Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [NSE] interface missing in host table

From: Patrik Karlsson <patrik () cqure net>
Date: Sat, 9 Jul 2011 15:05:37 +0200

On Jul 9, 2011, at 2:28 PM, Djalal Harouni wrote:


On Sat, Jul 09, 2011 at 09:36:16AM +0200, Patrik Karlsson wrote:

Hi,

I can't find the interface key in the host table when running as a hostrule.
According to the documentation in http://nmap.org/nsedoc/lib/nmap.html#get_interface it should be there.
Am I missing something?

Patrik can you please post the Nmap command that you are using, just to
confirm the following.

Actually the 'host.interface' key which is the device name that Nmap is
using to route packets to the current target will only be set when you
are doing some specific scan types:

1)
* Raw Scans:
 ackscan finscan idlescan ipprotscan maimonscan nullscan osscan synscan
 udpscan windowscan xmasscan sctpinitscan sctpcookieechoscan traceroute

* Ping:
 PINGTYPE_ICMP_PING PINGTYPE_ICMP_MASK PINGTYPE_ICMP_TS PINGTYPE_TCP_USE_ACK
 PINGTYPE_UDP PINGTYPE_SCTP_INIT

* PINGTYPE_TCP_USE_SYN && root privileges.

* Nmap runs with root privileges


2)
From the targets.cc file, function nexthost()
We figure out the source IP/device IFF
1) We are r00t AND
2) We are doing tcp or udp pingscan OR
3) We are doing a raw-mode portscan or osscan or traceroute OR
4) We are on windows and doing ICMP ping */


Finally:
There is a check in nmap.cc file, line: 1805
If the current scan is a Raw Scan and if the device name in other words
the 'host.interface' is not set then Nmap will abort:

 if (!currenths->deviceName())
   fatal("Do not have appropriate device name for target");


Any change to make 'host.interface' available to all NSE scripts
regardless of the scan type would be in the Nmap part.

Hope this will be useful.

-- 
tixxdz
http://opendz.org



Thanks a lot for making the conditions under which the host.interface information is available very clear!
I'm doing a TCP connect scan as a non-privileged user, so in that case the information isn't available.
I tried running as root and at that point the interface key was present.

//Patrik
--
Patrik Karlsson
http://www.cqure.net
http://www.twitter.com/nevdull77

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: