Nmap Development mailing list archives

Re: nmap.bind to set NSE socket source address

From: David Fifield <david () bamsoftware com>
Date: Thu, 15 Oct 2009 16:45:04 -0600

On Sun, Oct 11, 2009 at 06:48:49PM -0500, Ron wrote:

On 10/11/2009 06:11 PM, David Fifield wrote:

Ron, I added the function nmap.bind in r15813. In the DHCP script you
will use it like this:

     try(socket:bind(nil, 68))

Let me know if it provides what you need.


The changes work as advertised, thanks for making them!

I am, however, still having a problem, and it's because of something I  
hadn't counted on in the protocol. When I wrote the dhcp-discover  
script, I was using DHCPINFORM, which comes directly back to my ip  
address. However, I just realized that DHCPDISCOVER doesn't come back to  
me; rather, it comes back to 255.255.255.255.

Take a look at the attached .pcap file -- I did DHCPINFORM, which worked  
fine with the changes, then I did DHCPDISCOVER, which didn't.

Do you know if there's any way to receive broadcast packets without a pcap?


The DHCP server in my router sends back a unicast DHCP offer in response
to DHCPDISCOVER, so it must not be every server that does that.

I think what you would normally do is make a socket bound to
255.255.255.255:67 and try to receive on it. In Python this works:

import socket
s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM, socket.IPPROTO_UDP)
s.bind("255.255.255.255", 67)
print s.recv()

But that currently won't work in NSE, because the socket descriptor
isn't created until a connection is attempted. There's no way to create
a socket without also connecting it. Something about the connection
keeps the receive from working. This is what I tried:

s = nmap.new_socket()
assert(s:bind("255.255.255.255", 67))
assert(s:connect(host.ip, 68, "udp"))
status, data = s:receive()

So we would have to rearchitect part of Nsock to allocate a socket on
nsi_new, which I think is pretty reasonable.

David Fifield

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org

Current thread:

nmap.bind to set NSE socket source address David Fifield (Oct 11)
- Re: nmap.bind to set NSE socket source address Ron (Oct 11)
- Re: nmap.bind to set NSE socket source address Ron (Oct 11)
  - Re: nmap.bind to set NSE socket source address David Fifield (Oct 15)
    - Re: nmap.bind to set NSE socket source address Patrick Donnelly (Oct 15)
    - Re: nmap.bind to set NSE socket source address Tom Sellers (Oct 15)
    - Re: nmap.bind to set NSE socket source address Ron (Oct 15)