Nmap Development: Problem with PCAP in NSE

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Nmap Development mailing list archives

Problem with PCAP in NSE

From: Lionel Cons <lionel.cons () cern ch>
Date: Thu, 20 Dec 2007 12:44:19 +0100

I've tried to use the PCAP functions in NSE and it seems that there is
a problem with the BPF handling.

I did specify a correct BPF string and a dummy hash function
(returning ""), in the hope that the BPF was enough to ignore unwanted
packets. Here is my code:

        local callback = function(packetsz, layer2, layer3)
                return ""
        end

        pcap:pcap_open(host.interface, 96, 0, callback,
                string.format("udp and src port 123 and src host %s", host.ip))

However, when scanning several hosts in parallel, some script
instances received packets that should have been rejected by the BPF.

Did anybody else try to play with PCAP in NSE this way?

Cheers,

Lionel Cons

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org

By Date By Thread

Current thread:

Problem with PCAP in NSE Lionel Cons (Dec 20)
- Re: Problem with PCAP in NSE majek04 (Dec 20)
  - Re: Problem with PCAP in NSE Lionel Cons (Dec 21)