Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Nmap Development: Design decisions

Design decisions

From: R Anderson <listbox_at_pole-position.org>
Date: Thu, 19 Dec 2002 22:58:38 +0100

Greetings, F[ry]odor and everyone

I need some input before I do the Wrong Thing:

1. I have a working patch that adds intermediate ICMP's received, per
the schema proposal, to XML output. But if nmap decides not to show
filtered ports, this info will be lost. For now I have added an option
--showallports that disables such behaviour (for all output formats).
While this is handy sometimes for other reasons, it's not a canonical
solution to this problem. I can think of two alternatives:

- Never collate ports in the XML output. I thought this was the obvious
solution until I realised it will lead to unnecessary large XML files
when scanning 128K ports :^)

or

- Always include the filtered ports that have extra info. This is
sensible, right?

2. If I want to include non-intermediate ICMP in the XML output (eg. a
strange message from the target itself, perhaps on just some ports), how
should I encode it? By leaving out the "srcipaddr" or by filling it in
with the target address? I prefer leaving the srcipaddr property out. Or
should we modify the schema a little?

---------------------------------------------------------------------
For help using this (nmap-dev) mailing list, send a blank email to
nmap-dev-help_at_insecure.org . List run by ezmlm-idx (www.ezmlm.org).
Received on Dec 19 2002

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]