Home page logo
/

nmap-dev logo Nmap Development mailing list archives

Re: [NSE] Interface info of raw IPv4 sockets
From: Djalal Harouni <tixxdz () opendz org>
Date: Wed, 22 Jun 2011 15:14:15 +0100

On Wed, Jun 22, 2011 at 03:15:44PM +0200, Gorjan Petrovski wrote:
It was suggested that I use the new nmap.get_interface() function, but
that returns nil no matter how I run it (hostrule, prerule). Has
anyone else encountered this? Any suggestions on how to debug it, or
is running gdb the only option?
If you run Nmap with the '-e' or '-S' options then nmap.get_interface()
will return the correct interface that will be used.

o nmap.get_interface(): is for prerule scripts, when we do not know the
  targets, routes, etc. We let the user to specify the appropriate
  interface.

o host.interface: is for hostrule and portrule scripts, since the
  interface can change based on the targets and their routes.

Note: host.interface is set with the deviceName() function, this will
ignore aliases, using deviceFullName() would be better.

I suppose a better alternative would be a dnet:get_interface()
function which returns info on the interface of an open IP socket,
since we have no way of specifying which interface the IP socket opens
on. Better yet, an optional argument to the dnet:ip_open(interface),
to let us specify the interface for the IP socket and a fix for the
nmap.get_interface() function.
Normally nmap.get_interface() and nmap.get_interface_info() should cover
all the situations, at least for the broadcast and pcap stuff, but for
dnet I don't know. After a first look it seems that the info
(device, and routes, etc) are built during the dnet:ip_send() call.

BTW I don't think that we should fix nmap.get_interface() since it only
returns the interface that was specified with '-e' option when running
Nmap, instead I think that NSE code must respect that choice, and deal
with it.

-- 
tixxdz
http://opendz.org
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]