Nmap Development

Re: NMAP XML output too verbose

Thu, 11 Mar 2010 12:14:02 GMT

Posted by Farkas Levente on Mar 11

this is almost exactly what i request in my previous mail.
- i like the idea than normal output match with the xml output.
- and i also like to get a list only where a given port is open.
the only problem with this, that there are some case when filtered port
would be also useful. may be a --filtered option would be useful.

anyway even if only the current proposal will be included in the next
version, then it'd be a perfect solution for...

RE: [BULK] Re: new Win install fails beyond localhost

Wed, 10 Mar 2010 14:56:16 GMT

Posted by Norris Carden on Mar 10

This showed up in the zenmap.exe.log:

E:\tools\Nmap\py2exe\library.zip\zenmapGUI\MainWindow.py:625:
GtkWarning: Could not find the icon '"C:\Program Files\Windows
NT\Accessories\WORDPAD.EXE",1'. The 'hicolor' theme
was not found either, perhaps you need to install it.
You can get a copy from:
http://icon-theme.freedesktop.org/releases
E:\tools\Nmap\py2exe\library.zip\zenmapGUI\App.py:337: GtkWarning:
gdkselection-win32.c:1068:...

Re: zenmap doesn't scan my user mode linux image

Wed, 10 Mar 2010 08:15:08 GMT

Posted by Toralf Förster on Mar 10

David Fifield wrote at 17:41:12

Well,

but it is a regression at least at at my Gentoo system either between net-
analyzer/nmap-5.00-r2 and net-analyzer/nmap-5.21.
Or something other at my notebook changed, b/c I'm pretty sure that it worked
fine before (b/c I use the UML system since years to play with wireshark and
the protocols of sendmail, courier, apache, cups and friends).

Re: More nsock socket_count_write_dec assert() failures

Wed, 10 Mar 2010 01:36:37 GMT

Posted by David Fifield on Mar 09

I worked off-list with Brandon on this problem, and I think we have it
solved. It's committed as r16961.

The problem was that handle_write_results always assumed that it was
being called as the result of a socket becoming writable. If a call to
SSL_write resulted in the pseudo-error SSL_ERROR_WANT_READ, it would
(correctly) decrement the write count and increment the write count.
However, when handle_write_result was called agains as a result of...

Re: NMAP XML output too verbose

Wed, 10 Mar 2010 00:22:18 GMT

Posted by Duarte Silva on Mar 09

Knowing that I'm fairly new in the area of contributing to nmap, but
here it goes :)

The question of the XML showing off-line hosts can be solved with a
different XSL that only shows hosts that are up. (I have been
tinkering about a new and a little more interactive XSL file that
could transform the XML to something more pleasant to use, mashing it
up with JavaScript maybe?? Kind of thinking out loud now).

The problem of XML having hosts that...

Re: NMAP XML output too verbose

Wed, 10 Mar 2010 00:02:37 GMT

Posted by Ron on Mar 09

One of the most common questions we see in #nmap on Freenode is, "how an I find every host with port xx open?" -- I
think your proposed modification to --open will make that a far easier question to answer. Sounds good to me!

Re: New Nmap options for IDS interaction

Tue, 09 Mar 2010 23:55:07 GMT

Posted by Theo Dzierzbicki on Mar 09

Hello again,

It's been a week since I started to work on this possibles options, and
I'm having some trouble with the implementation, so I thought that even
if the options are NOT yet working correctly, this could be a good time to
report and ask for some advices.

The attached patch states my current progress.

I dived in the scan_engine.cc file as you told me, and tried to modify
the sendOK() function. This function happens to be a different...

Re: NMAP XML output too verbose

Tue, 09 Mar 2010 23:28:48 GMT

Posted by Fyodor on Mar 09

Hi Kevin. I talked this over with David Fifield today and we have a
solution proposal which I hope will benefit you and other Nmap users.
Note that this proposal also significantly changes the --open
command-line argument:

The first part of our plan is to only show down hosts in the XML in
verbose mode (as you suggested). Nmap already works this way for its
normal/interactive output. The idea had been that humans don't
normally read the XML...

