Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

nmap-dev logo Nmap Development mailing list archives

Re: nmap XML output - host latency
From: David Fifield <david () bamsoftware com>
Date: Fri, 6 Nov 2009 14:02:14 -0700
On Tue, Nov 03, 2009 at 10:35:54PM -0800, Fyodor wrote:

On Fri, Oct 30, 2009 at 02:25:53PM +0800, Andrew Smith wrote:

Hi there,

I notice that nmap's standard output provides the latency for each host:

Nmap scan report for 192.168.2.1
Host is up, received arp-response (0.0057s latency).
MAC Address: 00:1C:DF:E3:9F:03 (Belkin International)

However the XML output does not provide the host latency:

<host><status state="up" reason="arp-response">
<address addr="192.168.2.1" addrtype="ipv4">
<address addr="00:1C:DF:E3:9F:03" addrtype="mac" vendor="Belkin 
International"
<hostnames>
</hostnames>
</host>

I have tried increasing both the debug level and verbosity but the host 
latency isn't included in the output.
I can always parse the output of the standard nmap output to get the 
latency, but would prefer to parse the XML.

Would it be possible to include this in the XML output?


Hi Andrew.  I agree that the XML output should have all the useful
information you find in the normal/interactive output (and then some).
So I added this task to the Nmap TODO:

o We should print host latency (when available) in the XML output, as
  suggested at http://seclists.org/nmap-dev/2009/q4/215.
  docs/nmap.dtd will have to be modified accordingly, and you might
  even consider adding support to docs/nmap.xsl.

But just adding the task won't make it happen!  If someone wants to
step up to the plate and write, test, then send a patch to nmap-dev,
please do so!  This should be a pretty easy one.


We already have an element for latency, but it seems it is not written
for ping scans. "nmap -oX - -F scanme.nmap.org" prints

<times srtt="68616" rttvar="20892" to="152184" />

but "nmap -oX - -sP scanme.nmap.org" doesn't print it. I think this is
just an oversight because there are two separate places where host
output can be written depending on whether anything happens past a ping
scan. I agree it would be easy to fix and a good project for a beginner.
The source file where host output is written is nmap.cc.

David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]