Re: [PATCH] Report more accurate host start and end times

[Brandon Enright <bmenrigh () ucsd edu>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I've cleaned up this patch (attached).  Rather than output the very
long host time line like before, the line now looks like:

Scanned at 2008-05-08 01:57:19 UTC for 1s

Also, a verbosity level of 2 or greater is now required.  The
information is always reported in the XML output.

Brandon


On Sat, 22 Dec 2007 03:58:25 +0000
Brandon Enright <bmenrigh () ucsd edu> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Developers,
>
> Attached is a patch to report when each individual host started being
> scanned and when the host finished.  For scans involving just a
> handful of hosts (just one hostgroup) the times reported are nearly
> exactly the same time as the start and end time of Nmap.  The output
> requires at least verbosity level 1 and looks like this:
>
> Host gamma.ucsd.edu (132.239.181.229) appears to be up ... good.
> Scan of 132.239.181.229 started at 2007-12-22 03:33:06 UTC and ended
> at 2007-12-22 03:36:12 UTC Interesting ports on gamma.ucsd.edu
> (132.239.181.229): Not shown: 65450 closed ports, 82 filtered ports
> PORT     STATE SERVICE
> 80/tcp   open  http
> 443/tcp  open  https
> 5959/tcp open  unknown
>
> I've also added this data to the XML output on the <host> element like
> so:
>
> <host starttime="1198292349" endtime="1198292370">
>
> The DTD has been updated accordingly.
>
> Now, you might be asking yourself "Why is this useful? Doesn't Nmap
> already report when it was started and ended?".  Yes, Nmap does, but
> sometimes it isn't detailed enough for each host.  Often I run scans
> that either by necessity or design take many hours to finish.
> Somewhere in that time, each of thousands of hosts were started,
> scanned, and finished.  Currently the output isn't explicit enough
> about /when/ within that time each individual host was scanned.
>
> This sort of problem is generally only run into scanning very
> transient hosts on wireless or VPN networks.  I suppose for very long
> scans even DHCP networks may require the host time resolution
> provided in this patch.
>
> Brandon
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.7 (GNU/Linux)
>
> iD8DBQFHbIthqaGPzAsl94IRAg/FAJ4mmsCoiM9xrWvtmMgPxJa2897wSgCfRbFF
> 3Y2yJ/NTs6/wwD+VMAjbDEI=
> =V/Y9
> -----END PGP SIGNATURE-----
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)

iEYEARECAAYFAkgiYH4ACgkQqaGPzAsl94KWSACffQ0fT9URAi9wLpMgkW2btCE9
gNEAn3U631eHzDu0Nw8GB7tRDIkZrKfB
=vMAi
-----END PGP SIGNATURE-----

Attachment: host_times.diff
Description:

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org