Re: a few usability problems and how to scan very fast a large network

Tue, 09 Mar 2010 22:37:02 GMT

Posted by Farkas Levente on Mar 09

local arp table usually don't contains all apr info on the lan:-(

this gives me:
Nmap done: 65536 IP addresses (74 hosts up) scanned in 45.85 seconds
so much slower then my version:-(

this true, but imho a better output still would be useful.

this takes:
Nmap done: 65536 IP addresses (80 hosts up) scanned in 46.74 seconds

we always like to scan LAN or why VLAN different in this case?

in my case this the fastest:
Nmap done: 65536 IP addresses...

Re: a few usability problems and how to scan very fast a large network

Tue, 09 Mar 2010 21:46:08 GMT

Posted by Brandon Enright on Mar 09

The best way would be to look at your ARP tables. With Nmap though,
something like this should be pretty comprehensive:

nmap -v -d -v -sP -PE -PP -PM
-PS21,22,23,80,135,139,443,445,1024,1025,1026,3389 -PA
21,22,23,80,135,139,443,445,1024,1025,1026,3389 -T5
--min-hostgroup 2048 --min-parallelism 256 -oA results 10.10.0.0/16

See below.

All of them but for different purposes.

Agreed.

Generally, yes.

Well if you tell Nmap to scan an IP and it...

RE: [BULK] Re: new Win install fails beyond localhost

Tue, 09 Mar 2010 21:43:19 GMT

Posted by Norris Carden on Mar 09

BTW, the same install package is working fine on my XP desktop.

***WinIP*** trying to initialize WinPcap

Winpcap present, dynamic linked to: WinPcap version 4.1.1 (packet.dll
version 4.1.0.1753), based on libpcap version 1.0 branch 1_0_rel0b
(20091008)

NPF service is already running.

Starting Nmap 5.21 ( http://nmap.org ) at 2010-03-09 15:37 Central
Standard Time

The max # of sockets we are using is: 0

--------------- Timing report...

Re: new Win install fails beyond localhost

Tue, 09 Mar 2010 21:36:39 GMT

Posted by David Fifield on Mar 09

Thanks, can you also do

nmap scanme.nmap.org

David Fifield

RE: new Win install fails beyond localhost

Tue, 09 Mar 2010 21:32:05 GMT

Posted by Norris Carden on Mar 09

Results as requested... thanks for pointing out these options..

nmap --iflist

Starting Nmap 5.21 ( http://nmap.org ) at 2010-03-09 15:13 Central
Standard Time

************************INTERFACES************************

DEV (SHORT) IP/MASK TYPE UP MAC

eth0 (eth0) 10.1.1.XX/24 ethernet up 00:00:00:00:00:00

lo0 (lo0) 127.0.0.1/8 loopback up

DEV WINDEVICE

eth0 \Device\NPF_{XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX}

lo0...

a few usability problems and how to scan very fast a large network

Tue, 09 Mar 2010 21:17:28 GMT

Posted by Farkas Levente on Mar 09

hi,
i've got a few question.
in short:
1. what's the fastest way to discover all available ip address in a
large (eg. class B network) if we're on a fast (at least 100Mb) LAN?
2. is there any way to filter output based on the scan specification?
3. is there any usable output format?

in a longer version (start from the end):
3. the current formats are not really useful for automatic processing,
since:
- normal output is not very easy to parse....

Re: zenmap doesn't scan my user mode linux image

Tue, 09 Mar 2010 20:04:21 GMT

Posted by David Fifield on Mar 09

It would be very helpful if you could retest with version 5.00 to
confirm that. It will be much easier to fix if you can find a version
that definitely works.

David Fifield