Home page logo
/

nmap-dev logo Nmap Development mailing list archives

Re: Reduce zenmap topology noise (patch)
From: Colin L Rice <ricec2 () rpi edu>
Date: Fri, 30 Dec 2011 16:36:00 -0800

On 11-12-29 06:26 AM, Patrik Karlsson wrote:
On Wed, Dec 14, 2011 at 1:24 PM, Brahim Sakka<brahim.sakka () gmail com>wrote:

I've stumbled upon this several times and was looking for a way to
reduce the noise you described. Thank you for this patch and I hope it
gets committed to Nmap.


2011/12/14, Anders Sundman<anders () 4zm org>:
Hi,

When running many traceroutes that traverse the same "anonymous" hop
between two known hosts, zenmap creates a new node in the graph for each
traceroute. This introduces a lot of unnecessary clutter in the graph.
200 traceroutes passing 2 (physical) anonymous devices currently
generates 400 nodes in the topology graph.

Sure, it might be a new physical anonymous device each time, but it
most likely isn't. Even if it is, I don't think it makes sense to
represent them as two distinct nodes (since there is no way to tell them
apart).

I suggest combining nodes in the graph that represent anonymous hops
between two known devices.

           / anon_1 \
..->  ip_a          ip_b ->  ..  =>  .. ->  ip_a ->  anon_1 ->  ip_b ->  ..
           \ anon_2 /


Here is a patch implementing this behavior:

http://www.4zm.org/files/2011/integration.py.diff

Regards,
Anders
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

Thank's for the patch Anders. I don't use Zenmap myself, but based on your
explanation it sounds like a usable patch.
Could some Zenmap guru take a look at this patch so that we can make a
decision whether to commit it or not?

Thanks,
Patrik
I'm no guru but I've done some zenmap patch work. The obvious thing it is missing is some testcases. I don't remember if we have built them into radialnet but we have them in zenmap and It'd be nice if we kept them maintained.

The logic looks sound. I think we can use
post_hop = find_hop_by_ttl(hops, ttl+1) if ttl < max(ttls) else None
instead of
post_hop = find_hop_by_ttl(hops, ttl+1) if ttl < len(hops) - 1 else None
just so it is prettier.

-Colin

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault