Nmap Development mailing list archives
Re: [NSE] Draft - targets-sniffer.nse
From: Nick Nikolaou <nikolasnikolaou1 () gmail com>
Date: Mon, 28 Mar 2011 13:48:51 +0100
Hello everyone once again, I made some further changes to the script: 1. Removed the simple *.*.*.255 broadcast check since it wouldn't do anything on a VLSM network. The script now gets the broadcast address using Djalal's patch and iface_info.broadcast. 2. Changed the way IP addresses are extracted from packets. That is now done using the packet library. 3. Timeout works as it should. 4. As per Henri's suggestion most of the initializations are now inside functions (with a couple of exceptions) and code should be easier to follow. I also checked that variables and functions have the correct scope. 5. The script doesn't default to eth0 if no interface is specified but prints an error message. As you know by now, the script relies heavily on Djalal's interface patch so the patch needs to be added first in order to use the script. I hope you find this useful. Cheers, Nick On 26 March 2011 16:13, Henri Doreau <henri.doreau () greenbone net> wrote:
2011/3/26 Nick Nikolaou <nikolasnikolaou1 () gmail com>:Hey guys, I made some changes to the script: 1. Added support for Djalal's interface patch. The user can now selecttheinterface using -e. If an interface is not specified the script fallsbackto eth0. If that doesn't work it prints an error message. 2. The script now gets the local IP address using theget_interface_info()function and makes sure that it's never added to newtargets. 3. Since nmap checks for duplicates when adding the IP addresses to newtargets, there no reason for the script to do it. 4. The script now prints an error message when not ran as root. Thanks for your feedback.Hi Nick, thanks for working on this script! Here is some feedback after I have quickly read the code. - I am not so fan of having code out of functions, you can hardly know when it will exactly be executed... You should refactor this and initialize things from whithin the rule/action functions. - The indentation makes it difficult to read!I still couldn't get the socket to timeout properly which seems to be the main problem at the moment. I'm also having some trouble getting the IP addresses using the packet library.As Kris and I already suggested, you should have a look at firewalk.nse, ipidseq.nse, path-mtu.nse, qscan.nse or sniffer-detect.nse that make use of the packet library to build packet objects from pcap (look for packet.Packet:new()). These scripts might help you to fix both problems.Once again, I appreciate any feedback. Cheers, NickRegards. -- Henri Doreau | Greenbone Networks GmbH | http://www.greenbone.net Neuer Graben 17, 49074 Osnabrueck, Germany | AG Osnabrueck, HR B 202460 Executive Directors: Lukas Grunwald, Dr. Jan-Oliver Wagner
Attachment:
targets-sniffer.nse
Description:
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [NSE] Draft - targets-sniffer.nse Nick Nikolaou (Mar 22)
- Re: [NSE] Draft - targets-sniffer.nse Kris Katterjohn (Mar 22)
- Re: [NSE] Draft - targets-sniffer.nse David Fifield (Mar 22)
- Re: [NSE] Draft - targets-sniffer.nse Djalal Harouni (Mar 22)
- Re: [NSE] Draft - targets-sniffer.nse Nick Nikolaou (Mar 24)
- Re: [NSE] Draft - targets-sniffer.nse Nick Nikolaou (Mar 26)
- Re: [NSE] Draft - targets-sniffer.nse Nick Nikolaou (Mar 26)
- Re: [NSE] Draft - targets-sniffer.nse Henri Doreau (Mar 26)
- Re: [NSE] Draft - targets-sniffer.nse Nick Nikolaou (Mar 28)
- Re: [NSE] Draft - targets-sniffer.nse Henri Doreau (Mar 28)
- Re: [NSE] Draft - targets-sniffer.nse Nick Nikolaou (Mar 28)
- Re: [NSE] Draft - targets-sniffer.nse Djalal Harouni (Mar 29)
- Re: [NSE] Draft - targets-sniffer.nse Toni Ruottu (Mar 29)
- Re: [NSE] Draft - targets-sniffer.nse Abuse007 (Mar 30)
- Re: [NSE] Draft - targets-sniffer.nse Djalal Harouni (Mar 22)
- Re: [NSE] Draft - targets-sniffer.nse Nick Nikolaou (Mar 22)
- Re: [NSE] Draft - targets-sniffer.nse Patrick Donnelly (Mar 22)