Re: [NSE] Raw ethernet frame questions and NSE library questions

[Kris Katterjohn <katterjohn () gmail com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 02/04/2010 04:09 PM, Fyodor wrote:
> On Thu, Feb 04, 2010 at 10:58:03AM -0600, Kris Katterjohn wrote:
> > The only problem is right now it doesn't work on machines with broken raw
> > sockets (the Windows).  However that should be a matter of recognizing this
> > and trying to use ethernet anyway, if supported (but see my log message for
> > more).
>
> Why not use Nmap's existing functionality for sending IP packets
> (e.g. send_ip_raw() or, at a lower level, send_ip_packet())?  That way
> Nmap decides whether to send it on the raw device by building an
> ethernet frame or to use raw IP packets, based on the capabilities of
> the system (e.g. now raw sockets on Windows) and user options
> (--send-ip, --send-eth)?

I've added support for this:

***

r16692 | kris | 2010-02-05 16:21:23 -0600 (Fri, 05 Feb 2010) | 16 lines

Add initial ethernet support to raw IP NSE sending functionality.  The error
handling needs to be nicer, but everything has worked for me.

This involved using Nmap's routing and ARP functions to determine all of the
needed information, then putting everything together.  tcpip.cc has some damn
handy stuff in it!  I remember going through the code on different occasions
but going through it again was interesting.  I only needed to add one function
which was just a smaller version of getTargetNextHopMAC().

But this remains: if ethernet is requested, but Nmap fails to find an ethernet
route (but found a route nonetheless), should the raw socket be used instead?
Currently the raw socket is always opened and the eth stuff is used instead in
ip_send() because I'm not sure how this should work.  This fallback stuff
isn't implemented yet, however.

***

Basically, I didn't want to lose the ability to send raw IP packets wherever
you want.  Marek avoided the routing stuff I had to use, but his stuff only
worked against Targets.

So kx, or anybody, please test and let me know how it goes (I haven't tested
on anything but Linux yet, but I will mix it up soon) :)  If things go wrong
while running it, you'll know it because I haven't made the error handling
"nicer" yet.

And any thoughts on the question I posed in the log is appreciated.

> Cheers,
> -F

Cheers,
Kris Katterjohn

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQIcBAEBAgAGBQJLbJyAAAoJEEQxgFs5kUfutKcQALyQ4YMi0CkYx6io/cU+wKIL
OhOBkDYVB+mn+GXAC8Z9PZdiQy/O4hpHiIMSIm2QYjH87qBP7Bl+bXLan+YhPZt8
6ZLVi+g+b2POzz14lLcSONFxXlOc1Xtv/vWgJ5jONvcRSET5x2hAWk3GimuwoJH1
Ay83gHxv3Cx4kCjSqq6eAF20hJSlHjVrDBoZNsSQykLIxlbJ1OXHklS7mU1Stzyg
5EUFolYRoiguxKx7tIrxkGEEQYyXAXZ2PFTbJPUCrJJXKcuB5wXa8kgYx+rmfXc5
P7GO5w+QSwZxCRFI0y+pD3bV4nRaHmsXcDxRkEMz4wxO9RXkFUxruEqHXehZsHaf
vMFi2pyF/pPoVOjaXfV9kuuVtRaeXPPhYjsFS4cWoW3wFAR8mWMGLkD4umv+Ej1j
lGPSDfutw7VhM1x0q4fOBeISqqpMFPeUsmc/kJ+PmIfC+Gkmmfb0dMocHBGUv6zS
Nq7HaSV0pIbOFBK+VAHyLblHh92EncObPdHTpDfeMXStQivL8u21HNvqlVQ/ssp1
Dy4DX3t4RrcczhkhpK3dSEninBP1UF7e6XA/ufRNNwexFHjOilExmE4hOFoJfWi1
QKJpPIKcPvnv3SzuzusNUpdtsb6I8jnsvEewnWwoplAw2Q5P20sDrMMQyMoN7AFM
595oVAl2myHosHTEuHKu
=uDef
-----END PGP SIGNATURE-----
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/