SoC: port state reasons

["Eddie Bell" <ejlbell () gmail com>]

Hey all,

I am in the middle of the port state reason implementation, here is what it
looks like at the moment

Not shown: 1233 closed portsReasons: 1233 remote resets
PORT    STATE    SERVICE REASON
21/tcp    filtered    ftp               admin-prohibited
22/tcp    open       ssh
25/tcp    filtered    smtp          port-unreachable
53/tcp    open       domain
113/tcp  filtered    auth           no-response

So far the reason can be one of the following depending on the scan. Can
anyone think of any other
reasons I can infer?

open, closed,  remote-reset, no-response
unreachable, net-unreachable, host-unreachable
proto-unreachable, port-unreachable
admin-prohibited, net-prohibited
host-prohibited and unknown

Here is my idea for the xml structure. I have added a reason attribute for
the state and extraports tag

<ports>
<port protocol="tcp" portid="22">
<state state="filtered" reason="port unreachable" />
<service name="ssh"/>
</port>

<extraports state="filtered" count=102 />
<extraports reason="admin-prohibited" count=102/>
.....
.....
</ports>

Also one last question, I am severely limited on what reasons I can get from
a connect scan. This is understandable as a user, but as root does nmap
still use the API connect call or does it use raw packets?

thanks
 - eddie


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev