Re: Some general questions about Nping/Ncat

[David Lam <david () thedavid net>]

While it is possible to generalize a DHCPDISCOVER message, I think it would
be of limited use since many networks filter DHCP/BOOTP requests unless it
is from a certain MAC address (or range). It would be interesting if
Nmap/Nping can support a "template" scripting format where additional
options can be defined, or where users themselves can define their own
protocol using this very template format. (Have a default option set if
nothing is specified (e.g. Requesting Client MAC = 00:11:22:33:44:55 if
nothing is set, but allow additional options to be parsed and defined for a
specific template - maybe something like --payload dhcp type discover sMac
00:AB:CD:EF:AB:CD vendorClass "MSFT 5.0").

In addition, I think reusing Wireshark's dissector filters might also be
helpful (e.g. defining all the required options for a payload in a payloads
file (e.g. for DHCP), and then allow the user to override the defaults for a
certain payload - e.g. bootp.hw.mac_addr=001122334455)


On Fri, Sep 30, 2011 at 11:45 AM, David Fifield <david () bamsoftware com>wrote:

> On Thu, Sep 29, 2011 at 06:38:19PM -0700, David Lam wrote:
> > 7) Would it also be possible to include Data payloads in Nping's
> generated
> > packets in ways that could solicit a reply (e.g. UDP DNS requests or
> BOOTP
> > requests)? If so, how?
>
> Can you suggest a good BOOTP probe? It sounds like a good one to add to
> our nmap-payloads file.
> http://nmap.org/svn/nmap-payloads
>
> David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/