Re: Inconsistency in nmap XML output

[Dual Mobius <dualmobius () comcast net>]

Fyodor wrote:
> ...
> Also, to print all the hosts in the right order, Nmap would have to
> save down hosts around until it is finished scanning the up hosts.
> That would be a bit of a pain to implement.
> ...
> Maybe the down hosts should only be printed (in ping or port scan
> mode) with -v, as they are in normal output.  If I hear sufficient
> demand from people, I'll implement that (like I said, it is a bit of a
> pain). 
>
> Cheers,
> -F

I would also like to see the option of including down hosts in the XML output 
when -v is used.  (I've previously had to do several nasty hacks in analysis 
programs to figure out what was reported down vs. not-scanned by taking the 
address ranges in the <nmaprun> tag and subtracting out the "up" results in the 
rest of the file).

It sounded like most of the pain in implementing this centers around keeping a 
list of all hosts so that they can be output in order.

Are there any objections/problems with outputting the down hosts as they are 
identified? -- as in once nmap has given up on a host, it is output to the XML 
file and everything just continues on.

At least in my experience, the instances where it would be useful to explicitly 
have the down host information in the XML file usually involve parsing the 
output in some other program where you have the features of 
Perl/Python/Ruby/databases/etc... that can do a nice job of sorting if needed.

What does the rest of the list think?

I agree with Fyodor's suggestion that if this is added, it should only be when 
the -v option is used.

---------------------------------------------------------------------
For help using this (nmap-dev) mailing list, send a blank email to 
nmap-dev-help () insecure org . List archive: http://seclists.org