Re: [NSE] Draft - targets-sniffer.nse

[Abuse007 <abuse007 () gmail com>]

Don't default to filtering for ip, you will miss ARPs, IPv6 and any other non-IP packets that leak IP addresses. 
Default should be no filter IMO.

On 30/03/2011, at 9:41 AM, Djalal Harouni <tixxdz () opendz org> wrote:

> On 2011-03-28 18:41:43 +0100, Nick Nikolaou wrote:
> > Good idea, thanks.
> >
> > I made all the changes.
> > Thanks again for your help.
> target.add() will return some info, you can use it to print how many
> targets where added.
>
> Since this kind of scripts can be very powerful, here are more ideas:
>
> * Add a new argument targets-sniffer.bpf: a Berkeley Packet Filter
>  expression, which will be passed to pcap_open(), this way users
>  can choose their targets, if this argument is not present then default
>  to "ip".
>
> * If the 'newtargets' argument is not specified, then the script should
>  print some info taken from the captured packets.
>
> * Perhaps we should add a regular expression to search in packets, or
>  turn this script in a fully capable ngrep [1]. This can be useful like
>  sniff some clear text protocols, find some useful strings and pass them
>  to the brute force scripts. I think that we can find different
>  scenarios, not just strings but even protocols and their _fields_.
>  There are some machines which like to share their OS type, version ...
>  when broadcasting, and this data can be very helpful to Nmap, to sum
>  it up: consider the old passive techniques.
>
> * Turn Nmap into Vi or Emacs ...
>
> [1] http://ngrep.sourceforge.net/
>
> -- 
> tixxdz
> http://opendz.org
> _______________________________________________
> Sent through the nmap-dev mailing list
> http://cgi.insecure.org/mailman/listinfo/nmap-dev
> Archived at http://seclists.org/nmap-dev/
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/