Re: 2 ideas for NMAP, 1 open question

["Andy Lutomirski" <luto () myrealbox com>]

[thank you Peter Thoenen for working around my stupidity]



On the note of libnetNT, AFAIK this is quite thoroughly incompatible with
nmap for windows.  It uses the same codebase as the old nmapNT by ryan at
eeye.com.  That means that it uses raw winpcap naming, among other things.
The current raw networking layer in nmap for windows uses a custom interface
naming scheme that is both portable (across windows platforms) and usable by
people who don't like typing GUIDs.  LibnetNT (or almost any other scheme
for that matter) would need to be modified to interact with it.
Incidentally, I have been (very slowly) working on converting the nmap raw
sockets layer to a full standalone windows (hopefully portable to *nix)
library that would include link-layer features.  It shouldn't be that hard
to convert libnet or libdnet to use it in any case.  Note that this would
still not provide ARP scans on Win2K+ using raw sockets (AFAIK link-layer
access simply cannot be done without kernel support).  Incidentally,
however, Windows provides APIs (98 and up) that allow ARP scanning, although
they are IIRC synchronous, which is not terribly useful.  That being said,
one could still simply fire off junk packets to a host and read off the ARP
table looking for an ARP response (this would, in any case, be a useful
adjunct to standard massping, in which, after a _failed_ ping, the ARP cache
could be queried).



It seems like, if support for platforms without good link-layer raw packet
support (windows ;) is desired, it would be best to have functions like
send_arp_query and check_arp_response along with associated init/cleanup
routines that could be rewritten for different platforms.  This would allow
ARP scanning to be taylored to each platform without strongly binding it to
any given raw link-layer library.  (One could, of course, write generic
libnet/libpcap versions.)  That means that it would fit in with the current
windows nmap paradigm of using whatever network features are available
depending on version, and using straight iphlpapi / inetmib1 to support ARP
scans on all windows platforms without third-party libraries (i.e. winpcap).



Now that I've said all that, I should go write it ;)



Andy




----- Original Message -----
From: "Peter Thoenen" <eol1 () yahoo com>
To: <nmap-dev () insecure org>
Sent: Thursday, May 30, 2002 8:20 AM
Subject: Re: 2 ideas for NMAP, 1 open question


> Speaking of libnet not porting... it definitely
> doesn't compile on win32 :(  ... eyee has a custom
> libnet like product (free,

> http://www.eeye.com/html/Research/Tools/libnetnt.html))
> but not sure this will help.  Would like to see
libnet
> built into nmap also ... its just that I am a
win32
> nmap user :)
>
> -Peter
>
> --- William McVey <wam () cisco com> wrote:
> > On Thu, 2002-05-30 at 04:24, Frans Gidlf wrote:
> > > I just have to point out that libnet does not
> > compile on OSX...
> >
> > According to:

tp://www.caos.aamu.edu/pub/MacOS_X/BSD/Libraries/Networking/libnet/
> > libnet *is* available for MacOSX.  I don't have
a
> > Mac to play with, so I
> > don't know if it works or not, but even if it
> > doesn't, I'd prefer to see
> > the development effort go to porting underlying
> > libraries, rather than
> > re-writing functionality already present in a
> > (mostly) portable library.
> >
> >   -- William

-------------------------------------------------------------------
> > For help using this (nmap-dev) mailing list,
send a
> > blank email to
> > nmap-dev-help () insecure org . List run by
ezmlm-idx
> > (www.ezmlm.org).
>
>
> =====
> Never underestimate the extent of human stupidity.
> De Opresso Liber
>
> __________________________________________________
> Do You Yahoo!?
> Yahoo! - Official partner of 2002 FIFA World Cup
> http://fifaworldcup.yahoo.com

-------------------------------------------------------------------
> For help using this (nmap-dev) mailing list, send
a blank email to
> nmap-dev-help () insecure org . List run by ezmlm-idx
(www.ezmlm.org).
>



---------------------------------------------------------------------
For help using this (nmap-dev) mailing list, send a blank email to 
nmap-dev-help () insecure org . List run by ezmlm-idx (www.ezmlm.org).