Nmap Development mailing list archives
Inconsistency in nmap XML output
From: David Schmalz <dvs () zurich ibm com>
Date: Mon, 01 Nov 2004 13:53:21 +0100
Hi everyone, I'd like to report a minor inconsistency in the nmap XML output (tested with versions 3.70 and 3.75). When performing an 'ping' scan, all the hosts that are down are explicitely enumerated in the resulting XML file. However, when I launch a full port and OS fingerprinting scan and all the scanned hosts are actually down, no enumeration is included in the file. This obviously prevents to define a consistent parsing procedure. Below test cases illustrate the reported problem. 1) ping scan
nmap -n -sP -oX out.xml 192.168.1.1
Starting nmap 3.75 ( http://www.insecure.org/nmap/ ) at 2004-11-01 13:38 CET Note: Host seems down. If it is really up, but blocking our ping probes, try -P0 Nmap run completed -- 1 IP address (0 hosts up) scanned in 2.147 seconds <?xml version="1.0" ?> <!-- nmap 3.75 scan initiated Mon Nov 1 13:38:16 2004 as: nmap -n -sP -oX out.xml 192.168.1.1 --> <nmaprun scanner="nmap" args="nmap -n -sP -oX out.xml 192.168.1.1" start="1099312696" version="3.75" xmloutputversion="1.01"> <verbose level="0" /> <debugging level="0" /> <host><status state="down" /> <address addr="192.168.1.1" addrtype="ipv4" /> </host> <runstats><finished time="1099312698" /><hosts up="0" down="1" total="1"/> <!-- Nmap run completed at Mon Nov 1 13:38:18 2004; 1 IP address (0 hosts up) scanned in 2.147 seconds --> </runstats></nmaprun> --------------------- 2) port scan
nmap -T Normal -v -O -sS -sU -p U:137,161,T:22,80 -oX out.xml
192.168.1.1 Starting nmap 3.75 ( http://www.insecure.org/nmap/ ) at 2004-11-01 13:40 CET Note: Host seems down. If it is really up, but blocking our ping probes, try -P0 Nmap run completed -- 1 IP address (0 hosts up) scanned in 2.295 seconds <?xml version="1.0" ?> <!-- nmap 3.75 scan initiated Mon Nov 1 13:40:38 2004 as: nmap -T Normal -v -O -sS -sU -p U:137,161,T:22,80 -oX out.xml 192.168.1.1 --> <nmaprun scanner="nmap" args="nmap -T Normal -v -O -sS -sU -p U:137,161,T:22,80 -oX out.xml 192.168.1.1" start="1099312838" version="3.75" xmloutputversion="1.01"> <scaninfo type="syn" protocol="tcp" numservices="1" services="22,80" /> <scaninfo type="udp" protocol="udp" numservices="1" services="137,161" /> <verbose level="1" /> <debugging level="0" /> <runstats><finished time="1099312840" /><hosts up="0" down="1" total="1" /> <!-- Nmap run completed at Mon Nov 1 13:40:40 2004; 1 IP address (0 hosts up) scanned in 2.295 seconds --> </runstats></nmaprun> --------------------------------------------------------------------- For help using this (nmap-dev) mailing list, send a blank email to nmap-dev-help () insecure org . List archive: http://seclists.org
Current thread:
- Inconsistency in nmap XML output David Schmalz (Nov 01)
- Re: Inconsistency in nmap XML output Fyodor (Nov 09)
- Re: Inconsistency in nmap XML output Dual Mobius (Nov 09)
- Re: Inconsistency in nmap XML output Joshua T. Corbin (Nov 10)
- Re: Inconsistency in nmap XML output Matt (Nov 10)
- Re: Inconsistency in nmap XML output Dual Mobius (Nov 10)
- Re: Inconsistency in nmap XML output Dual Mobius (Nov 10)
- Re: Inconsistency in nmap XML output Dual Mobius (Nov 09)
- Re: Inconsistency in nmap XML output Fyodor (Nov 09)
- Re: Inconsistency in nmap XML output David Schmalz (Nov 10)