Nmap Development mailing list archives
Re: nmap snmp scanning
From: Duarte Silva <duarte.silva () serializing me>
Date: Wed, 21 Dec 2011 10:53:39 +0000
On Tuesday 20 December 2011 15:11:20 you wrote:
On Tue, Dec 20, 2011 at 3:03 PM, Duarte Silva <duarte.silva () serializing me>wrote:Hi Patrik, didn't know that. Over the weekend I will setup different SNMP "providers" to test the original script against and observe what should be the expected behaviour, because I have been testing against the JVM SNMP monitoring facility and the old script wasn't working very well (as I come to think about it, maybe it was because I was running the script against my own machine, localhost). Thanks for the feedback, Duarte On Monday 19 December 2011 23:24:14 Patrik Karlsson wrote:On Sun, Dec 18, 2011 at 7:19 PM, Duarte Silva <duarte.silva () serializing me>wrote:Hello, this is a very intial rewrite of the snmp-brute.nse script. As such, it needs loads of testing. Some stuff is still missing but I wanted some feedback. Regards, Duarte SilvaHi Duarte, I've looked over the new script and have a concern with the designchange,as one of the goals of the new snmp-brute script was to increase speed. This was achieved by having one thread sending requests out and another thread listening with a pcap socket. As we're dealing with UDPanda service that doesn't respond, unless we have the right community, this design successfully made the script a lot faster than the initial>version.So I think we should try to address the issues we're seeing while keeping the current design. Cheers, PatrikHi again, You make a valid point. I was also experiencing some trouble with the current version when running against one of my virtual machines (Virtualbox), even though the interface was in bridged mode. The problem is that, for some reason, in Mac Os X libpcap fails to see packets on the host interface. Not sure whether this is a big enough problem to care about?
Good morning, I don't think so, since it isn't a normal execution to be scanning localhost.
I'm guessing that an alternative approach could be to set a very short timeout on the socket (like 1ms) and do a recv on it each time a request is sent, then make sure to do a number of receives for a certain amount of time after the last request was sent. That could work and possibly allow us to maintain the increased speed we have with the current design. But like I said, I'm not sure it's worth it. Cheers, Patrik
Regards, Duarte Silva
Attachment:
smime.p7s
Description:
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Re: nmap snmp scanning, (continued)
- Re: nmap snmp scanning Kent Hundley (Dec 06)
- Re: nmap snmp scanning Patrik Karlsson (Dec 06)
- Re: nmap snmp scanning Duarte Silva (Dec 06)
- Re: nmap snmp scanning Patrik Karlsson (Dec 06)
- Re: nmap snmp scanning Duarte Silva (Dec 11)
- Re: nmap snmp scanning Patrik Karlsson (Dec 11)
- Re: nmap snmp scanning Duarte Silva (Dec 18)
- Re: nmap snmp scanning Patrik Karlsson (Dec 19)
- Re: nmap snmp scanning Duarte Silva (Dec 20)
- Re: nmap snmp scanning Patrik Karlsson (Dec 20)
- Re: nmap snmp scanning Duarte Silva (Dec 21)
- Re: nmap snmp scanning Duarte Silva (Dec 25)
- Re: nmap snmp scanning Patrik Karlsson (Dec 25)
- Re: nmap snmp scanning Duarte Silva (Dec 26)