Nmap Development mailing list archives
Re: "sniffer" category
From: David Fifield <david () bamsoftware com>
Date: Tue, 8 Nov 2011 16:35:10 -0800
On Wed, Nov 09, 2011 at 12:27:20AM +0100, Patrik Karlsson wrote:
On Wed, Nov 9, 2011 at 12:01 AM, David Fifield <david () bamsoftware com>wrote:On Tue, Nov 08, 2011 at 09:43:30PM +0000, Luis MartinGarcia. wrote:On 11/08/2011 08:27 PM, David Fifield wrote:On Tue, Nov 08, 2011 at 05:23:52PM +0100, Patrik Karlsson wrote:I'll check the broadcast-listener script for this as well. In regardstothese sniffing scripts I would like to create the "sniffer" categoryandplace them in there, rather than in the broadcast category as we've discussed earlier. I guess that the new category needs to be documented somewhere inadditionto changing the category in the scripts? Where would that place be,and is"sniffer" the category name to go with?Is "sniffer" really what we want to express? It seems to me what people want is a category for "scripts that run on the whole network with a fixed delay that I don't care about when I'm just scanning a fewhosts."I think that people use "broadcast" with that meaning now, mostly intheform "and not broadcast". So "broadcast" might not be the right nameforthe category, but breaking out a separate "sniffer" is just going to make people change to "and not broadcast and not sniffer".I'm not entirely familiar with the current status of NSE scripts but, in my opinion, it'd be good idea to group all those scripts that gather information passively by capturing incoming packets. However, I'd name the category "passive", not "sniffer". I think "passive" scripts can be quite useful in penetration testing when one does not want to inject packets into the network. We could perhaps define the "active" alias as "all and not passive". Does this make sense?"passive" is not a good name. Some of these scripts do in fact send traffic (broadcast-dns-service-discovery is an example). What makes these scripts different is that they do not target the hosts you give on the command line. When I scan scanme.nmap.org with --script=safe, I don't want a bunch of scripts telling me about things on my local network. I really think that's what this is about, not unicast/broadcast, sniffer, or active/passive. If the "broadcast" name really bothers people, can we think of a name that reflects what this category is actually used for?Well, I think the broadcast name is good for the category of scripts that actually do send broadcast and multicast traffic. However, there are at least two broadcast-listener and targets-sniffer that are passive as they don't send any data. These are the ones I was thinking moving to a new category, as they differ from the rest of the broadcast scripts. But, maybe we should wait until we get more of them until we do, I don't know ....
I don't have a problem with giving those scripts better category names. But there needs to be a new category that includes all the scripts that are currently in "broadcast". A "sniffer" category may be nice to have, but "and not broadcast" serves a very real use case that we can't throw away. A short-term solution would be to add the "sniffer" category to those scripts, but not take them out of "broadcast". I'm not quite convinced of the need for "sniffer" though. "broadcast" is not a good name for what it's used for, even if what it's used for is useful. Something needs to fill the void if it stops meaning what it does now. I'm fine with separate or overlapping "broadcast" and "sniffer" categories, as long as there is a new category that means "broadcast or sniffer" to make them easy to turn off. David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- targets-sniffer not using promiscuous mode? David Fifield (Oct 07)
- Re: targets-sniffer not using promiscuous mode? David Fifield (Nov 08)
- Re: targets-sniffer not using promiscuous mode? Patrik Karlsson (Nov 08)
- "sniffer" category David Fifield (Nov 08)
- Re: "sniffer" category Patrik Karlsson (Nov 08)
- Re: "sniffer" category Luis MartinGarcia. (Nov 08)
- Re: "sniffer" category David Fifield (Nov 08)
- Re: "sniffer" category Patrik Karlsson (Nov 08)
- Re: "sniffer" category David Fifield (Nov 08)
- Re: targets-sniffer not using promiscuous mode? Patrik Karlsson (Nov 08)
- Re: targets-sniffer not using promiscuous mode? David Fifield (Nov 08)