Home page logo
/
Zenmap screenshot
Intro Reference Guide Book Install Guide
Download Changelog Zenmap GUI Docs
Bug Reports OS Detection Propaganda Related Projects
In the Movies In the News
Example Nmap output

File broadcast-listener

Script types: prerule
Categories: broadcast, safe
Download: http://nmap.org/svn/scripts/broadcast-listener.nse

User Summary

Sniffs the network for incoming broadcast communication and attempts to decode the received packets. It supports protocols like CDP, HSRP, Spotify, DropBox, DHCP, ARP and a few more. See packetdecoders.lua for more information.

The script attempts to sniff all ethernet based interfaces with an IPv4 address unless a specific interface was given using the -e argument to Nmap.

Script Arguments

broadcast-listener.timeout

specifies the amount of seconds to sniff the network interface. (default 30s)

The script attempts to discover all available ipv4 network interfaces, unless the Nmap -e argument has been supplied, and then starts sniffing packets on all of the discovered interfaces. It sets a BPF filter to exclude all packets that have the interface address as source or destination in order to capture broadcast traffic.

Incoming packets can either be either layer 3 (usually UDP) or layer 2. Depending on the layer the packet is matched against a packet decoder loaded from the external nselib/data/packetdecoder.lua file. A more detailed description on how the decoders work can be found in that file. In short, there are two different types of decoders: udp and ether. The udp decoders get triggered by the destination port number, while the ether decoders are triggered by a pattern match. The port or pattern is used as an index in a table containing functions to process packets and fetch the decoded results.

Example Usage

nmap --script broadcast-listener
nmap --script broadcast-listener -e eth0

Script Output

| broadcast-listener:
|   udp
|       Netbios
|         ip           query
|         192.168.0.60 \x01\x02__MSBROWSE__\x02\x01
|       DHCP
|         srv ip       cli ip       mask             gw           dns
|         192.168.0.1  192.168.0.5  255.255.255.0    192.168.0.1  192.168.0.18, 192.168.0.19
|       DropBox
|         displayname  ip            port   version  host_int  namespaces
|         39000860     192.168.0.107 17500  1.8      39000860  28814673, 29981099
|       HSRP
|         ip             version  op     state   prio  group  secret  virtual ip
|         192.168.0.254  0        Hello  Active  110   1      cisco   192.168.0.253
|   ether
|       CDP
|         ip  id      platform       version
|         ?   Router  cisco 7206VXR  12.3(23)
|       ARP Request
|         sender ip     sender mac         target ip
|         192.168.0.101 00:04:30:26:DA:C8  192.168.0.60
|_        192.168.0.1   90:24:1D:C8:B9:AE  192.168.0.60

Requires


Author: Patrik Karlsson

License: Same as Nmap--See http://nmap.org/book/man-legal.html

Nmap Site Navigation

Intro Reference Guide Book Install Guide
Download Changelog Zenmap GUI Docs
Bug Reports OS Detection Propaganda Related Projects
In the Movies In the News
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]