Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Nmap Development: Inconsistency in nmap XML output

Inconsistency in nmap XML output

From: David Schmalz <dvs_at_zurich.ibm.com>
Date: Mon, 01 Nov 2004 13:53:21 +0100

Hi everyone,

I'd like to report a minor inconsistency in the nmap XML output (tested
with versions 3.70 and 3.75). When performing an 'ping' scan, all the
hosts that are down are explicitely enumerated in the resulting XML
file. However, when I launch a full port and OS fingerprinting scan and
all the scanned hosts are actually down, no enumeration is included in
the file. This obviously prevents to define a consistent parsing
procedure.

Below test cases illustrate the reported problem.

1) ping scan

> nmap -n -sP -oX out.xml 192.168.1.1

Starting nmap 3.75 ( http://www.insecure.org/nmap/ ) at 2004-11-01 13:38
CET
Note: Host seems down. If it is really up, but blocking our ping probes,
try -P0
Nmap run completed -- 1 IP address (0 hosts up) scanned in 2.147 seconds

<?xml version="1.0" ?>
<!-- nmap 3.75 scan initiated Mon Nov 1 13:38:16 2004 as: nmap -n -sP
-oX out.xml 192.168.1.1 -->
<nmaprun scanner="nmap" args="nmap -n -sP -oX out.xml 192.168.1.1"
start="1099312696" version="3.75" xmloutputversion="1.01">
<verbose level="0" />
<debugging level="0" />
<host><status state="down" />
<address addr="192.168.1.1" addrtype="ipv4" />
</host>
<runstats><finished time="1099312698" /><hosts up="0" down="1"
total="1"/>
<!-- Nmap run completed at Mon Nov 1 13:38:18 2004; 1 IP address (0
hosts up) scanned in 2.147 seconds -->
</runstats></nmaprun>

---------------------

2) port scan

> nmap -T Normal -v -O -sS -sU -p U:137,161,T:22,80 -oX out.xml
192.168.1.1

Starting nmap 3.75 ( http://www.insecure.org/nmap/ ) at 2004-11-01 13:40
CET
Note: Host seems down. If it is really up, but blocking our ping probes,
try -P0
Nmap run completed -- 1 IP address (0 hosts up) scanned in 2.295 seconds

<?xml version="1.0" ?>
<!-- nmap 3.75 scan initiated Mon Nov 1 13:40:38 2004 as: nmap -T
Normal -v -O -sS -sU -p U:137,161,T:22,80 -oX out.xml 192.168.1.1 -->
<nmaprun scanner="nmap" args="nmap -T Normal -v -O -sS -sU -p
U:137,161,T:22,80 -oX out.xml 192.168.1.1" start="1099312838"
version="3.75" xmloutputversion="1.01">
<scaninfo type="syn" protocol="tcp" numservices="1" services="22,80" />
<scaninfo type="udp" protocol="udp" numservices="1" services="137,161"
/>
<verbose level="1" />
<debugging level="0" />
<runstats><finished time="1099312840" /><hosts up="0" down="1" total="1"
/>
<!-- Nmap run completed at Mon Nov 1 13:40:40 2004; 1 IP address (0
hosts up) scanned in 2.295 seconds -->
</runstats></nmaprun>

---------------------------------------------------------------------
For help using this (nmap-dev) mailing list, send a blank email to
nmap-dev-help@insecure.org . List archive: http://seclists.org
Received on Nov 01 2004

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos