2011/3/28 Nick Nikolaou <nikolasnikolaou1 () gmail com>:
Hello everyone once again,
I made some further changes to the script:
1. Removed the simple *.*.*.255 broadcast check since it wouldn't do
anything on a VLSM network. The script now gets the broadcast address
using Djalal's patch and iface_info.broadcast.
2. Changed the way IP addresses are extracted from packets. That is now
using the packet library.
3. Timeout works as it should.
Not exactly, at least not if timeout stands for "total execution
time". In case the timeout is set to 4sec for instance, and if the
script receives a packet after 3.90 sec, it will start a loop for
another 4 seconds. Maybe it is an intended behavior but I think that
most users will expect the script to sniff for the exact duration they
supplied. You could update the timeout at each iteration to have a
finer control of the execution time.
Here is an example:
sock:pcap_open(iface, 104, false , "ip")
stdnse.print_debug(1, "Using interface %s", iface)
local start_time = nmap.clock_ms() -- Used for script timeout
local status, _, _, layer3 = sock:pcap_receive()
if status then
local ip_src, ip_dst = get_ip_addresses(layer3)
<...check and store IP addresses...>
-- update timeout
timeout = timeout - (nmap.clock_ms() - start_time)
until timeout <= 0
This code uses a repeat...until form that avoid duplicate calls to
pcap_receive(). The timeout is also set before the call to
4. As per Henri's suggestion most of the initializations are now inside
functions (with a couple of exceptions) and code should be easier to
I also checked that variables and functions have the correct scope.
Cool! Unless I am missing a reason not to do so, you could even move
the last call into the prerule function:
if nmap.is_privileged() then
iface = nmap.get_interface()
if iface then
5. The script doesn't default to eth0 if no interface is specified but
prints an error message.
As you know by now, the script relies heavily on Djalal's interface patch
the patch needs to be added first in order to use the script.
Finally, I would also suggest to use stdnse.get_script_args() instead
of reading arguments from the registry. This could be combined with
the addition of a default value for the timeout.
local timeoutstr = stdnse.get_script_args("targets-sniffer.timeout")
local timeout = stdnse.parse_timespec(timeoutstr) * 1000
I hope you find this useful.
Henri Doreau | Greenbone Networks GmbH | http://www.greenbone.net
Neuer Graben 17, 49074 Osnabrueck, Germany | AG Osnabrueck, HR B 202460
Executive Directors: Lukas Grunwald, Dr. Jan-Oliver Wagner