Home page logo
/

nmap-dev logo Nmap Development mailing list archives

Re: [PATCH] Report more accurate host start and end times
From: Brandon Enright <bmenrigh () ucsd edu>
Date: Thu, 8 May 2008 02:07:52 +0000

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I've cleaned up this patch (attached).  Rather than output the very
long host time line like before, the line now looks like:

Scanned at 2008-05-08 01:57:19 UTC for 1s

Also, a verbosity level of 2 or greater is now required.  The
information is always reported in the XML output.

Brandon


On Sat, 22 Dec 2007 03:58:25 +0000
Brandon Enright <bmenrigh () ucsd edu> wrote:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Developers,

Attached is a patch to report when each individual host started being
scanned and when the host finished.  For scans involving just a
handful of hosts (just one hostgroup) the times reported are nearly
exactly the same time as the start and end time of Nmap.  The output
requires at least verbosity level 1 and looks like this:

Host gamma.ucsd.edu (132.239.181.229) appears to be up ... good.
Scan of 132.239.181.229 started at 2007-12-22 03:33:06 UTC and ended
at 2007-12-22 03:36:12 UTC Interesting ports on gamma.ucsd.edu
(132.239.181.229): Not shown: 65450 closed ports, 82 filtered ports
PORT     STATE SERVICE
80/tcp   open  http
443/tcp  open  https
5959/tcp open  unknown

I've also added this data to the XML output on the <host> element like
so:

<host starttime="1198292349" endtime="1198292370">

The DTD has been updated accordingly.

Now, you might be asking yourself "Why is this useful? Doesn't Nmap
already report when it was started and ended?".  Yes, Nmap does, but
sometimes it isn't detailed enough for each host.  Often I run scans
that either by necessity or design take many hours to finish.
Somewhere in that time, each of thousands of hosts were started,
scanned, and finished.  Currently the output isn't explicit enough
about /when/ within that time each individual host was scanned.

This sort of problem is generally only run into scanning very
transient hosts on wireless or VPN networks.  I suppose for very long
scans even DHCP networks may require the host time resolution
provided in this patch.

Brandon

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFHbIthqaGPzAsl94IRAg/FAJ4mmsCoiM9xrWvtmMgPxJa2897wSgCfRbFF
3Y2yJ/NTs6/wwD+VMAjbDEI=
=V/Y9
-----END PGP SIGNATURE-----
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)

iEYEARECAAYFAkgiYH4ACgkQqaGPzAsl94KWSACffQ0fT9URAi9wLpMgkW2btCE9
gNEAn3U631eHzDu0Nw8GB7tRDIkZrKfB
=vMAi
-----END PGP SIGNATURE-----

Attachment: host_times.diff
Description:


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]