Home page logo
/

nmap-dev logo Nmap Development mailing list archives

Re: "sniffer" category
From: "Luis MartinGarcia." <luis.mgarc () gmail com>
Date: Tue, 08 Nov 2011 21:43:30 +0000

On 11/08/2011 08:27 PM, David Fifield wrote:
On Tue, Nov 08, 2011 at 05:23:52PM +0100, Patrik Karlsson wrote:
On Tue, Nov 8, 2011 at 5:10 PM, David Fifield <david () bamsoftware com> wrote:

On Fri, Oct 07, 2011 at 05:35:40PM -0700, David Fifield wrote:
Hi,

Why does targets-sniffer.nse not use promiscuous mode? As it is, it only
finds addresses that communicate with the scanning host, which is not
that useful. Why don't we change false to true here?

sock:pcap_open(interface, 104, false, "ip")
I turned on promiscuous mode for this script.

David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

I'll check the broadcast-listener script for this as well. In regards to
these sniffing scripts I would like to create the "sniffer" category and
place them in there, rather than in the broadcast category as we've
discussed earlier.

I guess that the new category needs to be documented somewhere in addition
to changing the category in the scripts? Where would that place be, and is
"sniffer" the category name to go with?
Is "sniffer" really what we want to express? It seems to me what people
want is a category for "scripts that run on the whole network with a
fixed delay that I don't care about when I'm just scanning a few hosts."
I think that people use "broadcast" with that meaning now, mostly in the
form "and not broadcast". So "broadcast" might not be the right name for
the category, but breaking out a separate "sniffer" is just going to
make people change to "and not broadcast and not sniffer".

I'm not entirely familiar with the current status of NSE scripts but, in
my opinion, it'd be good idea to group all those scripts that gather
information passively by capturing incoming packets. However, I'd name
the category "passive", not "sniffer". I think "passive" scripts can be
quite useful in penetration testing when one does not want to inject
packets into the network. We could perhaps define the "active" alias as
"all and not passive". Does this make sense?

Just my two cents,

Luis MartinGarcia.




_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]