Nmap Development mailing list archives
Re: New patch for XML output
From: doug () hcsw org
Date: Fri, 18 Jan 2008 17:03:48 -0800
On Sun, Jan 13, 2008 at 02:20:04PM -0800 or thereabouts, Fyodor wrote:
We should modify the submitter such that it accepts this monstrosity (accepts 
 as a newline).
I'm testing this XML output feature and it appears as though the XML output will never be considered a "good" fingerprint: it always has "G=N" in it. For testing, I removed all the fingerprints from a nmap-os-db file and then ran this command: ./nmap -O -sS -p 22,23 -oN output-normal -oX output-xml -vvv localhost Here is the FP from output-normal (notice G=Y): OS:SCAN(V=4.53%D=1/18%OT=22%CT=23%CU=36147%PV=N%DS=0%G=Y%TM=47914A45%P=i686 OS:-pc-linux-gnu)SEQ(SP=C0%GCD=1%ISR=C5%TI=Z%II=I%TS=8)OPS(O1=M400CST11NW2% OS:O2=M400CST11NW2%O3=M400CNNT11NW2%O4=M400CST11NW2%O5=M400CST11NW2%O6=M400 OS:CST11)WIN(W1=8000%W2=8000%W3=8000%W4=8000%W5=8000%W6=8000)ECN(R=Y%DF=Y%T OS:=40%W=8018%O=M400CNNSNW2%CC=N%Q=)T1(R=Y%DF=Y%T=40%S=O%A=S+%F=AS%RD=0%Q=) OS:T2(R=N)T3(R=Y%DF=Y%T=40%W=8000%S=O%A=S+%F=AS%O=M400CST11NW2%RD=0%Q=)T4(R OS:=Y%DF=Y%T=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)T5(R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F= OS:AR%O=%RD=0%Q=)T6(R=Y%DF=Y%T=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)T7(R=Y%DF=Y%T= OS:40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)U1(R=Y%DF=N%T=40%TOS=C0%IPL=164%UN=0%RIP OS:L=G%RID=G%RIPCK=G%RUCK=G%RUL=G%RUD=G)IE(R=Y%DFI=N%T=40%TOSI=S%CD=S%SI=S% OS:DLI=S) And here is the encoded FP from output-xml (notice G=N): <osfingerprint fingerprint="SCAN(V=4.53%D=1/18%OT=22%CT=23%CU=36147%PV=N%DS=0%G=N%TM=47914A45%P=i686-pc-linux-gnu)
SEQ(SP=C0%GCD=1%ISR=C5%TI=Z%II=I%TS=8)
OPS(O1=M400CST11NW2%O2=M400CST11NW2%O3=M400CNNT11NW2%O4=M400CST11NW2%O5=M400CST11NW2%O6=M400CST11)
WIN(W1=8000%W2=8000%W3=8000%W4=8000%W5=8000%W6=8000)
ECN(R=Y%DF=Y%T=40%W=8018%O=M400CNNSNW2%CC=N%Q=)
T1(R=Y%DF=Y%T=40%S=O%A=S+%F=AS%RD=0%Q=)
T2(R=N)
T3(R=Y%DF=Y%T=40%W=8000%S=O%A=S+%F=AS%O=M400CST11NW2%RD=0%Q=)
T4(R=Y%DF=Y%T=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)
T5(R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)
T6(R=Y%DF=Y%T=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)
T7(R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)
U1(R=Y%DF=N%T=40%TOS=C0%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUL=G%RUD=G)
IE(R=Y%DFI=N%T=40%TOSI=S%CD=S%SI=S%DLI=S)
" /> Is this intended behaviour? If not, should the XML output use the compressed good encoding instead of the verbose bad encoding? Best, Doug
Attachment:
signature.asc
Description: Digital signature
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Re: New patch for XML output Fyodor (Jan 13)
- Re: New patch for XML output doug (Jan 18)
- Re: New patch for XML output Fyodor (Jan 18)
- Re: New patch for XML output doug (Jan 20)
- Re: New patch for XML output Fyodor (Jan 18)
- Re: New patch for XML output doug (Jan 18)