mailing list archives
[NSE] Draft - targets-sniffer.nse
From: Nick Nikolaou <nikolasnikolaou1 () gmail com>
Date: Tue, 22 Mar 2011 18:44:03 +0000
Attached is a draft of a targets-sniffer script. The script sniffs for a
configured amount of a time and adds addresses from packets it sees in
The script still needs work but I was hoping to get some feedback from the
nmap -sL --script targets-sniffer.nse --script-args=newtargets
This will perform a list scan on the IP addresses it sniffs, ignoring
duplicates and broadcasts. (You can use -d to see the IP addresses as they
*Issues that need to be resolved:*
1) The sniffing interface is hard-coded at the moment. Is there a way to get
the active interface in a prerule script? Alternatively I could change the
rule to a hostrule. (and maybe a high enough runlevel to ensure the script
2) The pcap socket doesn't time out. The only way I got it to timeout was
to set the timeout value to <=1s. Even then if it sniffed a packet it
wouldn't timeout. I ended up using a temporary nmap.clock() based solution
in order to test the script.
3) I'm not really happy with the way the script extracts the IP addresses
from the packets at the moment.
4) Any other issues you find.
Thanks for any feedback.
Sent through the nmap-dev mailing list
Archived at http://seclists.org/nmap-dev/
- [NSE] Draft - targets-sniffer.nse Nick Nikolaou (Mar 22)