Re: anyone have any idea on this?

[David Fifield <david () bamsoftware com>]

On Wed, Jan 12, 2011 at 09:05:14PM +0000, mike bickett wrote:
> i was curious about something related to nmap. since one has the ability to do a protocol scan (granted, the headers 
> are empty) with nmap, i was wondering if those same headers left empty could be somehow filled with actual proper 
> protocol data? what i would like to see in nmap is have the ability to send out the proper payloads for protocols 
> like CDP/EIGRP/PIM/etc
> would this be possible? i understand nmap does not use modules like nemesis did, it instead uses the NSE scripts for 
> most protocol interraction. i was mentioning this since i have never seen any discussion of using nmap for something 
> other than basic ICMP/UDP/and TCP scanning. can it be made available for the protocols i have mentioned (and more)? 
> maybe this is something that should be looked into since i now notice nmap scripts are even migrating to the 
> multicast level. if any lf this didn't make any sense to the group, i am sorry

Nmap does send proper protocol headers for a small number of selected
protocols (TCP, ICMP, IGMP, UDP, SCTP). If you have headers for other
protocols they are most welcome for discussion. Take a look at the
PS_PROTO case in sendIPScanProbe in scan_engine.cc.

David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/