Nmap Development mailing list archives

Re: Raw IP NSE Functionality

From: Kris Katterjohn <katterjohn () gmail com>
Date: Fri, 26 Feb 2010 14:49:02 -0600

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 02/25/2010 04:03 PM, David Fifield wrote:

The BPF filter alone won't prohibit one script from receiving another
script's packets. As I understand it, that's the purpose of the extra
pcap_register step. You could make the matching more robust by
registering all the information that you currently have in the BPF,
which is the source and destination hosts as well as the source port.


After running into another seemingly unrelated problem last night, I moved to
adding this additional data to the pcap_register() call.

This all looks good an ready to merge, once you add documentation for
the nmap.get_ports function to nmap.luadoc and scripting.xml.


I've merged everything over in r16885.

I'm thinking the script would be something good to add to the "Finding a
Working Idle Scan Zombie Host" in the Idle Scan section of the Nmap Book;
however, I'm not sure what my permissions are anymore so this may just be more
of a suggestion.  Thoughts?

David Fifield


Thanks for the help,
Kris Katterjohn

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQIcBAEBAgAGBQJLiDO+AAoJEEQxgFs5kUfuNrEQALianAT5MEgnFUH1hxoeLvRY
bBRmAisLDY7GW0V2v1im08Uuyitj7fomMDiRc3nz25QnnBlNTuu7ccU8fWxIQ90V
+mpAx+04/Z0ap1KwsHNLZZ/IMNHYPuMf4x4FfEjWCix7kEnT/CKOM71H15/F+PmQ
/QPLrCIMqQ+ZrevL904Q08JlOm7w0lwSVRr0Xym4k1fm4NS5XXymQd+AfdVMQpA0
sB3FywpPe9HKgBHpZF0wp1r9KfSZ11E1WYRrD9nk+jA1hNwVfySqgG7GTpFssWYT
uImBogZ+agcBqTGqg7GpQnUcZZk4fVSNRCHq8TOQsIRglwHWISv7uPO4r9ybKv7b
Hc6lS+fVmkcE4ZwyOSHgfoeiFljG874UzMPg80OWaYwNnek/uJ+BsfNsnEsl9WJZ
TFogA1REkkZzzKE4TQNfpGs5OMgxy5Sn7JRH7lAfHJkkYRMCR1TmXgaWr1j3c85C
ZKJfniTVrGYCExck9hh8NDbmIaeHZkgu/a+vq54OAO6YBgRKh92GWBA+8N352QpS
T953dln97u0+oAsG38rUhJ98w70ScrD+qnqAChF+uJ4FpDstLntqxwFwK5gZ4iJ+
+9l5a2wNkCt7+Z/UWV92o+uR8UMJ1hAQdQoDMuGAzya3PJVpGBMSbqJFv17h79/p
G32lRymLCtdAaTXav2Pr
=eG23
-----END PGP SIGNATURE-----
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

Current thread:

Re: Raw IP NSE Functionality, (continued)
- - - Re: Raw IP NSE Functionality Patrick Donnelly (Feb 23)
    - Re: Raw IP NSE Functionality Kris Katterjohn (Feb 23)
    - Re: Raw IP NSE Functionality David Fifield (Feb 23)
    - Re: Raw IP NSE Functionality David Fifield (Feb 25)
    - Re: Raw IP NSE Functionality Kris Katterjohn (Feb 25)
    - pcap_register David Fifield (Feb 25)
    - Re: pcap_register majek04 (Feb 26)
    - Re: pcap_register Kris Katterjohn (Feb 26)
    - Re: Raw IP NSE Functionality kx (Feb 25)
    - Re: Raw IP NSE Functionality David Fifield (Feb 25)
    - Re: Raw IP NSE Functionality Kris Katterjohn (Feb 26)