Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Nmap Development: [Exp PATCH] More ICMP info in ippackethdrinfo()

[Exp PATCH] More ICMP info in ippackethdrinfo()

From: Kris Katterjohn <katterjohn_at_gmail.com>
Date: Mon, 21 May 2007 01:02:03 -0500

Hey everyone!

The attached patch (/nmap-exp/kris SVN r4755) adds more output
information to the ICMP Destination Unreachable portion of
ippackethdrinfo().

I mainly started doing this because when I did a UDP or IPProto Scan
with --packet-trace, I wanted to see which ICMP Port and Protocol
Unreachables were being sent when.

    Before After
"port unreachable" "port 53 unreachable"
"protocol unreachable" "protocol 2 unreachable"

Host/net information is also added:

    Before After
"host unreachable" "host 132.45.6.18 unreachable"
"network unreachable" "network 132.45.6.18 unreachable"
                      ...

Is this information generally useful to you all, or would it get in the
way? I find it very useful, but don't want to add clutter if it's too
much (is that possible?) :)

Please test and let me know what you think

Thanks,
Kris Katterjohn

Index: tcpip.cc
===================================================================
--- tcpip.cc (revision 4754)
+++ tcpip.cc (revision 4755)
@@ -535,6 +535,8 @@
       snprintf(protoinfo, sizeof(protoinfo), "ICMP %s > %s fragment %s (incomplete)", srchost, dsthost, ipinfo);
   } else if (ip->ip_p == IPPROTO_ICMP) {
     char icmptype[128];
+ char *ip2dst;
+ struct ip *ip2;
     struct ppkt {
       unsigned char type;
       unsigned char code;
@@ -547,41 +549,67 @@
     case 0:
       strcpy(icmptype, "Echo reply"); break;
     case 3:
+ ip2 = (struct ip *) ((char *) ip + (ip->ip_hl * 4) + 8);
+ tcp = (struct tcp_hdr *) ((char *) ip2 + (ip2->ip_hl * 4));
+ udp = (struct udp_hdr *) ((char *) ip2 + (ip2->ip_hl * 4));
+ ip2dst = inet_ntoa(ip2->ip_dst);
       switch (ping->code) {
       case 0:
- strcpy(icmptype, "network unreachable"); break;
+ snprintf(icmptype, sizeof icmptype, "network %s unreachable", ip2dst);
+ break;
       case 1:
- strcpy(icmptype, "host unreachable"); break;
+ snprintf(icmptype, sizeof icmptype, "host %s unreachable", ip2dst);
+ break;
       case 2:
- strcpy(icmptype, "protocol unreachable"); break;
+ snprintf(icmptype, sizeof icmptype, "protocol %u unreachable", ip2->ip_p);
+ break;
       case 3:
- strcpy(icmptype, "port unreachable"); break;
+ if (ip2->ip_p == IPPROTO_UDP)
+ snprintf(icmptype, sizeof icmptype, "port %u unreachable", ntohs(udp->uh_dport));
+ else if (ip2->ip_p == IPPROTO_TCP)
+ snprintf(icmptype, sizeof icmptype, "port %u unreachable", ntohs(tcp->th_dport));
+ else
+ strcpy(icmptype, "port unreachable");
+ break;
       case 4:
- strcpy(icmptype, "fragmentation required"); break;
+ strcpy(icmptype, "fragmentation required");
+ break;
       case 5:
- strcpy(icmptype, "source route failed"); break;
+ strcpy(icmptype, "source route failed");
+ break;
       case 6:
- strcpy(icmptype, "destination network unknown"); break;
+ snprintf(icmptype, sizeof icmptype, "destination network %s unknown", ip2dst);
+ break;
       case 7:
- strcpy(icmptype, "destination host unknown"); break;
+ snprintf(icmptype, sizeof icmptype, "destination host %s unknown", ip2dst);
+ break;
       case 8:
- strcpy(icmptype, "source host isolated"); break;
+ strcpy(icmptype, "source host isolated");
+ break;
       case 9:
- strcpy(icmptype, "destination network administratively prohibited"); break;
+ snprintf(icmptype, sizeof icmptype, "destination network %s administratively prohibited", ip2dst);
+ break;
       case 10:
- strcpy(icmptype, "destination host administratively prohibited"); break;
+ snprintf(icmptype, sizeof icmptype, "destination host %s administratively prohibited", ip2dst);
+ break;
       case 11:
- strcpy(icmptype, "network unreachable for TOS"); break;
+ snprintf(icmptype, sizeof icmptype, "network %s unreachable for TOS", ip2dst);
+ break;
       case 12:
- strcpy(icmptype, "host unreachable for TOS"); break;
+ snprintf(icmptype, sizeof icmptype, "host %s unreachable for TOS", ip2dst);
+ break;
       case 13:
- strcpy(icmptype, "communication administratively prohibited by filtering"); break;
+ strcpy(icmptype, "communication administratively prohibited by filtering");
+ break;
       case 14:
- strcpy(icmptype, "host precedence violation"); break;
+ strcpy(icmptype, "host precedence violation");
+ break;
       case 15:
- strcpy(icmptype, "precedence cutoff in effect"); break;
+ strcpy(icmptype, "precedence cutoff in effect");
+ break;
       default:
- strcpy(icmptype, "unknown unreachable code"); break;
+ strcpy(icmptype, "unknown unreachable code");
+ break;
       }
       break;
     case 4:

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org

Received on May 20 2007
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos