Nmap Development mailing list archives
Re: [NSE] Raw ethernet frame questions and NSE library questions
From: Kris Katterjohn <katterjohn () gmail com>
Date: Thu, 04 Feb 2010 10:58:03 -0600
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hey kx, On 02/03/2010 09:05 PM, kx wrote:
I wanted to start with sending some ICMP packets, so if nothing exists, and I wanted to put functionality into a library, would it be best to try to extend packet.nse, or create icmp.nse? The same would go for ethernet.
Do you actually need to the ethernet frames? Other than because Nmap trunk requires it for raw sending? I only ask because Marek used to have (a while ago obviously) a patch for raw IP sending for NSE, but it never got into Nmap proper. However, I recently (less than 2 weeks ago) started a new set of changes, which differs from the aforementioned patch, and placed them in svn://svn.insecure.org/nmap-exp/kris/nse-rawip It's not ready for trunk now, but it works nicely for me. Though please let me know if I broke something :) I used some pretty detailed commit logs, so it's all explained there. I didn't commit many times, so it's a short enough read. But basically you use ip_open(), ip_send() and ip_close() like the ethernet_* variety. I also put in a IP ID sequence classifer script (used, for example, to test for zombie suitability for use with -sI. Nmap itself doesn't provide this functionality at the scale NSE can do). This is explained in the logs as well. You can take a look at how the script works, and test with that script too. As you can see in the script, it could use a better method for building the packet, like you're suggesting ;) I bring all this up because if you like it and find it useful then hopefully it can get into trunk in one form or another. If NSE is going to support raw packet sending and receiving, it should provide something at a higher (i.e. better) level than ethernet. Having ethernet sending is great, but not if it's the only option. The only problem is right now it doesn't work on machines with broken raw sockets (the Windows). However that should be a matter of recognizing this and trying to use ethernet anyway, if supported (but see my log message for more). I just have to add this fallback to my branch. I remember you sending patches for Windows before, but hopefully you can give this a try on a different OS until I can add this stuff. Otherwise I might've just wasted our time ;)
Cheers, kx
Thanks, Kris Katterjohn -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQIcBAEBAgAGBQJLavyaAAoJEEQxgFs5kUfutKAQAL+YJ3y3Qtswni8vyhZl0pC5 nIgZlyKBDpk9yXY+fFHXNgOnkv4tyEhmEdhEXN7yJXjBsD/4IYZLEYvmhgE3P2IK 2RzOlmnyKDmbVI9F52XK+5yHhXH1XfVWh8sORnuhUwof97FIMEA1jOfhfnz+NIP1 WyfQnIjp0JYi+2NC6iVlvvVKJLgsTxIlcoididyck18i0wmxlvYyE+QePbCEC/ms JevJUq1oglNH5OdaUdLFha0CAKFjqA3RIl24EvPgS+G9RsjV6ykUfXL6CmlTw33y WeMQWV/lw+GCKWJleflIDUZQwBaLuXXMiRkhSRPo+7LfP2v59USpMIaovGqhl5EW cda5N3s8b5Cex/gASn2WZGJBoo2YWIt+30V7h90NoqG36imlTHNt+DxKjZcpJA+V YKpVhkEM/Y7+FRGxP/f8CLwsFhNpthSi54NZ+kQosMKL0OK3Z0lUniTnZC+eyY8m JJX6N5k7zG4JqMMK6/3tlkXJI2eLXBW+hSZtj8/anzMXHF3A+PaNtpJroPtD7MMI DFZaVrw6xSqnpZvZX+yVAU1EinENgyZl6ziIljW1Xss83Ylt6tAwApGMSD0+sC9+ h/hiNzV5e3NFFx5/S2IX6odQPdgVL/clphuUjQWcfUFZkFGZy3oieKC0kfKjZ/q9 VXyrZ/4b0RcKdwnKEgD0 =pXFW -----END PGP SIGNATURE----- _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [NSE] Raw ethernet frame questions and NSE library questions kx (Feb 03)
- Re: [NSE] Raw ethernet frame questions and NSE library questions Kris Katterjohn (Feb 04)
- Re: [NSE] Raw ethernet frame questions and NSE library questions majek04 (Feb 04)
- Re: [NSE] Raw ethernet frame questions and NSE library questions Kris Katterjohn (Feb 04)
- Re: [NSE] Raw ethernet frame questions and NSE library questions kx (Feb 04)
- Re: [NSE] Raw ethernet frame questions and NSE library questions majek04 (Feb 04)
- Re: [NSE] Raw ethernet frame questions and NSE library questions Kris Katterjohn (Feb 04)
- Re: [NSE] Raw ethernet frame questions and NSE library questions majek04 (Feb 04)
- Re: [NSE] Raw ethernet frame questions and NSE library questions Kris Katterjohn (Feb 04)
- Re: [NSE] Raw ethernet frame questions and NSE library questions Fyodor (Feb 04)
- Re: [NSE] Raw ethernet frame questions and NSE library questions Kris Katterjohn (Feb 04)
- Re: [NSE] Raw ethernet frame questions and NSE library questions Kris Katterjohn (Feb 05)
- Re: [NSE] Raw ethernet frame questions and NSE library questions Kris Katterjohn (Feb 05)
- Re: [NSE] Raw ethernet frame questions and NSE library questions kx (Feb 05)