Re: [NSE] Raw ethernet frame questions and NSE library questions

[Kris Katterjohn <katterjohn () gmail com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 02/04/2010 05:55 PM, majek04 wrote:
> > > Take a look at promiscuous.nse. It requires raw ethernet frames.
> > Sorry, I think you misunderstood.  I didn't mean replace ethernet sending with
> > the raw IP sending, convert existing ethernet-requiring scripts, or whatever
> > else.  I was asking if kx's script itself actually required anything at the
> > ethernet level or if writing it with raw IP sending would be better.
>
> Ah, I did misunderstood. Thanks.
> Sure, most people don't care about layer 2.
>
> All the layer 3 stuff in nmap is a bit messy, due to the windows
> rawip hack. I think the biggest problem of my raw-ip code for nse
> was the limitation that it was only able to send data to targets.
> You couldn't send stuff to arbitrary ip address - as the routing
> was based on Target instances (and metadata like layer2 addresses there).

Exactly.  My code allows for sending to arbitrary hosts, but doesn't keep
track of what's a Target and what's not.  This presents the problem of how to
send over ethernet when the user requests it or when it's required for
Windows.  The source and next hop MAC addresses and interface name aren't
simply available for non-Target hosts.  I think the routing code in tcpip.cc
could provide the needed information for this, but if it does then it would
require some type of caching of host information.

I haven't been a very active developer for a while, so my memory on what's
available and what's where is a bit foggy.  I'll have to look into all of
this.  I could be missing something more helpful.

Simply moving packets across a regular raw socket is looking really good :)

> MM

Thanks,
Kris Katterjohn

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQIcBAEBAgAGBQJLa4jOAAoJEEQxgFs5kUfuD3wP/1d9W+c5ngbZESFpZyzPeP8k
OVzv24ewCzuWO7zv0pWtm2/npxlWRnoTrfYfM5YvkHKIAMF4yEb4k/Dr/KoXeak+
RVc9A0gKqJC2zgmyCt91pgQwQuBwIFcIzz0jpByX9Y2X0mtV81zmWymoqbsIQa5B
qdJxvA/naAyncGg+x0zLiGiruJb2nDRRAfkYSMMOld087n4O86LbymOFU6aV30Dy
/zgtGCeDsDYjjOmwOe6Nz//Q5Kkzb14FG6qUS+sEjeYfE0AoVfgKOioIFF6jjoz9
BzvKW+L7uM39iNGodk82sbVvXT3bkS6HvVpjppj/NmMP3LtItw52KODHHnuwFGGZ
BidCpKxQ+wZQZyeDbSpw9L/1NK+VfayF1LtCcpo1j7zKy9CQ+t0Phf98rA27s+eO
1pgG0ktOF47WyLnuy5BI2ZQXlgWBeBGAFWjCKGmjYCu27+SPafq+kGYPn6DPblbp
Wl215oH1SngFY2Vu5t2XCTriPfx3SmH1GZ+D8L4QtlI/uk8mWTLQqILawiT++LbG
HuCI+zrRjH8oUB8PM+oGA2RpCr6dD2N6N+mHuljAc/cDPjmshVTyvMaJA1y3Ewkn
s748ppVL8x1WxNXAmYoj+i/0C3cVAM7LvCQfpBT2nZf76bpOdLQ5QIzQUO0dHiTv
/MV2piVhaVNzTXS0OPkk
=k3n2
-----END PGP SIGNATURE-----
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/