Nmap Development mailing list archives
[PATCH] Re: 4.03 "write buffer not large enough" and "-q (quiet)"
From: Brandon Enright <bmenrigh () ucsd edu>
Date: Sat, 20 May 2006 21:40:22 +0000
On Sun, 2006-05-14 at 23:03 -0700, Fyodor wrote:
On Mon, May 15, 2006 at 12:18:26AM +0000, Brandon Enright wrote:Rather than getting output like this -- (The 34179 ports scanned but not shown below are in state: closed) ... long list of filtered and open ports ... I'd like the option of not printing any port state with a frequency higher than say, 1024. Something like this -- (The 65531 ports scanned but not shown below are in states: closed or filtered) ... short list of open ports ...Good call. I agree, and just implemented something like that for the next development version (due out this week). Here are a couple examples: flog/home/fyodor/nmap#./nmap -T4 -p- zardoz Starting Nmap 4.03 ( http://www.insecure.org/nmap/ ) at 2006-05-14 23:02 PDT Interesting ports on zardoz (192.168.0.69): Not shown: 64530 closed ports, 1000 filtered ports PORT STATE SERVICE 22/tcp open ssh 80/tcp open http 111/tcp open rpcbind 443/tcp open https 32769/tcp open unknown Nmap finished: 1 IP address (1 host up) scanned in 26.463 seconds flog/home/fyodor/nmap#./nmap -T4 -p3000-4500 zardoz Starting Nmap 4.03 ( http://www.insecure.org/nmap/ ) at 2006-05-14 23:03 PDT All 1501 scanned ports on zardoz (192.168.0.69) are closed (1000) or filtered (501) Nmap finished: 1 IP address (1 host up) scanned in 3.247 seconds And here is the CHANGELOG entry, which covers some corner cases: o Nmap now allows multiple ingored port states. If a 65K-port scan had, 64K filtered ports, 1K closed ports, and a few dozen open ports, Nmap used to list the dozen open ones among a thousand lines of closed ports. Now Nmap will give reports like "Not shown: 64330 filtered ports, 1000 closed ports" or "All 2051 scanned ports on 192.168.0.69 are closed (1051) or filtered (1000)", and omit all of those ports from the table. Open ports are never ignored. XML output can now have multiple <extraports> directive (one for each ignored state). The number of ports in a single state before it is consolidated defaults to 26 or more, though that number increases as you add -v or -d options. With -d3 or higher, no ports will be consolidated. The XML output should probably be augmented to give the extraports directive 'ip', 'tcp', and 'udp' attributes which specify the corresponding port numbers in the given state in the same listing format as the nmaprun.scaninfo.services attribute, but that part hasn't yet been implemented. If you absoultely need the exact port numbers for each state in the XML, use -d3 for now. Cheers, Fyodor
Based solely on the the description of this change, the write buffer was not increased even for cases when -d3 or higher is being used. Since -d3 essentially reverts to the old output format the write buffer length could be to small in some cases. The attached patch increases the write buffer length from 64k to 512k when verbosity or debugging levels are 3 or greater. This seems like an appropriate compromise. It won't increase normal memory usage but will accommodate extremely verbose outputs when needed. This patch applies to 4.03. It may or may not apply to the code in Fyodor's tree and may not even be needed. Hopefully it isn't totally superfluous. Brandon -- Brandon Enright Network Security Analyst UCSD ACS/Network Operations bmenrigh () ucsd edu
Attachment:
extendedoutput.patch
Description:
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev
Current thread:
- 4.03 "write buffer not large enough" and "-q (quiet)" Brandon Enright (May 14)
- Re: 4.03 "write buffer not large enough" and "-q (quiet)" Martin Mačok (May 14)
- Re: 4.03 "write buffer not large enough" and "-q (quiet)" Fyodor (May 14)
- [PATCH] Re: 4.03 "write buffer not large enough" and "-q (quiet)" Brandon Enright (May 20)