Nmap Development mailing list archives
Re: [NSE] NTP Peer Listing
From: jah <jah () zadkiel plus com>
Date: Thu, 20 May 2010 21:07:53 +0100
On 20/05/2010 19:58, David Fifield wrote:
PORT STATE SERVICE REASON 123/udp open ntp udp-response | ntp-monlist: | Target is Synchronised with: | 72.159.219.194 | Alternative Target Interfaces (2) | 192.168.0.21 | 2e0e::1 | Private Servers (0) | Public Servers (4) | 66.151.63.14 72*159*219*194 137.113.118.26 217.114.222.89 | Private Peers or Clients(1) | 10.0.0.1 | Public Peers or Clients(4) | 4.78.155.130 66.151.63.26 72.184.160.70 140.182.214.208 | Private Clients (1) | 127.0.0.1 | Public Clients (590) | 66.79.152.35 69.36.241.112 169.229.70.64 208.77.19.5 ... more lines ... | 66.151.63.17 72.169.122.140 137.113.118.28 222.66.126.163 | 2e0f::1 2e0f:76af:f0c3:2e0f:76af:f0c3:2e0f:76af 2e10::1 |_ 2e10:76af:f0c3:2e0f:76af:f0c3:2e0f:76af which is the output seen if we didn't follow-up with a peers list request - the following is with the peer list information: PORT STATE SERVICE REASON 123/udp open ntp udp-response | ntp-monlist: | Target is Synchronised with: | 72.159.219.194 | Alternative Target Interfaces (2) | 192.168.0.21 | 2e0e::1 | Target listens to Broadcast Addresses (1) | 192.168.0.255 | Private Servers (0) | Public Servers (4) | 66.151.63.14 72.159.219.194 137.113.118.26 217.114.222.89 | Private Peers (1) | 10.0.0.1 | Public Peers (0) | Private Clients (1) | 127.0.0.1 | Public Clients (594) | 66.79.152.35 69.36.241.112 169.229.70.64 208.77.19.5 ... more lines ... | 66.151.63.17 72.169.122.140 207.113.118.28 222.66.126.163 | 2e0f::1 2e0f:76af:f0c3:2e0f:76af:f0c3:2e0f:76af 2e10::1 |_ 2e10:76af:f0c3:2e0f:76af:f0c3:2e0f:76afThis output is outstanding. I think I understand the distinctions you've outlined. I'd be very happy with either of these examples. Is "72*159*219*194" with the *s supposed to mean something?
I messed-up, a bit, with the output - it should have looked like this: PORT STATE SERVICE REASON 123/udp open ntp udp-response | ntp-monlist: | Alternative Target Interfaces (2) | 192.168.0.21 | 2e0e::1 | Private Servers (0) | Public Servers (4) | 66.151.63.14 72.159.219.194 137.113.118.26 217.114.222.89 | Private Peers or Clients(1) | 10.0.0.1 | Public Peers or Clients(4) | 4.78.155.130 66.151.63.26 72.184.160.70 140.182.214.208 | Private Clients (1) | 127.0.0.1 | Public Clients (590) | 66.79.152.35 69.36.241.112 169.229.70.64 208.77.19.5 ... more lines ... | 66.151.63.17 72.169.122.140 137.113.118.28 222.66.126.163 | 2e0f::1 2e0f:76af:f0c3:2e0f:76af:f0c3:2e0f:76af 2e10::1 |_ 2e10:76af:f0c3:2e0f:76af:f0c3:2e0f:76af which is the output seen if we didn't follow-up with a peers list request - the following is with the addition of peer list information: PORT STATE SERVICE REASON 123/udp open ntp udp-response | ntp-monlist: | Target is Synchronised with: | 72.159.219.194 | Alternative Target Interfaces (2) | 192.168.0.21 | 2e0e::1 | Target listens to Broadcast Addresses (1) | 192.168.0.255 | Private Servers (0) | Public Servers (4) | 66.151.63.14 72.159.219.194 137.113.118.26 217.114.222.89 | Private Peers (1) | 10.0.0.1 | Public Peers (0) | Private Clients (1) | 127.0.0.1 | Public Clients (594) | 66.79.152.35 69.36.241.112 169.229.70.64 208.77.19.5 ... more lines ... | 66.151.63.17 72.169.122.140 207.113.118.28 222.66.126.163 | 2e0f::1 2e0f:76af:f0c3:2e0f:76af:f0c3:2e0f:76af 2e10::1 |_ 2e10:76af:f0c3:2e0f:76af:f0c3:2e0f:76a The difference between them is that in the second, we learned which associated host the target is currently synchronised with (the *s were an alternative method of displaying this information, but I decided to output it longhand) and we separated Mode 1 Peers from Mode 1 "Clients".
I prefer that the first commit of this script not write to a file. With four addresses per row, we're looking at about 150 lines of output max, which is big not but not that big.Do you mean we should omit write-to-file functionality even as currently implemented in ntp-monlist (as an option requiring a script arg)?Yes. I kind of want to see that as a separate commit, even if it's right away. The reason being that we might want to do this sort of thing with other scripts and I want to see how much code it is.
Yep, I'm OK with that - I'll remove it and work on it after the first commit.
Overall I prefer the clarity of ntp-peers over ntp-monlist, but I much appreciate the protocol documentation in ntp-monlist.I think the proposal (above) for output addresses output clarity?No, I mean in the source code. 200 lines versus 500 lines matter, and I find ntp-peers easier to understand than ntp-monlist. This is another reason I want the file output left out of the initial commit and for you to check out the pcap issue, to better compare these in terms of similar features.
I'll keep that in mind. Cheers, jah _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [NSE] NTP Peer Listing Mak Kolybabi (Apr 10)
- Re: [NSE] NTP Peer Listing Ron (Apr 10)
- Re: [NSE] NTP Peer Listing Mak Kolybabi (Apr 10)
- Re: [NSE] NTP Peer Listing jah (Apr 11)
- Re: [NSE] NTP Peer Listing Fyodor (Apr 11)
- Re: [NSE] NTP Peer Listing jah (Apr 11)
- Re: [NSE] NTP Peer Listing David Fifield (May 14)
- Re: [NSE] NTP Peer Listing jah (May 19)
- Re: [NSE] NTP Peer Listing David Fifield (May 20)
- Re: [NSE] NTP Peer Listing jah (May 20)
- Re: [NSE] NTP Peer Listing Fyodor (Apr 11)
- Re: [NSE] NTP Peer Listing jah (May 20)
- Re: [NSE] NTP Peer Listing Ron (Apr 10)