Home page logo
/

nmap-dev logo Nmap Development mailing list archives

Re: [NSE] Draft - targets-sniffer.nse
From: David Fifield <david () bamsoftware com>
Date: Tue, 22 Mar 2011 11:56:19 -0700

On Tue, Mar 22, 2011 at 06:44:03PM +0000, Nick Nikolaou wrote:
Hello everyone,

Attached is a draft of a targets-sniffer script. The script sniffs for a
configured amount of a time and adds addresses from packets it sees in
newtargets. (https://secwiki.org/w/Nmap_Script_Ideas#targets-sniffer)

Good job! I haven't looked at it closely yet but I think there are
people here who can comment on it.

*Issues that need to be resolved:*

1) The sniffing interface is hard-coded at the moment. Is there a way to get
the active interface in a prerule script? Alternatively I could change the
rule to a hostrule. (and maybe a high enough runlevel to ensure the script
runs first?)

We don't have a way for scripts to get the list of interfaces, but
Djalal has a patch to do it: http://seclists.org/nmap-dev/2011/q1/291.
It hasn't been added yet because there isn't a script to use it, but you
can make it a part of your patch if it helps.

3) I'm not really happy with the way the script extracts the IP addresses
from the packets at the moment.

For this you should use the packet library:
http://nmap.org/nsedoc/lib/packet

I'd like the script to work with IPv6 addresses as well, but the packet
library doesn't support that so it will have to be handled as a separate
patch.

David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]