nmap +multiping

[Dion Stempfley <Dion () riptech com>]

I was fighting with the most efficient methods to do host discovery, and
found that I occaissionally needed to use different tcp ports in tcp ping
scans to get really reliable results.  I was looking at multiping which is
pretty efficient but lacks much of the capability for data management that
nmap has.  I came up with a technique that looped several nmap runs using
different probe ports each time, and then combining the host list to do a
port scan with a noping option.  This was fast enough, but kind of a pain.

So here is a hack to allow nmap to support multiple tcp probe ports during
scanning.

The syntax is basically:

  nmap -PB -pR:22,23,53,80,443,T:1-1024 ...

This is a real quick hack, a proof of concept basically, and has a lot of
things to clean up.  It only works if the user is root.  This is probably
not a necessary limitation, but I didn't put the code into the connect
scanning.  Options such as idle scanning only use the first probe port
specified.  


It seems to work, but has undergone limited testing.  If the general
consenus is that this is useful I will try to clean it up, and make it
integrate into the existing code more nicely.  I would also like to here any
comments if you think I'm completely off my rocker and this is was an
absolute waste of my time. :)

Anyone that likes the idea but thinks it should be done better, feel free.

Enjoy,

Dion




---------------------------------------------------------------------
For help using this (nmap-dev) mailing list, send a blank email to 
nmap-dev-help () insecure org . List run by ezmlm-idx (www.ezmlm.org).