Nmap Development mailing list archives
Re: LAN/WAN Configuration Management
From: kx <kxmail () gmail com>
Date: Mon, 3 Oct 2005 22:22:59 -0400
I have been looking at some of this. On the XML part, I think it is a bad idea to add SVG to the nmap output, but instead use the current XML output and transform it into whatever you want, HTML, SVG, CSV, etc.... The XML as-is already gives a lot of power, and I have been toying with XSLT, SVG and HTML already with neat results. As for network mapping, Fyodor has plans to add traceroute functionality to nmap; it is in his original XML proposal: http://seclists.org/lists/nmap-dev/2000/Jul-Sep/0038.html I've been looking at ways to visualize a format like this, and now I am curious what suggestions this list may propose, and which approach the largest group would fine most useful. 1st approach: Use XSLT on the XML output to create a DHTML + SVG page that will render in a browser. I believe I would have to use javascript to do most of the graph placement. While I truly like this approach, and I am trying to think of a "lite" version of a graph visualization to be added to the current XSLT file, I worry SVG is still not tremendously adopted, and the last thing I want to do is heavy graph work in XSLT and javascript. 2nd approach: Use a C++ or Perl wrapper to AT&T's graphviz ( http://www.graphviz.org/ ) to do the tough graph work, then export to DHTML + SVG, or DHTML + PNG, or PNG, or etc... This is what scapy ( http://www.secdev.org/projects/scapy/ ) does for its maps as well as many others. I like this approach a lot for robustness and portability, but the downside is the external library dependency. 3rd approach: New complete standalone viewer - seems excessive, but perhaps this list will think otherwise. Wouldn't mind a few suggestions, or if anyone wanted to beat me to the punch on these ideas, as grad studies are taking up more of my hobby time than I had planned. Thanks, kx On 10/3/05, Nils Magnus <magnus () linuxtag org> wrote:
Re, On Mon, Oct 03, 2005 at 02:29:09PM -0400, Fred Eisele wrote:I would like to see a stronger xml presence in nmap, as I feel that would make it easier to integrate nmap into such a mechanism In particular, I would like to see/develop... - some nice graphical output (in svg)I'd love to see something like that as well, but don't underestimate the comlexity of such a task. In fact this applies to several of your suggestions: In my opinion, one of the key factors for nmap's success is the very general approach; nmap does not make much assumptions about the environment it scans. If you try to draw network maps automatically, usually they are not much better help compared to the text form, since graph placing/routing seems to be a rather complex task. However, I do not intend to keep you from developing something like that.Have you considered making use of a "proper" xml dom library (e.g. libxml2, xerces) rather than the roll-your-own technique? This could make the -append-output problem quite a bit easier to handle.Well, that is right, but earlier discussion also showed that some people like the XML approach, but some don't use that at all. Again, I am not sure if sacrificing part of that generalistic approach is a good idea. We are alredy at a point where complexity is obviously an issue for nmap, even in the core functionality. I those propose to implement such ideas "around" the vanilla nmap.It would be helpful if the master file described certain missing information. For example, the routing tables. Anyway, the question, I guess, is whether nmap could use that information to do a better job of scanning?Hm, effectivly nmap just distinguishes between layer-2 connected and layer-3+ connected networks. To assess information about some network infrastructure, the routing table and other stuff you usually asses with traceroute/tcptraceroute etc. is very helpful, if not crucial for such tasks. It is very tempting to try to integrate that information into nmap, but the complexity threat comes quickly in there, again. Regards, Nils Magnus Program-Chair LinuxTag 2005 Free Conference Program LinuxTag 2005: Where .com meets .org - magnus () linuxtag org _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev
Current thread:
- LAN/WAN Configuration Management Fred Eisele (Oct 03)
- Re: LAN/WAN Configuration Management Nils Magnus (Oct 03)
- Re: LAN/WAN Configuration Management kx (Oct 03)
- Re: LAN/WAN Configuration Management Ole Morten Grodås (Oct 04)
- Re: LAN/WAN Configuration Management Fyodor (Oct 05)
- Re: LAN/WAN Configuration Management Nils Magnus (Oct 03)