Re: [NSE] A network sniffing/decoding script

["Luis MartinGarcia." <luis.mgarc () gmail com>]

On 07/25/2011 11:12 AM, Patrik Karlsson wrote:
> Hi list,
>
> Did anyone have the time/possibility to test this.
> I would like help on deciding whether to commit this or get it off my todo list.
> So I basically need to know whether:
> a) it sucks, throw it away.
> b) it's cool, go ahead and commit it.

Hi Patrik,

I have just tried your script and I have to say that the correct answer
is B): it's cool!

It works fine in my computer. However, I have a few comments:

+ I didn't know how long it was going to take, until I checked the code
and saw a default timeout of 30 secs. Could the doc for the timeout
argument say something like "(Default 30s)"?
+ If I had seen in the doc that it requires passing -e to Nmap, I would
have done it the first time, not after I got the fatal message.
+ In SSDP, could the "st" tag be changed to something more descriptive?
what does it mean?
+ Also for SSDP, I got this:

|       SSDP
|         ip               st
|         123.254.218.248 
|_        123.254.218.248 
urn:schemas-upnp-org:device:InternetGatewayDevice:1

I don't know it this is easy to do, but ideally, the first line
shouldn't show up since the script captured a better SSDP packet for the
same address. I am not familiar with SSDP so I may be talking nonsene.
Does this make sense?

That's all I got. Again, I think the script is cool and should be
available in Nmap.

Regards,

Luis MartinGarcia.


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/