Small cleanups to the LLMR responder module

Author: HD Moore

modules/auxiliary/spoof/llmnr/llmnr_response.rb

@@ -139,9 +139,7 @@ def dispatch_request(packet, rhost, src_port)
     end
     ip_pkt.recalc
 
-    open_pcap
-      capture_sendto(ip_pkt, rhost.to_s, true)
-    close_pcap
+    capture_sendto(ip_pkt, rhost.to_s, true)
   end
 
   def monitor_socket
@@ -176,7 +174,10 @@ def should_print_reply?(host)
 
   def run
     check_pcaprub_loaded()
-    ::Socket.do_not_reverse_lookup = true
+    ::Socket.do_not_reverse_lookup = true  # Mac OS X workaround
+
+    # Avoid receiving extraneous traffic on our send socket
+    open_pcap({'FILTER' => 'ether host f0:f0:f0:f0:f0:f0'})
 
     # Multicast Address for LLMNR
     multicast_addr = ::IPAddr.new("224.0.0.252")
@@ -191,12 +192,14 @@ def run
     self.sock = Rex::Socket.create_udp(
       # This must be INADDR_ANY to receive multicast packets
       'LocalHost' => "0.0.0.0",
-      'LocalPort' => 5355)
+      'LocalPort' => 5355,
+      'Context'   => { 'Msf' => framework, 'MsfExploit' => self }
+    )
     self.sock.setsockopt(::Socket::SOL_SOCKET, ::Socket::SO_REUSEADDR, 1)
     self.sock.setsockopt(::Socket::IPPROTO_IP, ::Socket::IP_ADD_MEMBERSHIP, optval)
 
     self.thread = Rex::ThreadFactory.spawn("LLMNRServerMonitor", false) {
-        monitor_socket
+      monitor_socket
     }
 
     print_status("LLMNR Spoofer started. Listening for LLMNR requests with REGEX \"#{datastore['REGEX']}\" ...")
@@ -206,9 +209,13 @@ def run
     while thread.alive?
       select(nil, nil, nil, 0.25)
     end
-
-    self.thread.kill
-    self.sock.close rescue nil
   end
 
+  def cleanup
+    if self.thread and self.thread.alive?
+      self.thread.kill
+      self.thread = nil
+    end
+    close_pcap
+  end
 end