Nmap Development mailing list archives
Re: [RFC] Ndiff
From: David Fifield <david () bamsoftware com>
Date: Sun, 15 Jun 2008 23:10:32 -0600
On Sun, Jun 15, 2008 at 10:14:18PM -0500, Thomas Buchanan wrote:
-----Original Message----- From: nmap-dev-bounces () insecure org [mailto:nmap-dev-bounces () insecure org] On Behalf Of Michael Pattrick Sent: Sunday, June 15, 2008 2:56 PM To: nmap-dev () insecure org Subject: [RFC] Ndiff Nmap could use a program that intelligently compare XML output files, instead of just doing the type of diff that Zenmap currently uses, we could be parsing the files and outputting an intelligent diff that better reflects the differences in network state. This diff file could then be used by Zenmap or a third party program for visualization.By the way, this information might be difficult to retrieve in certain situation, for example, if a host has a large number of closed ports, as well as a number of filtered ports, you may not know by looking at Nmap's XML output whether a specific port is closed or filtered. Here's an example from one of my recent scans: Text output: All 65535 scanned ports on host100.test.local (192.168.1.100) are filtered (65509) or closed (26) because of 65509 no-responses and 26 resets XML output: ... <ports><extraports state="filtered" count="65509"> <extrareasons reason="no-responses" count="65509"/> </extraports> <extraports state="closed" count="26"> <extrareasons reason="resets" count="26"/> </extraports> </ports> ... There's no way to tell from this scan if port 53, for example, is one of the closed ports, or one of the filtered. So in that case, a diff tool wouldn't be able to specify. But where it is possible, I think it's useful information.
That's a good point. It should be possible to tell the state of every single scanned port from the XML output in all cases. When there's more than one extraports element, you can't. I think Nmap should just bite the bullet in this case and list all the ports in that state, like in the services attribute of the scaninfo element. David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- [RFC] Ndiff Michael Pattrick (Jun 15)
- RE: [RFC] Ndiff Thomas Buchanan (Jun 15)
- Re: [RFC] Ndiff Michael Pattrick (Jun 15)
- Re: [RFC] Ndiff David Fifield (Jun 15)
- RE: [RFC] Ndiff Thomas Buchanan (Jun 15)