PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-10 06:51:33 +00:00
Code Issues Projects Releases Wiki Activity

Rolled back change while I fix a bug

Browse Source
This commit is contained in:
michael
2008-07-15 18:15:34 +00:00
parent f57301ef61
commit 575b6cee19
2 changed files with 83 additions and 53 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
CHANGELOG
View File

@@ -62,9 +62,6 @@ o Added --ip-options support for the connect() scan (-sT). [Kris]
o Changed the order preference of timing ping propes. [Michael] o Changed the order preference of timing ping propes. [Michael]
o Enabled nmap to switch between multiple types of timing pings during port
scanning. [Michael]
Nmap 4.68 [2008-6-28] Nmap 4.68 [2008-6-28]
o Doug integrated all of your version detection submissions and o Doug integrated all of your version detection submissions and

115
scan_engine.cc
View File

@@ -966,19 +966,21 @@ double GroupScanStats::cc_scale() {
for a connect scan. */ for a connect scan. */
static bool pingprobe_is_appropriate(const UltraScanInfo *USI, static bool pingprobe_is_appropriate(const UltraScanInfo *USI,
const probespec *pingprobe) { const probespec *pingprobe) {
switch(pingprobe->type){ if (pingprobe->type == PS_NONE)
case(PS_NONE):
return true; return true;
case(PS_CONNECTTCP): else if (pingprobe->type == PS_TCP)
return USI->scantype == CONNECT_SCAN || (USI->ping_scan && USI->ptech.connecttcpscan); return USI->tcp_scan || (USI->ping_scan && USI->ptech.rawtcpscan);
case(PS_TCP): else if (pingprobe->type == PS_UDP)
case(PS_UDP): return USI->udp_scan || (USI->ping_scan && USI->ptech.rawudpscan);
case(PS_PROTO): else if (pingprobe->type == PS_PROTO)
case(PS_ICMP): return USI->prot_scan || (USI->ping_scan && USI->ptech.rawprotoscan);
return ((USI->ping_scan && !USI->ping_scan_arp) || pingprobe->pd.icmp.type == 3); else if (pingprobe->type == PS_ICMP)
case(PS_ARP): return (USI->ping_scan && !USI->ping_scan_arp) || pingprobe->pd.icmp.type == 3;
else if (pingprobe->type == PS_ARP)
return USI->ping_scan_arp; return USI->ping_scan_arp;
} else if (pingprobe->type == PS_CONNECTTCP)
return USI->scantype == CONNECT_SCAN || (USI->ping_scan && USI->ptech.connecttcpscan);
return false; return false;
} }
@@ -4546,54 +4548,85 @@ static void waitForResponses(UltraScanInfo *USI) {
/* Initiate libpcap or some other sniffer as appropriate to be able to catch /* Initiate libpcap or some other sniffer as appropriate to be able to catch
responses */ responses */
static void begin_sniffer(UltraScanInfo *USI, vector<Target *> &Targets) { static void begin_sniffer(UltraScanInfo *USI, vector<Target *> &Targets) {
string pcap_filter=""; char pcap_filter[2048];
/* 20 IPv6 addresses is max (45 byte addy + 14 (" or src host ")) * 20 == 1180 */ /* 20 IPv6 addresses is max (45 byte addy + 14 (" or src host ")) * 20 == 1180 */
string dst_hosts=""; char dst_hosts[1200];
char macstring[100]; int filterlen = 0;
unsigned int len = 0; int len;
unsigned int targetno; unsigned int targetno;
bool doIndividual = Targets.size() <= 20; // Don't bother IP limits if scanning huge # of hosts bool doIndividual = Targets.size() <= 20; // Don't bother IP limits if scanning huge # of hosts
pcap_filter[0] = '\0';
if (!USI->isRawScan()) if (!USI->isRawScan())
return; /* No sniffer needed! */ return; /* No sniffer needed! */
if (doIndividual) { if (doIndividual) {
for(targetno = 0; targetno < Targets.size(); targetno++) { for(targetno = 0; targetno < Targets.size(); targetno++) {
dst_hosts+=(targetno == 0)? "" : " or "; len = Snprintf(dst_hosts + filterlen,
