Home page logo

nmap-dev logo Nmap Development mailing list archives

Re: [RFC] Ndiff
From: David Fifield <david () bamsoftware com>
Date: Sun, 15 Jun 2008 23:10:32 -0600

On Sun, Jun 15, 2008 at 10:14:18PM -0500, Thomas Buchanan wrote:
-----Original Message-----
From: nmap-dev-bounces () insecure org 
[mailto:nmap-dev-bounces () insecure org] On Behalf Of Michael Pattrick
Sent: Sunday, June 15, 2008 2:56 PM
To: nmap-dev () insecure org
Subject: [RFC] Ndiff

Nmap could use a program that intelligently compare XML output files,
instead of just doing the type of diff that Zenmap currently uses, we
could be parsing the files and outputting an intelligent diff that
better reflects the differences in network state. This diff file could
then be used by Zenmap or a third party program for visualization.

By the way, this information might be difficult to retrieve in certain
situation, for example, if a host has a large number of closed ports, as
well as a number of filtered ports, you may not know by looking at
Nmap's XML output whether a specific port is closed or filtered.  Here's
an example from one of my recent scans:
Text output:
All 65535 scanned ports on host100.test.local ( are
filtered (65509) or closed (26) because of 65509 no-responses and 26

XML output:
<ports><extraports state="filtered" count="65509">
<extrareasons reason="no-responses" count="65509"/>
<extraports state="closed" count="26">
<extrareasons reason="resets" count="26"/>
There's no way to tell from this scan if port 53, for example, is one of
the closed ports, or one of the filtered.  So in that case, a diff tool
wouldn't be able to specify.  But where it is possible, I think it's
useful information.

That's a good point. It should be possible to tell the state of every
single scanned port from the XML output in all cases. When there's more
than one extraports element, you can't. I think Nmap should just bite
the bullet in this case and list all the ports in that state, like in
the services attribute of the scaninfo element.

David Fifield

Sent through the nmap-dev mailing list
Archived at http://SecLists.Org

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]