Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Nmap Development: Problem with PCAP in NSE

Problem with PCAP in NSE

From: Lionel Cons <lionel.cons_at_cern.ch>
Date: Thu, 20 Dec 2007 12:44:19 +0100

I've tried to use the PCAP functions in NSE and it seems that there is
a problem with the BPF handling.

I did specify a correct BPF string and a dummy hash function
(returning ""), in the hope that the BPF was enough to ignore unwanted
packets. Here is my code:

        local callback = function(packetsz, layer2, layer3)
                return ""
        end

        pcap:pcap_open(host.interface, 96, 0, callback,
                string.format("udp and src port 123 and src host %s", host.ip))

However, when scanning several hosts in parallel, some script
instances received packets that should have been rejected by the BPF.

Did anybody else try to play with PCAP in NSE this way?

Cheers,

Lionel Cons

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
Received on Dec 20 2007

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]