw ethernet frame questions and NSE library questions majek04 (Feb 04)
- Re: [NSE] Raw ethernet frame questions and NSE library questions Kris Katterjohn (Feb 04)
- Re: [NSE] Raw ethernet frame questions and NSE library questions Fyodor (Feb 04)
- Re: [NSE] Raw ethernet frame questions and NSE library questions Kris Katterjohn (Feb 04)
- Re: [NSE] Raw ethernet frame questions and NSE library questions Kris Katterjohn (Feb 05)
- Re: [NSE] Raw ethernet frame questions and NSE library questions Kris Katterjohn (Feb 05)
- Re: [NSE] Raw ethernet frame questions and NSE library questions kx (Feb 05)
- Re: [NSE] Raw ethernet frame questions and NSE library questions Kris Katterjohn (Feb 05)
- Re: [NSE] Raw ethernet frame questions and NSE library questions Fyodor (Feb 08)
- Raw IP NSE Functionality (Was Re: [NSE] Raw ethernet frame questions ...) Kris Katterjohn (Feb 11)
- Re: Raw IP NSE Functionality (Was Re: [NSE] Raw ethernet frame questions ...) Patrick Donnelly (Feb 11)
- Re: Raw IP NSE Functionality (Was Re: [NSE] Raw ethernet frame questions ...) Kris Katterjohn (Feb 11)