Nmap Development mailing list archives

Re: nmap returns "Host <ip_address> appears to be up" instead of "Host <hostname> appears to be up" for some of the nodes

From: David Fifield <david () bamsoftware com>
Date: Thu, 12 Nov 2009 08:52:05 -0700

On Thu, Nov 12, 2009 at 04:41:57PM +0800, Guang Cheng Li wrote:

HI,

OS: SLES 11 on IBM System p
nmap version: 4.75 and 5.00

I am using nmap to detect whether all of the nodes in my cluster and up and
running, nmap returns "Host <ip_address> appears to be up" for some nodes
but returns "Host <hostname> appears to be up" for the other nodes. Since a
script is used to parse the output, so it is difficult for me to write the
script.  Could someone let me know that why the nmap returns both "Host
<ip_address> appears to be up" and "Host <hostname> appears to be up"?
thank you.

Starting Nmap 4.75 ( http://nmap.org ) at 2009-11-12 03:39 EST
Host 10.6.1.5 appears to be up.
Host c906f06c03p21.cluster.com (10.6.3.21) appears to be up.


Nmap's normal output to the screen is meant to be read by humans, so
often lines will have different forms depending on what information is
available. In version 4.76, the form "Host <hostname> (<ip address>)
appears to be up" means that a reverse-DNS record for the IP address was
found.

For parsing with a script you should use the XML (-oX) or grepable
output formats (-oG). This is especially important because normal output
may change from time to time, and it will definitely be different in the
next release so that it can hold reverse-DNS records.

Try running

nmap -oX output.xml -PE --send-ip -sP c906f06c01p05

or if you want to pipe the output directly to a script,

nmap -oX - -PE --send-ip -sP c906f06c01p05

Sometimes I parse Nmap's normal output just for convenience. If you do
that you have to make your parser handle all these cases and be ware
that the output can change in the future. Here is the documentation on
all the output formats:

http://nmap.org/book/output.html

David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

Current thread:

nmap returns "Host <ip_address> appears to be up" instead of "Host <hostname> appears to be up" for some of the nodes Guang Cheng Li (Nov 12)
- Re: nmap returns "Host <ip_address> appears to be up" instead of "Host <hostname> appears to be up" for some of the nodes David Fifield (Nov 12)
  - Re: nmap returns "Host <ip_address> appears to be up" instead of "Host <hostname> appears to be up" for some of the nodes Rob Nicholls (Nov 12)
  - Re: nmap returns "Host <ip_address> appears to be up" instead of "Host <hostname> appears to be up" for some of the nodes Guang Cheng Li (Nov 12)
    - Re: nmap returns "Host <ip_address> appears to be up" instead of "Host <hostname> appears to be up" for some of the nodes David Fifield (Nov 12)
    - Re: nmap returns "Host <ip_address> appears to be up" instead of "Host <hostname> appears to be up" for some of the nodes Guang Cheng Li (Nov 12)