On Thu, Dec 19, 2002 at 10:58:38PM +0100, R Anderson wrote:
> Greetings, F[ry]odor and everyone
I'm Fyodor again :).
> 1. I have a working patch that adds intermediate ICMP's received, per
> the schema proposal, to XML output.
Sounds cool -- I have wanted this sort of behavior for a while. Does
it work with all the "raw" scan types (where reasonable)? Is it
generic enough to store the reason for a port state (eg host
unreachable, admin prohibited by firewall, RST, etc) and the souce IP
that gave us the packet?
> - Never collate ports in the XML output. I thought this was the obvious
> solution until I realised it will lead to unnecessary large XML files
> when scanning 128K ports :^)
Youch. Yeah, that is 2.5MB/host if you add just 20 extra bytes -- and
it would likely take 40+ bytes.
> - Always include the filtered ports that have extra info. This is
> sensible, right?
But in many cases the "extra info" will be available and the same for
every closed or filtered port except for a handful in other states.
Perhaps the "ignored" tag could include the state as well as the
reason information for the one "ignored" (eg most common)
state/reason. Then you could list the ports wich don't match that
state AND reason.
> 2. If I want to include non-intermediate ICMP in the XML output (eg. a
> strange message from the target itself, perhaps on just some ports), how
> should I encode it? By leaving out the "srcipaddr" or by filling it in
> with the target address? I prefer leaving the srcipaddr property out. Or
> should we modify the schema a little?
What schema are you referring to? One of my old XML proposals? The
DTD? Something else?
Cheers,
-F
---------------------------------------------------------------------
For help using this (nmap-dev) mailing list, send a blank email to
nmap-dev-help_at_insecure.org . List run by ezmlm-idx (www.ezmlm.org).
Received on Dec 20 2002
Intro
