Understanding advanced network I/O

Another powerful feature of Nsock is the ability to process raw packets with a wrapper to Libpcap. Libpcap provides a framework for user-level packet captures that is platform-independent and very robust. NSE developers that need to receive raw packets or send packets to the IP and Ethernet layer can do so through the Nmap API.

In this section, we will learn about the pcap_open, pcap_register, and pcap_receive methods, which are used to receive raw packets, and ip_open, ip_send, ip_close, ethernet_open, ethernet_send, and ethernet_close, which are used to send raw frames.

Opening a socket for raw packet capture

The first step to handling raw packets is to open an NSE socket. Import the nmap library and create a ...

Get Mastering the Nmap Scripting Engine now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Mastering the Nmap Scripting Engine by Paulino Calderón Pale

Understanding advanced network I/O

Opening a socket for raw packet capture

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly