Nmap Development mailing list archives
Re: [NSE] script idea: identify ports behind a NAT
From: Kris Katterjohn <katterjohn () gmail com>
Date: Wed, 17 Mar 2010 13:25:31 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 03/17/2010 12:39 PM, David Fifield wrote:
On Wed, Mar 17, 2010 at 03:56:16PM +0000, jah wrote:Doug Hoyte created a patch for Nmap which introduced a scan type he named Qscan. It did detection based on timing (grouping ports by similar round-trip times) and worked well. The patch was never integrated and Marek Majkowski suggested it might be a job for NSE back in '07: http://seclists.org/nmap-dev/2007/q3/63 It's definitely a good idea. Someone's just got to write it...
Yeah, I remember playing with Qscan in the patches Doug sent in. I wanted Qscan in Nmap, but NSE is probably a good place for it for now.
Doug's patch and documentation are here. http://hcsw.org/nmap/QSCAN http://hcsw.org/nmap/nmap-4.52-qscan.patch The output looks like this. Here port 8080 is being port forwarded. Qscan parameters: round trips: 10, avg delay = 200ms, confidence = 0.95 Target:Port Fam uRTT +/- Stddev Loss% 192.168.1.254:23 A 3.1 +/- 0.1 0 192.168.1.254:25 A 3.1 +/- 0.2 0 192.168.1.254:80 A 3.2 +/- 0.1 0 192.168.1.254:8080 B 4.6 +/- 0.3 0 192.168.1.254:9876 A 3.1 +/- 0.2 0 I agree it would be a good NSE script. We have the mechanism now, with nmap.ip_send to send packets and nmap.get_ports to enumerate all open ports.
All ready another interesting use for the raw IP sending! :) This sounds like a good idea and I'll definitely be playing around with it because it sounds like fun.
David Fifield
Cheers, Kris Katterjohn -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQIcBAEBAgAGBQJLoR6aAAoJEEQxgFs5kUfuKRQP/3bTY3QV2Rhzu/NpUnuIS4im bMlg32MPp0qo+RbTriexiP6D+MOsD8pigVuSEiBLzN+WI+9RlNRKBbVQG6raNmvB NHuwopZ8hoOv35DbmNLerFk4moHmpGh3B6hncRG4RzuCAtLS4zrJwOfBK5LRwDLo OPoJZWDlUdEwHzzu3O2tJv2xNUqjrV7Vh41O0sAWRXC/hMYD+buq2LXrzoMhtQFv +0L7heNjEisLr5rJHGZ46pfNC23C47NqsRf1tgCP5ULIyBCOGI4Xbm2uEMTY7JZG WUyVHLAuHiZ2j5GXLYZKqALAL1LwHdfz7uOneTEsKDFlniXdfAJeZWqjeNCXLESm vmV9XZWs6RDYCuF/iFMh+Sfx2c6OnatXP5e75G7EZR3/ESihQTmzqH4Hz8bd0KAv w0EfXu2SX07apKYtwjSwQIA7dHE4p2w2EsxTsx2BCNJ7MzgkbaMmlrNbrYpCYsJN i+6uAbnSZptCpG+aQkneHa5X7x8rlzxhL4D7inMRFOvD2Wg/QmCOS4EO5o5A+oOl 4fqzHK3lvfxvaMcnAGzI08YjT5J+z0x9y+wCE6osgOuSCSFGBEfCsCY+Rd7k1JEt wgu4H0JiyOnsV8LZVL4c3ghHlnaRvyM3ABPM21/h/ZqfwUQmyxlVjqfvFoDrxyMJ Wcvc+x16XA8uOyKPvDwm =9aB5 -----END PGP SIGNATURE----- _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [NSE] script idea: identify ports behind a NAT Ron (Mar 17)
- Re: [NSE] script idea: identify ports behind a NAT jah (Mar 17)
- Re: [NSE] script idea: identify ports behind a NAT DePriest, Jason R. (Mar 17)
- Re: [NSE] script idea: identify ports behind a NAT David Fifield (Mar 17)
- Re: [NSE] script idea: identify ports behind a NAT Kris Katterjohn (Mar 17)
- Qscan in NSE: qscan.nse Kris Katterjohn (Mar 17)
- Re: Qscan in NSE: qscan.nse Kris Katterjohn (Mar 17)
- Re: Qscan in NSE: qscan.nse Ron (Mar 17)
- Re: Qscan in NSE: qscan.nse Kris Katterjohn (Mar 17)
- Re: Qscan in NSE: qscan.nse Ron (Mar 18)
- Re: Qscan in NSE: qscan.nse Fyodor (Mar 20)
- Re: Qscan in NSE: qscan.nse Ron (Mar 19)
- Re: Qscan in NSE: qscan.nse Kris Katterjohn (Mar 19)
- Re: Qscan in NSE: qscan.nse David Fifield (Mar 20)
- Re: Qscan in NSE: qscan.nse Kris Katterjohn (Mar 21)
- Re: [NSE] script idea: identify ports behind a NAT jah (Mar 17)