Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Openflow info #711

Closed
wants to merge 9 commits into from
Closed

Openflow info #711

wants to merge 9 commits into from

Conversation

@JaySmithWpg
Copy link

@JaySmithWpg JaySmithWpg commented Feb 27, 2017

https://secwiki.org/w/Nmap/Script_Ideas#.60openflow-info.60_and_service_probe
Script for gathering information from openflow controllers and a service probe for all versions.

Unfortunately, all of the really interesting information gathering packets in openflow, such as feature request or description request, are designed to be sent from the openflow controller to the switch (played here by nmap) rather than the other way around. For newer versions of openflow (>= 1.3), we are able to at least enumerate all supported versions of the protocol spoken by the controller.

Copy link

@dmiller-nmap dmiller-nmap left a comment

This is really good. Fix up the one call to comm.tryssl and we'll call it good. I'd do it myself before merging but I'd like for you to verify that it still works against the service.

-- Earlier versions either say hello without the bitmap.
-- Some implementations are shy and don't make the first move, so we'll say
-- hello first. We'll pretend to be a switch using version 1.0 of the protocol
local socket, response = comm.tryssl(host, port, hello, {recv_first = false, bytes = OPENFLOW_HEADER_SIZE})

This comment has been minimized.

@dmiller-nmap

dmiller-nmap Mar 3, 2017

The option to comm.tryssl should be recv_before and for this protocol it should be true. I've updated the docs for that function since I've had trouble understanding it in the past as well. recv_before means "if it's plaintext, you'll get a banner" essentially.

@mogigoma
Copy link

@mogigoma mogigoma commented Mar 3, 2017

Thanks for the review. We'll get the updated version tested and back to you in about 3 weeks, since @JaySmithWpg and the test environment are inaccessible until then.

@nmap-bot nmap-bot closed this in 532d5a5 Oct 19, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked issues

Successfully merging this pull request may close these issues.

None yet

3 participants
You can’t perform that action at this time.