Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

nmap-dev logo Nmap Development mailing list archives

Re: Nmap summarizing function results in not all ports being displayed
From: jayrhine () comcast net
Date: Mon, 18 Aug 2008 15:59:17 +0000
On Tue, Aug 12, 2008 at 01:57:44PM +0000, jayrhine () comcast net wrote:

Myself and others have had the issue in the past that when
performing scans with Nmap on systems that have many open udp ports,
the port details will not be displayed.  This does not usually affect
tcp ports since they will typically be discovered as open (which is
always reported).  However, since UDP usually reports open ports as
"open|filtered", this may result in ports not being displayed.  Now, I
understand this is not a bug, but rather a design choice, but I think
it would be beneficial to may this adjustable.


OK Jay.  I've checked in a change to svn so that if verbose mode is at
least 3 or debugging level is at least three, Nmap will show all of
the open|filtered ports rather than collapse them for readability.
You can test it with the command "nmap -sU -T4 -vvv scanme.nmap.org".


Thanks!  I've checked it out, and this works fine for me.  I'll be watching for the next nmap release to have this 
incorporated into the official nmap distribution.

I would request that the Output section of the Nmap reference guide to be updated to explain the effects of the 
verbosity (and debugging) on ports displayed in the output.  Specifcally, that is that:
1)  An entry for each "open" port will always be displayed 
2)  For all other types, if more than 25 ports are detected, the results will be summarized unless higher verbosity is 
specified.
2)  If verbosity >= 3 (i.e, -vvv), than an entry for each  "open|filtered" will be displayed.
3)  For all other port types, if there are more discovered ports than 25 times the verbosity level then the results 
will be summarized.
4)  For debugging, -d changes the limit to 500, -d2 1000, and -d3 will always show every state of every port.

Thanks for all of your hard work making Nmap a great tool!

Jay

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]