Re: Google SoC proposal: Ntrace

[kx <kxmail () gmail com>]

I am all for it, and I almost think this approach perhaps is a more
unix way of doing things... lots of small modular functional units you
can piece together in interesting ways.  Interesting to see what
Fyodor thinks.

I looked at a lot of visualization options before, and I think the
scapy traceroute output is neat:

http://www.secdev.org/projects/scapy/

Image here:
http://www.secdev.org/projects/scapy/doc/img/graph_traceroute.gif

The ability to do TCP, UDP, ICMP Echo, and even arbitrary protocol
traceroutes would be cool (GRE packets etc). Add in AS Lookup
(http://www.radb.net/, http://www.cymru.com/BGP/asnlookup.html, etc),
and clustering by longest common dns suffix (*.us.above.net,
*.att.net) etc... would be very cool. Path MTU discovery would be nice
as well.

If after you get the network code and textual/XML stuff working, if
you think about a visualization GUI, I highly recommend the defacto
graphviz for layout: http://www.research.att.com/sw/tools/graphviz/

Cheers,
  kx


On 5/8/06, Arthur Vincent V. Amarra <arthur_amarra () yahoo co uk> wrote:
> Hi all, this is just to give a quick summary on what I proposed for
> the SoC, submitted yesterday.
>
> My proposal is to create a traceroute program called Ntrace. Ntrace
> should be able to perform both ICMP and TCP traceroutes, and output
> both in standard and XML formats.
>
> What makes Ntrace unique is that it will be designed expressly to work
> with Nmap, it is planned that Ntrace should be able to read Nmap's XML
> output and trace routes to the targets based on the ports most likely
> to return probes. It should also be able to output host lists for Nmap
> to scan later on, for example, checking the security of a router one
> hop before a target would be useful for penetration testing.
>
> And, in the long run, new Nmap front ends could utilize this close
> functionality between Nmap and Ntrace, and act as a wrapper for the
> two programs to act in unison. This would make it possible for the
> front end to actually generate a graphical map of the network, and the
> possibilities are numerous. I have thrown together a simulated
> screenshot(attached) of what this could look like, but it could (and
> should, given my extremely limited graphics skills) look better than that.
>
> I might be thinking too far ahead on this, but I just wanted to share
> my vision. Comments and constructive criticism is welcome. More
> details can be found on http://rootshell.be/~arthurv.
>
> regards,
> Arthur V. Amarra
>
>
>
>
>
> _______________________________________________
> Sent through the nmap-dev mailing list
> http://cgi.insecure.org/mailman/listinfo/nmap-dev


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev