Home page logo

nmap-dev logo Nmap Development mailing list archives

Problem with PCAP in NSE
From: Lionel Cons <lionel.cons () cern ch>
Date: Thu, 20 Dec 2007 12:44:19 +0100

I've tried to use the PCAP functions in NSE and it seems that there is
a problem with the BPF handling.

I did specify a correct BPF string and a dummy hash function
(returning ""), in the hope that the BPF was enough to ignore unwanted
packets. Here is my code:

        local callback = function(packetsz, layer2, layer3)
                return ""

        pcap:pcap_open(host.interface, 96, 0, callback,
                string.format("udp and src port 123 and src host %s", host.ip))

However, when scanning several hosts in parallel, some script
instances received packets that should have been rejected by the BPF.

Did anybody else try to play with PCAP in NSE this way?


Lionel Cons

Sent through the nmap-dev mailing list
Archived at http://SecLists.Org

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]