Home page logo

nmap-dev logo Nmap Development mailing list archives

Re: [NSE] Draft - targets-sniffer.nse
From: Henri Doreau <henri.doreau () greenbone net>
Date: Mon, 28 Mar 2011 16:48:01 +0200

Hi Nick,

2011/3/28 Nick Nikolaou <nikolasnikolaou1 () gmail com>:
Hello everyone once again,

I made some further changes to the script:

1. Removed the simple *.*.*.255 broadcast check since it wouldn't do
anything on a VLSM network. The script now gets the broadcast address
using Djalal's patch and iface_info.broadcast.

2. Changed the way IP addresses are extracted from packets. That is now done
using the packet library.
Nice work.

3. Timeout works as it should.
Not exactly, at least not if timeout stands for "total execution
time". In case the timeout is set to 4sec for instance, and if the
script receives a packet after 3.90 sec, it will start a loop for
another 4 seconds. Maybe it is an intended behavior but I think that
most users will expect the script to sniff for the exact duration they
supplied. You could update the timeout at each iteration to have a
finer control of the execution time.
Here is an example:

sock:pcap_open(iface, 104, false , "ip")
stdnse.print_debug(1, "Using interface %s", iface)


   local start_time = nmap.clock_ms() -- Used for script timeout

   local status, _, _, layer3 = sock:pcap_receive()

   if status then
       local ip_src, ip_dst = get_ip_addresses(layer3)
       <...check and store IP addresses...>

   -- update timeout
   timeout = timeout - (nmap.clock_ms() - start_time)

until timeout <= 0


This code uses a repeat...until form that avoid duplicate calls to
pcap_receive(). The timeout is also set before the call to

4. As per Henri's suggestion most of the initializations are now inside
functions (with a couple of exceptions) and code should be easier to follow.
 I also checked that variables and functions have the correct scope.

Cool! Unless I am missing a reason not to do so, you could even move
the last call into the prerule function:
if nmap.is_privileged() then
    iface = nmap.get_interface()
    if iface then
       return true

5. The script doesn't default to eth0 if no interface is specified but
prints an error message.

As you know by now, the script relies heavily on Djalal's interface patch so
the patch needs to be added first in order to use the script.

Finally, I would also suggest to use stdnse.get_script_args() instead
of reading arguments from the registry. This could be combined with
the addition of a default value for the timeout.
local timeoutstr = stdnse.get_script_args("targets-sniffer.timeout")
local timeout = stdnse.parse_timespec(timeoutstr) * 1000

I hope you find this useful.



Henri Doreau |  Greenbone Networks GmbH  |  http://www.greenbone.net
Neuer Graben 17, 49074 Osnabrueck, Germany | AG Osnabrueck, HR B 202460
Executive Directors: Lukas Grunwald, Dr. Jan-Oliver Wagner
Sent through the nmap-dev mailing list
Archived at http://seclists.org/nmap-dev/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]