Re: SoC Idea: Pcap compatible output for received packets

["Justin Knox" <knox.justin () gmail com>]

Kris, I really like that idea. Would it be possible to record the
packets sent by the scanning host as well? Seems like when using a
connect() scan this might not be possible, but if we're doing SYN or
other where the pcap library is being used already...

capture filter for inbound packets would be your target host's IP (or
any hosts you're bouncing from...)


Wow. I'm interested to see what others have to say ;)
--Justin

On 6/9/07, Kris Katterjohn <katterjohn () gmail com> wrote:
> Hey everyone!
>
> I thought of this idea a couple days ago, and in looking I see that
> Unicornscan implements it all ready.
>
> Basically, an option to output the received packets in pcap compatible
> format so they can later be read by programs like tcpdump, ettercap, and
> wireshark.
>
> It should be pretty easy to do, but doesn't really need to be in Nmap
> unless people will use it.  So if you can give me a yay or nay, that'd
> be cool.  And if you can give examples of what you'd use it for, that'd
> be even better.
>
> I would love to be able to get the sent packets outputted in this format
> as well, but since libpcap is a packet _capturing_ library, I don't know
> how to do that when scanning something other than localhost :) If you
> think you know how, please say so!  Because that would be awesome!
> Aside from hacking libpcap anyway :)
>
> Well, please let me know what you think!
>
>
> Thanks,
> Kris Katterjohn
>
>
>
> _______________________________________________
> Sent through the nmap-dev mailing list
> http://cgi.insecure.org/mailman/listinfo/nmap-dev
> Archived at http://SecLists.Org

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org