Output Format Changes (RE: Nmap 4.10 Released for Testing)

["Yudson, Marc CTR MDA/DOCN" <Marc.Yudson.CTR () mda mil>]

Hey Fyodor,

        About four months ago, I pushed a series of custom scripts into
production here manipulating and cataloging data output from Nmap 4.03
with the following flags:

        nmap -sS -A -n x.x.0.0/12 -T3 -oG $WORK_DIR$RESULTS_FILE

        We regularly run this guy every night, in conjunction with
simple NETBIOS and DNS queries against our various farms. We are
manipulating the output files and cataloging the data, to perform
behavioral trending on the application and OS fingerprinting results.
I've been dumping everything to flatfile, although I really should throw
it into a database at some point. We've been using this for rogue device
discovery as well as systems history. I'm really a huge fan of Nmap for
the ease of use, the efficiency and speed of the scans, and I especially
love the self throttling feature. Scanning a /12 really wouldn't be
feasible without it. Puts little to no load on the network, and our
infrastructure guys really don't notice it. Even with the  -T5 option
there were no complaints. In contrast to other historical tools, we have
trouble maintaining two weeks of data in a terabyte of space. Here, I
have 100 days worth of data in under 1.5 Gigs. Hotness.

        The point of this e-mail was really just to support leaving the
-OG output the same, so I don't have to go back and edit the various
scripts scrubbing the output data. It wouldn't be a huge deal, but the
potential for changing out the output format with every distribution
could prove to be tiresome.

        I'm also more than happy to share what I've written with anyone
who is interested, if there is a medium to do so. I also threw together
a ghetto web front end, little more than a basic query through the
flatfiles. There are searchable system profiles, designed to implement
device or system type-casting when I finally have an opportunity to
script it out. Kinda ugly, but everything works very dependably. Also,
everything is in Perl. 

        Again, thanks for an awesome and dependable tool, something that
is very hard to come by.


Thanks,

Marc Yudson
Vulnerability Assessment
MDA NCR, DOCN

-----Original Message-----
From: nmap-dev-bounces () insecure org
[mailto:nmap-dev-bounces () insecure org] On Behalf Of Fyodor
Sent: Monday, June 12, 2006 8:22 PM
To: nmap-dev () insecure org
Subject: Nmap 4.10 Released for Testing

o When you do a UDP+TCP scan, the TCP ports are now shown first (in
  numerical order), followed by the UDP ports (also in order).  This
  contrasts with the old format which showed all ports together in
  numerical order, regardless of protocol.  This was at first a "bug",
  but then I started thinking this behavior may be better.  If you
  have a preference for one format or the other, please post your
  reasons to nmap-dev.



_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev