Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: nmap dhcp library

From: Daniel Miller <bonsaiviking () gmail com>
Date: Thu, 11 Feb 2016 18:36:33 -0600
Mike,

Thanks for doing this and following up. I'm sorry we didn't respond in a
timely manner, but we've just added your changes in r35620. I didn't
include the verbosity change, since that needs a bit more analysis: I feel
that changes in behavior based on verbosity should be handled in scripts
instead of in libraries, so I'd rather see a larger change to that effect
[1]. But the new DHCP options are great. I look forward to seeing any other
improvements you can come up with. If you feel more comfortable using
Github, we accept pull requests at https://github.com/nmap/nmap

Dan

[1] http://issues.nmap.org/302

On Wed, Jan 27, 2016 at 1:38 PM, Mike Rykowski <mrykowski () gmail com> wrote:


Bueller, Bueller, Bueller?

Haven't heard from anyone, please help me learn how to get this code (bug
fixes and improvements) included in nmap.

Thanks,
Mike


On Fri, Nov 13, 2015 at 12:49 PM, Mike Rykowski <mrykowski () gmail com>
wrote:


Hi Dev team,

I have to apologize, my last file still included some debugging code in
it and so I would like to resubmit my updated code for inclusion into the
nmap project. I haven't heard much from anyone about getting this code
included. Can someone please give me some pointers, is there something I am
not doing?

Thanks,

On Thu, Oct 8, 2015 at 9:47 AM, Mike Rykowski <mrykowski () gmail com>
wrote:


Hi nmap dev team,

I'm looking into having nmap gather PXE boot-related information from a
DHCP server, if it exists. From my research, it looks like the DHCP query
needs to ask for options 66 and 67, TFTP Server Name and Bootfile name,
respectively (I found that info here
<http://www.intel.com/support/network/sb/CS-028533.htm> and it is
corroborated here
<https://www.iana.org/assignments/bootp-dhcp-parameters/bootp-dhcp-parameters.xhtml>).
One of the problems is that the DHCP library (found at
https://svn.nmap.org/nmap/nselib/dhcp.lua) does not include these
options.

Another issue I noticed is that, while the WPAD action was added, I
don't think the runtime ever gets there because the for loop just goes to
61 ("for i = 1, 61, 1 do"). Additionally, in my testing, all actions are
requested regardless of verbosity, contrary (at least in my reading) to
what is commented in lines 394-396 of the original code. I believe this is
because of an off-by-one error: a default nmap run has nmap.verbosity() = 1
and an nmap -v run has nmap.verbosity() = 2. Thus if you used
if(nmap.verbosity() > 1) then you only query the non-default fields if the
user adds -v to their nmap command.

I have attached my suggestions in the updated dhcp.lua file. In my
testing with udhcpd, it does gather the additional PXE boot info. However,
my instance of udhcpd seems to respond with all options even when they
aren't requested, but I'm pretty sure the verbosity setting works now based
on Wireshark captures. It may be valuable to add the rest of the options
IANA lists (in the link above), let me know if you agree that this would be
valuable and I can do it. Please review them and let me know what you
think.

Thanks,
Mike






_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/


_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: