Home page logo
/

nmap-dev logo Nmap Development mailing list archives

Re: [NSE] Draft - targets-sniffer.nse
From: Nick Nikolaou <nikolasnikolaou1 () gmail com>
Date: Mon, 28 Mar 2011 18:41:43 +0100


Not exactly, at least not if timeout stands for "total execution
time". In case the timeout is set to 4sec for instance, and if the
script receives a packet after 3.90 sec, it will start a loop for
another 4 seconds. Maybe it is an intended behavior but I think that
most users will expect the script to sniff for the exact duration they
supplied. You could update the timeout at each iteration to have a
finer control of the execution time.


You are right, I meant to set the socket timeout as a constant (example 1-2
seconds) and that way depending on the frequency of packets it would always
timeout within 1 or 2 seconds. Your way makes more sense since it would
allow the script to sniff for the exact time specified and there's no reason
for all the extra receive calls.

 Cool! Unless I am missing a reason not to do so, you could even move
the last call into the prerule function


Done.


Finally, I would also suggest to use stdnse.get_script_args() instead
of reading arguments from the registry. This could be combined with
the addition of a default value for the timeout.


Good idea, thanks.

I made all the changes.
Thanks again for your help.


Nick

On 28 March 2011 15:48, Henri Doreau <henri.doreau () greenbone net> wrote:

Hi Nick,

2011/3/28 Nick Nikolaou <nikolasnikolaou1 () gmail com>:
Hello everyone once again,

I made some further changes to the script:

1. Removed the simple *.*.*.255 broadcast check since it wouldn't do
anything on a VLSM network. The script now gets the broadcast address
using Djalal's patch and iface_info.broadcast.

2. Changed the way IP addresses are extracted from packets. That is now
done
using the packet library.
Nice work.


3. Timeout works as it should.
Not exactly, at least not if timeout stands for "total execution
time". In case the timeout is set to 4sec for instance, and if the
script receives a packet after 3.90 sec, it will start a loop for
another 4 seconds. Maybe it is an intended behavior but I think that
most users will expect the script to sniff for the exact duration they
supplied. You could update the timeout at each iteration to have a
finer control of the execution time.
Here is an example:

<...>
sock:pcap_open(iface, 104, false , "ip")
stdnse.print_debug(1, "Using interface %s", iface)

repeat

   local start_time = nmap.clock_ms() -- Used for script timeout

   sock:set_timeout(timeout)
   local status, _, _, layer3 = sock:pcap_receive()

   if status then
       local ip_src, ip_dst = get_ip_addresses(layer3)
       <...check and store IP addresses...>
   end

   -- update timeout
   timeout = timeout - (nmap.clock_ms() - start_time)

until timeout <= 0

sock:pcap_close()
<...>

This code uses a repeat...until form that avoid duplicate calls to
pcap_receive(). The timeout is also set before the call to
pcap_receive().


4. As per Henri's suggestion most of the initializations are now inside
functions (with a couple of exceptions) and code should be easier to
follow.
 I also checked that variables and functions have the correct scope.

Cool! Unless I am missing a reason not to do so, you could even move
the last call into the prerule function:
<...>
if nmap.is_privileged() then
    iface = nmap.get_interface()
    if iface then
       return true
<...>


5. The script doesn't default to eth0 if no interface is specified but
prints an error message.

As you know by now, the script relies heavily on Djalal's interface patch
so
the patch needs to be added first in order to use the script.

Finally, I would also suggest to use stdnse.get_script_args() instead
of reading arguments from the registry. This could be combined with
the addition of a default value for the timeout.
<...>
local timeoutstr = stdnse.get_script_args("targets-sniffer.timeout")
or tostring(DEFAULT_TIMEOUT_SEC)
local timeout = stdnse.parse_timespec(timeoutstr) * 1000
<...>



I hope you find this useful.


Cheers,
Nick

Regards.

--
Henri Doreau |  Greenbone Networks GmbH  |  http://www.greenbone.net
Neuer Graben 17, 49074 Osnabrueck, Germany | AG Osnabrueck, HR B 202460
Executive Directors: Lukas Grunwald, Dr. Jan-Oliver Wagner

Attachment: targets-sniffer.nse
Description:

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]