Nmap Development mailing list archives
Re: [NSE] A network sniffing/decoding script
From: Patrik Karlsson <patrik () cqure net>
Date: Mon, 25 Jul 2011 21:56:22 +0200
On Jul 25, 2011, at 7:17 PM, Luis MartinGarcia. wrote:
On 07/25/2011 11:12 AM, Patrik Karlsson wrote:Hi list, Did anyone have the time/possibility to test this. I would like help on deciding whether to commit this or get it off my todo list. So I basically need to know whether: a) it sucks, throw it away. b) it's cool, go ahead and commit it.Hi Patrik, I have just tried your script and I have to say that the correct answer is B): it's cool!
Ok, Thanks!
It works fine in my computer. However, I have a few comments: + I didn't know how long it was going to take, until I checked the code and saw a default timeout of 30 secs. Could the doc for the timeout argument say something like "(Default 30s)"?
I've documented this in the new version I'll be posting soon.
+ If I had seen in the doc that it requires passing -e to Nmap, I would have done it the first time, not after I got the fatal message.
Ok, I made a few changes here:
1. If the script is started without using the -e argument it attempts to find all ethernet devices that are a) up and
b) have and ipv4 address
It then starts a thread for which it runs a sniffer for each interface
2. If an interface is specified using the -e argument, no automatic detection is made.
+ In SSDP, could the "st" tag be changed to something more descriptive? what does it mean?
It's actually a header containing a uri, so I changed the name to uri instead.
+ Also for SSDP, I got this: | SSDP | ip st | 123.254.218.248 |_ 123.254.218.248 urn:schemas-upnp-org:device:InternetGatewayDevice:1 I don't know it this is easy to do, but ideally, the first line shouldn't show up since the script captured a better SSDP packet for the same address. I am not familiar with SSDP so I may be talking nonsene. Does this make sense?
You're totally right. This was a bug in the decoder as the ST header is mandatory the first entry shouldn't show up at all.
That's all I got. Again, I think the script is cool and should be available in Nmap.
Thanks!
Regards, Luis MartinGarcia.
//Patrik -- Patrik Karlsson http://www.cqure.net http://www.twitter.com/nevdull77 _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [NSE] A network sniffing/decoding script Patrik Karlsson (Jul 02)
- Re: [NSE] A network sniffing/decoding script Patrik Karlsson (Jul 09)
- unsubscribe Ryon Skaggs (Jul 09)
- Re: unsubscribe Luis MartinGarcia. (Jul 09)
- Re: [NSE] A network sniffing/decoding script Patrik Karlsson (Jul 25)
- Re: [NSE] A network sniffing/decoding script Daniel Miller (Jul 25)
- Re: [NSE] A network sniffing/decoding script Patrik Karlsson (Jul 25)
- Re: [NSE] A network sniffing/decoding script Luis MartinGarcia. (Jul 25)
- Re: [NSE] A network sniffing/decoding script Patrik Karlsson (Jul 25)
- unsubscribe Ryon Skaggs (Jul 09)
- Re: [NSE] A network sniffing/decoding script Patrik Karlsson (Jul 09)
- Re: [NSE] A network sniffing/decoding script Patrik Karlsson (Jul 25)
- Re: [NSE] A network sniffing/decoding script Toni Ruottu (Jul 25)
- Re: [NSE] A network sniffing/decoding script Patrik Karlsson (Aug 10)