dst_hosts+="src host "; sizeof(dst_hosts) - filterlen,
dst_hosts+=Targets[targetno]->targetipstr(); "%ssrc host %s", (targetno == 0)? "" : " or ",
Targets[targetno]->targetipstr());
if (len < 0 || len + filterlen >= (int) sizeof(dst_hosts))
fatal("ran out of space in dst_hosts");
filterlen += len;
} }
} }
filterlen = 0;
USI->pd = my_pcap_open_live(Targets[0]->deviceName(), 100, (o.spoofsource)? 1 : 0, pcap_selectable_fd_valid()? 200 : 2); USI->pd = my_pcap_open_live(Targets[0]->deviceName(), 100, (o.spoofsource)? 1 : 0, pcap_selectable_fd_valid()? 200 : 2);
if(USI->ping_scan_arp){
if (USI->tcp_scan || USI->udp_scan) {
if (doIndividual)
len = Snprintf(pcap_filter, sizeof(pcap_filter),
"dst host %s and (icmp or (%s and (%s)))",
inet_ntoa(Targets[0]->v4source()),
(USI->tcp_scan)? "tcp" : "udp", dst_hosts);
else len = Snprintf(pcap_filter, sizeof(pcap_filter),
"dst host %s and (icmp or %s)",
inet_ntoa(Targets[0]->v4source()),
(USI->tcp_scan)? "tcp" : "udp");
if (len < 0 || len >= (int) sizeof(pcap_filter))
fatal("ran out of space in pcap filter");
filterlen = len;
} else if (USI->prot_scan || (USI->ping_scan && USI->ptech.rawprotoscan)) {
if (doIndividual)
len = Snprintf(pcap_filter, sizeof(pcap_filter),
"dst host %s and (icmp or (%s))",
inet_ntoa(Targets[0]->v4source()), dst_hosts);
else
len = Snprintf(pcap_filter, sizeof(pcap_filter), "dst host %s",
inet_ntoa(Targets[0]->v4source()));
if (len < 0 || len >= (int) sizeof(pcap_filter))
fatal("ran out of space in pcap filter");
filterlen = len;
} else if (USI->ping_scan_arp) {
const u8 *mac = Targets[0]->SrcMACAddress(); const u8 *mac = Targets[0]->SrcMACAddress();
assert(mac); assert(mac);
pcap_filter="arp and ether dst host "; len = Snprintf(pcap_filter, sizeof(pcap_filter),
len = Snprintf(macstring, sizeof(macstring), "arp and ether dst host %02X:%02X:%02X:%02X:%02X:%02X",
"%02X:%02X:%02X:%02X:%02X:%02X", mac[0], mac[1], mac[2], mac[3], mac[4], mac[5]); mac[0], mac[1], mac[2], mac[3], mac[4], mac[5]);
if(len>=sizeof(macstring)) if (len < 0 || len >= (int) sizeof(pcap_filter))
fatal("macstring too long"); fatal("ran out of space in pcap filter");
pcap_filter+=macstring; filterlen = len;
//its not arp or connect, so it must be tcp, udp, prot, or icmp } else if (USI->ping_scan) {
}else {
/* Handle all the different ping types (except ARP and TCP connect) with one /* Handle all the different ping types (except ARP and TCP connect) with one
filter. */ filter. */
if (doIndividual){ if (doIndividual)
pcap_filter="dst host "; len = Snprintf(pcap_filter, sizeof(pcap_filter),
pcap_filter+=inet_ntoa(Targets[0]->v4source()); "dst host %s and (icmp or ((tcp or udp) and (%s)))",
pcap_filter+=" and (icmp or ((tcp or udp) and ("; inet_ntoa(Targets[0]->v4source()), dst_hosts);
pcap_filter+=dst_hosts; else
pcap_filter+=")))"; len = Snprintf(pcap_filter, sizeof(pcap_filter),
}else{ "dst host %s and (icmp or tcp or udp)",
pcap_filter="dst host "; inet_ntoa(Targets[0]->v4source()));
pcap_filter+=inet_ntoa(Targets[0]->v4source()); if (len < 0 || len >= (int) sizeof(pcap_filter))
pcap_filter+=" and (icmp or tcp or udp)"; fatal("ran out of space in pcap filter");
} filterlen = len;
} } else assert(0); /* Other scan types? */
if (o.debugging > 2) log_write(LOG_PLAIN, "Pcap filter: %s\n", pcap_filter.c_str()); if (o.debugging > 2) log_write(LOG_PLAIN, "Pcap filter: %s\n", pcap_filter);
set_pcap_filter(Targets[0]->deviceName(), USI->pd, pcap_filter.c_str()); set_pcap_filter(Targets[0]->deviceName(), USI->pd, pcap_filter);
/* pcap_setnonblock(USI->pd, 1, NULL); */ /* pcap_setnonblock(USI->pd, 1, NULL); */
return; return;
} }