Openflow info #711
Closed
Openflow info #711
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
dmiller-nmap
requested changes
Mar 3, 2017
dmiller-nmap
left a comment
There was a problem hiding this comment.
This is really good. Fix up the one call to comm.tryssl and we'll call it good. I'd do it myself before merging but I'd like for you to verify that it still works against the service.
| -- Earlier versions either say hello without the bitmap. | ||
| -- Some implementations are shy and don't make the first move, so we'll say | ||
| -- hello first. We'll pretend to be a switch using version 1.0 of the protocol | ||
| local socket, response = comm.tryssl(host, port, hello, {recv_first = false, bytes = OPENFLOW_HEADER_SIZE}) |
There was a problem hiding this comment.
The option to comm.tryssl should be recv_before and for this protocol it should be true. I've updated the docs for that function since I've had trouble understanding it in the past as well. recv_before means "if it's plaintext, you'll get a banner" essentially.
|
Thanks for the review. We'll get the updated version tested and back to you in about 3 weeks, since @JaySmithWpg and the test environment are inaccessible until then. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
https://secwiki.org/w/Nmap/Script_Ideas#.60openflow-info.60_and_service_probe
Script for gathering information from openflow controllers and a service probe for all versions.
Unfortunately, all of the really interesting information gathering packets in openflow, such as feature request or description request, are designed to be sent from the openflow controller to the switch (played here by nmap) rather than the other way around. For newer versions of openflow (>= 1.3), we are able to at least enumerate all supported versions of the protocol spoken by the controller.