Nmap Development mailing list archives
Re: Re[2]: nmap+V
From: "Max" <nmap () webwizarddesign com>
Date: Tue, 02 Sep 2003 20:11:27 +0500
Fyodor, Good points, and given that definition of the scope of nmap, adding service detection makes a lot of sense. I look forward to seeing the integration .. I hope good OO is used to keep this component as isolated as possible .. this brings back another question that has gone around this list before for me .. I haven't looked at the nmap source in a while, and I will, but is any thought being given to whether or not a common interface for add on, but included, components, like this one, can be used in the code to make addition of new features as component-based and clean as possible? Just curious .. with nmap using more C++ this would seem like a reasonable next architectural step. I think it would be cool to be able to do updates to this version scanning component without having to download and compile the whole distro. Maybe 'cool' isn't enough of an argument to warrant time for this kind of internal, non-user visible project? :P Maybe I should just shut up and look into it myself! :) Regards, Max On Tue, 02 Sep 2003 16:23:16 PDT, Fyodor wrote:
I believe that Nmap's core competency is "network mapping", and not just "port scanning".
1) I feel it is a natural extension of port scanning (see above) 2) Service detection needs to get port scan results anyway so it knows which ports/boxes to probe. By integrating with Nmap, the service scan logic is able to benefit from network latency calculations and similar data. It is also able to share and honor many Nmap options such as timing aggressiveness (-T), host timeouts, verbosity, etc. For example, Nmap 3.40 will service_scan more hosts in parallel if you have a higher -T value. 3) Service scan data can affect port scan results (like changing "open/filtered" to "open" as discussed above). 4) Creating a separate tool would be more work, and they would share significant amounts of code and some data files. So it could be argued that this approach increases bloat. It can also be harder to use, as users would have to learn a whole new command syntax rather than just adding -sV (or whatever) to their normal Nmap execution. 5) Nmap can merge the output nicely into one report. If you scan 30,000 hosts with both tools separately, you have to deal with merging the two reports. 6) Even with service detection "bloat", the Nmap tar.bz2 source distribution is barely over a megabyte. So it still fits on an ancient floppy and can transfer over ethernet in a fraction of a second. Your average crappy-bitrate .mp3 song is far larger.
--------------------------------------------------------------------- For help using this (nmap-dev) mailing list, send a blank email to nmap-dev-help () insecure org . List run by ezmlm-idx (www.ezmlm.org).
Current thread:
- Re: nmap+V, (continued)
- Re: nmap+V Paul Johnston (Sep 02)
- Re: nmap+V Jamie (Sep 02)
- Re[2]: nmap+V Bo Cato (Sep 02)
- Re: nmap+V Jay Freeman (saurik) (Sep 01)
- Re: nmap+V Fyodor (Sep 01)
- Re: nmap+V Jay Freeman (saurik) (Aug 31)
- Re: Re[2]: nmap+V Fyodor (Sep 02)
- Re: Re[2]: nmap+V Fyodor (Sep 06)