Categories: broadcast, safe
Sniffs the network for incoming broadcast communication and attempts to decode the received packets. It supports protocols like CDP, HSRP, Spotify, DropBox, DHCP, ARP and a few more. See packetdecoders.lua for more information.
The script attempts to sniff all ethernet based interfaces with an IPv4 address unless a specific interface was given using the -e argument to Nmap.
specifies the amount of seconds to sniff the network interface. (default 30s)
The script attempts to discover all available ipv4 network interfaces, unless the Nmap -e argument has been supplied, and then starts sniffing packets on all of the discovered interfaces. It sets a BPF filter to exclude all packets that have the interface address as source or destination in order to capture broadcast traffic.
Incoming packets can either be either layer 3 (usually UDP) or layer 2. Depending on the layer the packet is matched against a packet decoder loaded from the external nselib/data/packetdecoder.lua file. A more detailed description on how the decoders work can be found in that file. In short, there are two different types of decoders: udp and ether. The udp decoders get triggered by the destination port number, while the ether decoders are triggered by a pattern match. The port or pattern is used as an index in a table containing functions to process packets and fetch the decoded results.
nmap --script broadcast-listener nmap --script broadcast-listener -e eth0
| broadcast-listener: | udp | Netbios | ip query | 192.168.0.60 \x01\x02__MSBROWSE__\x02\x01 | DHCP | srv ip cli ip mask gw dns | 192.168.0.1 192.168.0.5 255.255.255.0 192.168.0.1 192.168.0.18, 192.168.0.19 | DropBox | displayname ip port version host_int namespaces | 39000860 192.168.0.107 17500 1.8 39000860 28814673, 29981099 | HSRP | ip version op state prio group secret virtual ip | 192.168.0.254 0 Hello Active 110 1 cisco 192.168.0.253 | ether | CDP | ip id platform version | ? Router cisco 7206VXR 12.3(23) | ARP Request | sender ip sender mac target ip | 192.168.0.101 00:04:30:26:DA:C8 192.168.0.60 |_ 192.168.0.1 90:24:1D:C8:B9:AE 192.168.0.60
Author: Patrik Karlsson
License: Same as Nmap--See https://nmap.org/book/man-legal.html