Nmap Development mailing list archives
Re: Inconsistency in nmap XML output
From: David Schmalz <dvs () zurich ibm com>
Date: Wed, 10 Nov 2004 14:24:31 +0100
On Wed, 2004-11-10 at 05:35, Fyodor wrote:
On Mon, Nov 01, 2004 at 01:53:21PM +0100, David Schmalz wrote:Hi everyone, I'd like to report a minor inconsistency in the nmap XML output (tested with versions 3.70 and 3.75). When performing an 'ping' scan, all the hosts that are down are explicitely enumerated in the resulting XML file. However, when I launch a full port and OS fingerprinting scan and all the scanned hosts are actually down, no enumeration is included in the file. This obviously prevents to define a consistent parsing procedure.I have mixed feelings about printing the down hosts. It is done for a ping scan, since the whole point of that scan type is to determine what systems are up or down. For a more intrusive scan, I suspect most apps don't care about the down hosts. Nmap doesn't print them on its normal output unless verbosity is requested. Also, to print all the hosts in the right order, Nmap would have to save down hosts around until it is finished scanning the up hosts. That would be a bit of a pain to implement.
I thought that since the function was already available for ping scans, this would be easy to enable also for port scans, hence my question :-).
Also, it oculd substantially enlarge the output. For example, the guy I just replied to was scanning 24 million addresses with most of them down. A down host takes about 85 bytes in XML. So the logs would be an extra 2GB if 23.5M of the hosts are down.
That's right but I'd really like to be able to enable the function with -v as you propose below. Then, it would be up to the user to decide if he/she wants to generate huge files, containing maybe only down hosts.
Maybe the down hosts should only be printed (in ping or port scan mode) with -v, as they are in normal output. If I hear sufficient demand from people, I'll implement that (like I said, it is a bit of a pain).
The only good reason that I see for implementing this feature is to keep a consistent XML output, regardless of the type of scan which is performed. I don't know though if this is a widely needed feature. Thanks for your answer and time, David --------------------------------------------------------------------- For help using this (nmap-dev) mailing list, send a blank email to nmap-dev-help () insecure org . List archive: http://seclists.org
Current thread:
- Inconsistency in nmap XML output David Schmalz (Nov 01)
- Re: Inconsistency in nmap XML output Fyodor (Nov 09)
- Re: Inconsistency in nmap XML output Dual Mobius (Nov 09)
- Re: Inconsistency in nmap XML output Joshua T. Corbin (Nov 10)
- Re: Inconsistency in nmap XML output Matt (Nov 10)
- Re: Inconsistency in nmap XML output Dual Mobius (Nov 10)
- Re: Inconsistency in nmap XML output Dual Mobius (Nov 10)
- Re: Inconsistency in nmap XML output Dual Mobius (Nov 09)
- Re: Inconsistency in nmap XML output Fyodor (Nov 09)
- Re: Inconsistency in nmap XML output David Schmalz (Nov 10)