id = "PCAP example"
description = ""
author = "Marek Majkowski <majek04+nse@gmail.com>"
license = "See nmaps COPYING for licence"

--[[

]]--

categories = {"discovery"}
require "packet"

hostrule = function(host, port)
        return true
end

-- the key is source host field of ip packet. ie 12-15th byte of layer3 (ip)
pcap_callback = function(packetsz, layer2, layer3)
        return string.sub(layer3, 12+1, 15+1) -- indexes begin with 1 (not 0)
end

action = function(host, port)
        local pcap = nmap.new_socket()
        local conn = nmap.new_socket()
        
        local _, layer2, layer3, status, i
        
        pcap:pcap_open(host.interface, 96, 0, pcap_callback, "tcp and src port 22" ) --"udp and src port 123")
        pcap:set_timeout(5000)
    
        for i=1,1 do
                pcap:pcap_register(host.bin_ip)
                conn:connect(host.ip, 22)
    
                status ,_, layer2, layer3 = pcap:pcap_receive()
                if status == true then
                        conn:close()
                        return(string.format('packet got! (src host %s) packet:%s', packet.toip(string.sub(layer3, 12+1, 15+1)), packet.bintohex(layer3)  ))
                end
        end
        
        conn:close()
        return nil
end