Nmap Development mailing list archives
Re: Design decisions
From: Fyodor <fyodor () insecure org>
Date: Thu, 19 Dec 2002 23:07:53 -0800
On Thu, Dec 19, 2002 at 10:58:38PM +0100, R Anderson wrote:
Greetings, F[ry]odor and everyone
I'm Fyodor again :).
1. I have a working patch that adds intermediate ICMP's received, per the schema proposal, to XML output.
Sounds cool -- I have wanted this sort of behavior for a while. Does it work with all the "raw" scan types (where reasonable)? Is it generic enough to store the reason for a port state (eg host unreachable, admin prohibited by firewall, RST, etc) and the souce IP that gave us the packet?
- Never collate ports in the XML output. I thought this was the obvious solution until I realised it will lead to unnecessary large XML files when scanning 128K ports :^)
Youch. Yeah, that is 2.5MB/host if you add just 20 extra bytes -- and it would likely take 40+ bytes.
- Always include the filtered ports that have extra info. This is sensible, right?
But in many cases the "extra info" will be available and the same for every closed or filtered port except for a handful in other states. Perhaps the "ignored" tag could include the state as well as the reason information for the one "ignored" (eg most common) state/reason. Then you could list the ports wich don't match that state AND reason.
2. If I want to include non-intermediate ICMP in the XML output (eg. a strange message from the target itself, perhaps on just some ports), how should I encode it? By leaving out the "srcipaddr" or by filling it in with the target address? I prefer leaving the srcipaddr property out. Or should we modify the schema a little?
What schema are you referring to? One of my old XML proposals? The DTD? Something else? Cheers, -F --------------------------------------------------------------------- For help using this (nmap-dev) mailing list, send a blank email to nmap-dev-help () insecure org . List run by ezmlm-idx (www.ezmlm.org).
Current thread:
- Design decisions R Anderson (Dec 19)
- Re: Design decisions Fyodor (Dec 19)
- Re: Design decisions R Anderson (Dec 21)
- Re: Design decisions Fyodor (Dec 19)