Nmap Development mailing list archives
Re: ncat broadcast support?
From: Daniel Miller <bonsaiviking () gmail com>
Date: Wed, 12 May 2010 09:38:02 -0500
Well, since my patch applies to the Nsock library instead of just Ncat, it probably does affect other things. I figured that checking if the connection is to INADDR_BROADCAST would prevent most complications. I'm pretty sure we wouldn't want SO_BROADCAST on every socket, since it (I think) affects the way the socket receives responses from the network. Again, any tips for what interactions to check for or a test suite to run would be great.
Dan On 05/12/2010 09:21 AM, Ron wrote:
Hey Daniel, Do you know if this can potentially affect anything else in the application? In other words, is there any reason that we *wouldn't* want SO_BROADCAST on every connection? If there is, you might want to add a commandline argument --broadcast that sets SO_BROADCAST rather than setting it in every case. But, if there's no side effect, then setting it in every case is probably ok (not that it's my call to make :) ). Ron On Wed, 12 May 2010 09:16:50 -0500 Daniel Miller <bonsaiviking () gmail com> wrote:Thanks for the tip, Ron! Here's what I came up with, which works for me for this particular application. --- nmap.orig/nsock/src/nsock_connect.c 2010-05-12 09:09:20.663173832 -0500 +++ nmap/nsock/src/nsock_connect.c 2010-05-11 16:32:33.347640392 -0500 @@ -120,6 +120,14 @@ void nsock_connect_internal(mspool *ms, } } + if (sin->sin_addr.s_addr == INADDR_BROADCAST) { + int rval; + if (setsockopt(iod->sd, SOL_SOCKET, SO_BROADCAST, (void*) &rval, sizeof(int)) == -1) { + if (ms->tracelevel> 0) + nsock_trace(ms, "Setting of SO_BROADCAST failed (IOD #%li) EID %li", iod->id, nse->id); + } + } + if (connect(iod->sd, (struct sockaddr *) ss, sslen) == -1) { int err = socket_errno(); I'd like to make it part of the official distribution, but I know I'm missing some critical pieces: 1. I don't think this supports IPv6 2. It will probably do the same thing for TCP, which may break or not work as expected 3. I don't have a good test suite to make sure I didn't break anything 4. I only tested on Ubuntu 10.04 with g++ 4.4.3 Any hints as to what my next step would be? Thanks, Dan On 05/11/2010 03:31 PM, Ron wrote:I believe what you need to do is find out where it calls Socket() and add a call to Setsockopt() with SO_BROADCAST set to 1. Search udp.c in my nbtool codebase for 'SO_BROADCAST': http://svn.skullsecurity.org:81/ron/security/nbtool/udp.c To see an example. Hope that helps! On Tue, 11 May 2010 15:00:22 -0500 Daniel Miller <bonsaiviking () gmail com> wrote:I would like to use ncat in UDP mode to send broadcast datagrams, but I get "permission denied" errors, even running as root. I understand that there are differences in how to call the underlying system calls when connecting to broadcast, and I'm willing to attempt a patch, but I don't know where to start. Could someone give me a quick pointer to the files I'd have to change to get this to work? doesnotwork# ncat -vvvvv --udp 192.168.1.255 161 Ncat: Version 5.30BETA1 ( http://nmap.org/ncat ) NSOCK (0.0010s) UDP connection requested to 255.255.255.255:161 (IOD #1) EID 8 NSOCK (0.0010s) Callback: CONNECT ERROR [Permission denied (13)] for EID 8 [255.255.255.255:161] Ncat: Permission denied. Thanks for any assistance (or "No, that's a bad idea," as the case may be) Dan _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- ncat broadcast support? Daniel Miller (May 11)
- Re: ncat broadcast support? Ron (May 11)
- Re: ncat broadcast support? Daniel Miller (May 12)
- Re: ncat broadcast support? Ron (May 12)
- Re: ncat broadcast support? Daniel Miller (May 12)
- Re: ncat broadcast support? Daniel Miller (May 12)
- Re: ncat broadcast support? Fyodor (May 12)
- Re: ncat broadcast support? Daniel Miller (May 13)
- Re: ncat broadcast support? Daniel Miller (May 13)
- Re: ncat broadcast support? Norris Carden (May 14)
- Re: ncat broadcast support? Daniel Miller (May 14)
- Re: ncat broadcast support? Luis MartinGarcia (May 14)
- Re: ncat broadcast support? David Fifield (May 18)
- Re: ncat broadcast support? David Fifield (May 18)
- Re: ncat broadcast support? David Fifield (May 20)
- Re: ncat broadcast support? Daniel Miller (May 12)
- Re: ncat broadcast support? Ron (May 11)