Nmap Development mailing list archives
Re: [NSE] Interface info of raw IPv4 sockets
From: Gorjan Petrovski <mogi57 () gmail com>
Date: Wed, 22 Jun 2011 16:43:01 +0200
If you run Nmap with the '-e' or '-S' options then nmap.get_interface() will return the correct interface that will be used.
I see, I didn't realize that it's explicitly for those cases. I thought that it chooses some contextually default interface when no explicit interface is specified. Thanks for clearing that up! :)
o nmap.get_interface(): is for prerule scripts, when we do not know the targets, routes, etc. We let the user to specify the appropriate interface. o host.interface: is for hostrule and portrule scripts, since the interface can change based on the targets and their routes.
I understand that, that's why I tested it in both cases, since I wasn't sure when it would register the interface (which you explained above)
I suppose a better alternative would be a dnet:get_interface() function which returns info on the interface of an open IP socket, since we have no way of specifying which interface the IP socket opens on. Better yet, an optional argument to the dnet:ip_open(interface), to let us specify the interface for the IP socket and a fix for the nmap.get_interface() function.Normally nmap.get_interface() and nmap.get_interface_info() should cover all the situations, at least for the broadcast and pcap stuff, but for dnet I don't know. After a first look it seems that the info (device, and routes, etc) are built during the dnet:ip_send() call.
Well, the way I understand it, if the interface for the raw IP socket is the one specified with the -e option then everything's resolved. I just have to make the -e option mandatory for the broadcast-ping script I'm working on right now.
BTW I don't think that we should fix nmap.get_interface() since it only returns the interface that was specified with '-e' option when running Nmap, instead I think that NSE code must respect that choice, and deal with it.
With the new information in mind, I agree completely :) Thanks for the quick reply, really cleared things up! Cheers, Gorjan _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [NSE] Interface info of raw IPv4 sockets Gorjan Petrovski (Jun 22)
- Re: [NSE] Interface info of raw IPv4 sockets Djalal Harouni (Jun 22)
- Re: [NSE] Interface info of raw IPv4 sockets Gorjan Petrovski (Jun 22)
- Re: [NSE] Interface info of raw IPv4 sockets Djalal Harouni (Jun 22)
- Re: [NSE] Interface info of raw IPv4 sockets Gorjan Petrovski (Jun 23)
- Re: [NSE] Interface info of raw IPv4 sockets Gorjan Petrovski (Jun 23)
- Re: [NSE] Interface info of raw IPv4 sockets Gorjan Petrovski (Jun 22)
- Re: [NSE] Interface info of raw IPv4 sockets Djalal Harouni (Jun 22)
- Re: [NSE] Interface info of raw IPv4 sockets Gorjan Petrovski (Jun 22)