id="RIPv2"
description="Detect RIPv2 on the target"
categories = {"demo"}
author = "Michael Pattrick <mpattrick@rhinovirus.org>"
license = "Same as Nmap--See http://nmap.org/book/man-legal.html"

require "comm"
require "shortport"

-- only scan on udp port 520
portrule = shortport.port_or_service(520, "","udp")


action = function(host, port)

	local zeros = string.char(0,0,0,0)
	-- Heres the a RIPv2 call to dump the whole routing table onto the network
	-- based on section 3.9.1 of RFC2453 
	-- In decimal, I could also use NSE binary data library(bin) and use hex instead but this is simpler
	local payload = string.char(1, 2) .. zeros .. zeros  .. zeros .. zeros .. zeros .. string.char(0,16)

	local status, result = comm.exchange(host, port, payload, {proto="udp", timeout=500})

	if(status) then
		nmap.set_port_state(host, port, "open")
	else
		nmap.set_port_state(host, port, "closed")
	end
end