Home page logo

nmap-dev logo Nmap Development mailing list archives

RE: Generating Graphical Diagrams/Maps from Nmap output
From: "Sina Bahram" <sbahram () nc rr com>
Date: Mon, 22 May 2006 01:16:46 -0400

        I would recommend that certain graphing algorithms be used to help
with this.

For example: couldn't minimum  spanning trees be used to isolate subnets if
the initial graph is setup correctly?

Take care,

-----Original Message-----
From: nmap-dev-bounces () insecure org [mailto:nmap-dev-bounces () insecure org]
On Behalf Of Nils Magnus
Sent: Sunday, May 21, 2006 11:53 AM
To: Fyodor
Cc: nmap-dev () insecure org
Subject: Re: Generating Graphical Diagrams/Maps from Nmap output


On Fri, May 19, 2006 at 07:31:56PM -0700, Fyodor wrote:

If you have any interest in such a tool, now is a good chance to pipe 
in with features you would like to see, implementation ideas, etc.

My greatest concern is the display of network structures. I have seen many
tools that just draw nodes (routers or leaf systems) and edges between them.
Cheops is such a tool. Especially in firewall and trickier router situations
this is not enough.

At least to me it is of high importance that the subnet structure of a
network is rendered. Think of scanning a C-class type network you don't know
in the first place Assume the .0, .127, .128, .191, .192,
and .255 returning multiple responses, so the experienced watcher of nmap-TV
immediately suspects that there are in fact three subnets,, and 192.168.192/26 (and proves that by issuing manual
traceroute-probes). Assume further that there are active hosts .50, .100,
.150, and .200. The last hop (the interface to our direction) has the IP

Unfortunately, most tools will draw something like that:

                         | |
                        /     |    |    \
      .100  .150  .200

which is not the whole truth. I'd like to see a picture like

                         |                 |
                         .1|   .129|     |.193 |------------|    |  |-------------|
                 .50|  .100|       |        | .200
                    X      X       |        X

I hope you get the idea. Unfortunately it is not always (easily, from a
single source) possible to deduce if there is actually a smaller subnet in
all cases. However, I'd like to see the option included to be able to
display such graphs once this information is available.

This means storing information about IPs and their connection is not
sufficent, the subnet (identified by it's mask) has to be taken into account
as well.

I just pointed that out in this stage of the development since I think that
later changes are very difficult.



Nils Magnus
Program-Chair LinuxTag 2006 Free Conference Program

LinuxTag 2006: Where .com meets .org - magnus () linuxtag org

Sent through the nmap-dev mailing list

Sent through the nmap-dev mailing list

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]