[PATCH] Re: 4.03 "write buffer not large enough" and "-q (quiet)"

[Brandon Enright <bmenrigh () ucsd edu>]

On Sun, 2006-05-14 at 23:03 -0700, Fyodor wrote:
> On Mon, May 15, 2006 at 12:18:26AM +0000, Brandon Enright wrote:
>
> > Rather than getting output like this --
> >
> > (The 34179 ports scanned but not shown below are in state: closed)
> > ... long list of filtered and open ports ...
> >
> > I'd like the option of not printing any port state with a frequency
> > higher than say, 1024.  Something like this --
> >
> > (The 65531 ports scanned but not shown below are in states: closed or
> > filtered)
> > ... short list of open ports ...
>
> Good call.  I agree, and just implemented something like that for the
> next development version (due out this week).  Here are a couple
> examples:
>
> flog/home/fyodor/nmap#./nmap -T4 -p- zardoz
>
> Starting Nmap 4.03 ( http://www.insecure.org/nmap/ ) at 2006-05-14 23:02 PDT
> Interesting ports on zardoz (192.168.0.69):
> Not shown: 64530 closed ports, 1000 filtered ports
> PORT      STATE SERVICE
> 22/tcp    open  ssh
> 80/tcp    open  http
> 111/tcp   open  rpcbind
> 443/tcp   open  https
> 32769/tcp open  unknown
>
> Nmap finished: 1 IP address (1 host up) scanned in 26.463 seconds
> flog/home/fyodor/nmap#./nmap -T4 -p3000-4500 zardoz
>
> Starting Nmap 4.03 ( http://www.insecure.org/nmap/ ) at 2006-05-14 23:03 PDT
> All 1501 scanned ports on zardoz (192.168.0.69) are closed (1000) or filtered (501)
>
> Nmap finished: 1 IP address (1 host up) scanned in 3.247 seconds
>
> And here is the CHANGELOG entry, which covers some corner cases:
>
> o Nmap now allows multiple ingored port states.  If a 65K-port scan
>   had, 64K filtered ports, 1K closed ports, and a few dozen open
>   ports, Nmap used to list the dozen open ones among a thousand lines
>   of closed ports.  Now Nmap will give reports like "Not shown: 64330
>   filtered ports, 1000 closed ports" or "All 2051 scanned ports on
>   192.168.0.69 are closed (1051) or filtered (1000)", and omit all of
>   those ports from the table.  Open ports are never ignored.  XML
>   output can now have multiple <extraports> directive (one for each
>   ignored state).  The number of ports in a single state before it is
>   consolidated defaults to 26 or more, though that number increases as
>   you add -v or -d options.  With -d3 or higher, no ports will be
>   consolidated.  The XML output should probably be augmented to give
>   the extraports directive 'ip', 'tcp', and 'udp' attributes which
>   specify the corresponding port numbers in the given state in the
>   same listing format as the nmaprun.scaninfo.services attribute, but
>   that part hasn't yet been implemented.  If you absoultely need the
>   exact port numbers for each state in the XML, use -d3 for now.
>
> Cheers,
> Fyodor

Based solely on the the description of this change, the write buffer was
not increased even for cases when -d3 or higher is being used.  Since
-d3 essentially reverts to the old output format the write buffer length
could be to small in some cases.

The attached patch increases the write buffer length from 64k to 512k
when verbosity or debugging levels are 3 or greater.  This seems like an
appropriate compromise.  It won't increase normal memory usage but will
accommodate extremely verbose outputs when needed.

This patch applies to 4.03.  It may or may not apply to the code in
Fyodor's tree and may not even be needed.  Hopefully it isn't totally
superfluous.

Brandon

-- 
Brandon Enright
Network Security Analyst
UCSD ACS/Network Operations
bmenrigh () ucsd edu

Attachment: extendedoutput.patch
Description:

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev