Nmap Development mailing list archives
Re: Exp Features: -oP (pcap output format) and --version-ports
From: Kris Katterjohn <katterjohn () gmail com>
Date: Wed, 14 May 2008 21:56:18 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 jah wrote:
On 15/05/2008 00:05, Kris Katterjohn wrote:But besides all of that, do you (or anybody) think the functionality as-is would be good for Nmap proper? I find the ability to log just the raw packets quite useful, and any ideas for connect() logging can be added later if implemented.I have found it quite useful too, on occasions it's been really useful for getting a better understanding of a result from OS detection. I think it would be a killer feature if it could capture more - and it might be that including it now would generate enough interest to move it in that direction.
Great, I'm glad you like it. Hopefully we can find an elegant solution for logging more information, because that would definitely be better.
I've been meaning to look into why I only see MAC Addresses in ARP packets, but I haven't got around to that yet. Is that by design?
I needed a single datalink type to be able to log ARP and IP packets together, so I eventually settled on DLT_EN10MB (Ethernet). ARP packets are built/sent and received with an Ethernet header, so the MAC addresses get logged with no problem. However, when IP packets are sent or received using raw sockets, this information in unavailable, but I still need to provide something since I'm using the Ethernet format. I zero the hardware addresses and set the ethertype to IP (0x0800). This is all portable because it's all just in malloc()'d space rather than some structs. When sending IP packets with libdnet, the MAC address information is available and should get logged. I accidentally left this out, but I have committed a fix in my branch. Thanks for bringing this to my attention. Again, all of this is portable because it's all built and manipulated in malloc()'d space. The "magic" for timing information and ethernet header data is in log_pcap() in output.cc.
Regards, jah
Thanks again, Kris Katterjohn -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQIVAwUBSCumT/9K37xXYl36AQI9lxAAph1eRyQsZrYK2yOnGNhjNkZ1EZXQEFR2 m3Byxjo2rVdtH5MtM0SeGpmV5cHn10+o6mfLOIYk8re/6bM03ahRI2+rGxn/WQMd sbJPr7d2L0oqS/bz8gwYzRTUH550AR/735iRTwyUuQ64qEv1Zc3prumEg/KAZfgG GRpOq7heRKI94DCCSHn+Jl9275PbkVZYcFMMZekVkWk60RBwaJSOSmoK2d0WMsDm w8CRFUrx6qjv4Cf3V2uI6ODd+sspdNirxYfNOBTcYuWibfulgn38CdowmBuqx5aW +q2jd7bwmCz8loRHTF7Kw1oE0T65oXLxB5YeYP8aWfZThtHec+QE4vvgYVoDcECx RRFnnbmvj4ZAmRddAtLHDgHOCF4AVEt80vOngYcZRDsKqmG0WoWzibOH0TmZqKTP 69fcrukQq9VNRTPhNe4K2AmBpoWQY0/BD+F/LxyrTU6dfRCyiKg44Bu/0FSCSWMi KApc0DiAUUdW0og1edOTUyibI0WIVnFE9Wod3YO7IE1aWD7bJiotYHX2Xi9kip+x l5B8CNs/0sAvp0QcYSQo9YVcFuWcIkTLc+YZiqiEYlk4bl1wo5o4Mf+DnKR6+jX4 jRLgd5LoWWd9iG+2xwv5UV60KWG3fWkMb1X0zjHSzBaQiGxaIJ6ZjEX/vjoWmkmu ojPP61ub0x0= =FLAf -----END PGP SIGNATURE----- _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Exp Features: -oP (pcap output format) and --version-ports Kris Katterjohn (Apr 28)
- Re: Exp Features: -oP (pcap output format) and --version-ports jah (Apr 29)
- Re: Exp Features: -oP (pcap output format) and --version-ports Kris Katterjohn (May 14)
- Re: Exp Features: -oP (pcap output format) and --version-ports jah (May 14)
- Re: Exp Features: -oP (pcap output format) and --version-ports Kris Katterjohn (May 14)
- Re: Exp Features: -oP (pcap output format) and --version-ports Kris Katterjohn (May 14)
- Re: Exp Features: -oP (pcap output format) and --version-ports jah (Apr 29)