mailing list archives
Re: Exp Features: -oP (pcap output format) and --version-ports
From: Kris Katterjohn <katterjohn () gmail com>
Date: Wed, 14 May 2008 18:05:42 -0500
-----BEGIN PGP SIGNED MESSAGE-----
On 28/04/2008 19:18, Kris Katterjohn wrote:
I've committed a couple of new features in my branch (/nmap-exp/kris):
1) -oP is a new output option to save sent/received raw IP packets and
Ethernet frames in pcap format for use with pcap-capable programs like
That's cool. I often use wireshark to capture nmap scans which always
means starting wireshark before scanning, possibly setting up capture
and/or display filters and being present to stop the capture when the
It would be useful to be able to capture NSOCK stuff too, especially NSE
activity - something for the future perhaps.
Indeed it would be great to have Nsock data in it as well; however,
since AFAIK Nsock just uses connect() for the communications (except for
the pcap change used for NSE), it would be awkward to get it working
just as it would be for connect() scans.
Not only awkward for actually building the pcap file, but getting the
packet data from Nsock to the pcap descriptors in Nmap would be hackish
at best (judging from my very limited Nsock experience), unless every
call to Nsock is followed by a call to log the data.
But besides all of that, do you (or anybody) think the functionality
as-is would be good for Nmap proper? I find the ability to log just the
raw packets quite useful, and any ideas for connect() logging can be
added later if implemented.
Thanks a lot,
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----
Sent through the nmap-dev mailing list
Archived at http://SecLists.Org