Home page logo

nmap-dev logo Nmap Development mailing list archives

Re: [RFC] --exclude-ports option for Nmap
From: Jay Bosamiya <jaybosamiya () gmail com>
Date: Fri, 06 Jun 2014 15:54:05 +0530

I think that this point may require some clear explanation.

1. How does it interact with -p? More specifically, what does "-p 80
--exclude-ports 80" do (since user specifically included it as well as
excluded it)?
      I think that we should follow a "exclude has higher priority than
include" ideology and NOT scan 80 in this case. However, we could show a
warning to a user if he has included a port individually and then
excluded it (i.e. not using ranges). The warning thing could be added
later on, as a follow up.
What I meant to say can be explained by the following examples:

(a) "-p 80 --exclude-ports 80" causes an error and Nmap quits (because
no ports to scan)
(b) "-p 80,81 --exclude-ports 80" causes a warning and only port 81 is
scanned (because 80 is specified individually, not in a range)
(c) "-p 79-81 --exclude-ports 80" causes NO warning and only ports 79
and 81 are scanned (because 80 is in a range)
(d) "-p 80 --exclude-ports 1-100" causes an error and Nmap quits
(because no ports to scan)
(e) "-p 80,1000-1200 --exclude-ports 1-100" causes a warning and only
ports 1000-1200 are scanned (because 80 is specified individually and
then excluded)
(f) "-p 80-120 --exclude-ports 1-100" causes NO warning and only ports
101-120 are scanned

It is impossible for us to really know what the user wants when there is
an ambiguity (including a port and then excluding it); however, we can
use the above set of examples to make a model that captures any obvious
mistakes a user might have made (look at point (a) and (d)) or silly
mistakes (look at point (b) and (e)) and proper usage (look at point
(c)). Point (f) is almost like an extension of point (c) and should be
considered to be correct usage.

I am pretty sure that all use cases can be covered by the above ("-p-
--exclude-ports 80" is just an extension of point (c)) and that this
would probably be the best way to go about the option.

I welcome any further feedback.

@Jacek, after thinking about it a little more, I agree that the warnings
are critical to the feature. However, the panicking each time there is
an overlap kind of destroys the point of the feature (as you correctly

@John, I think you will find that the above cases match with what you
were talking about not making it an error. The only case we show an
error and quit is when we have no ports to scan with.

Sent through the dev mailing list
Archived at http://seclists.org/nmap-dev/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]