Nmap Development mailing list archives
Re: Feature Request: --top-ports option for -PS when performing host discovery
From: doug () hcsw org
Date: Tue, 19 Feb 2008 17:44:51 -0800
Hi Nelson,
Nelson <komseh () gmail com> wrote:I would like to be able to tell nmap to do host discovery with -PS and send the TCP Syn Pings to the top X most common ports.
Interesting, I hadn't thought about using top ports data to choose the ports used with host discovery. Like Brandon says, the most straightforward way would be just to use a regular SYN scan and -P0, supplying your top ports data with the -p switch (host discovery and -sS even use the same engine in recent Nmap: ultra_scan). Of course, this assumes that you *have* top ports data that you trust. The backend code to implement such top ports functionality actually already exists in Nmap. The only thing holding back the feature is a good data-set. If the Nmap community agrees on a data-set, I would be happy to make the top ports feature work. I ran some -iR -p1-65535 scans a year or two ago but was never confident enough recommend that the resultsbe the official Nmap data. Unlike my crappy results, Brandon's data looks very promising! Was this data collected from full port scans of a large heterogenous network without significant firewall interference? If so, and of course if Brandon agrees, I could massage the data into a format that would allow you to run the following scan: nmap -P0 -sS --top-ports 50 target Another option is to create a community submission interface for such data similar to how we currently collect OS/service fingerprints. This was suggested recently by Lionel Cons: http://seclists.org/nmap-dev/2008/q1/0162.html I actually have some perl code that will take Nmap -oG scans and strip all information except for port lists, as well as a C program that will compress lists of port numbers into a compact ASCII encoding suitable for pasting into web text fields: http://hcsw.org/downloads/portcompress.c A potential problem with any top ports data, especially considering the rapid, unpredictable pace of internet development, is that data might become inaccurate over time. This could happen when a new service becomes popular or when an older one becomes obsolete (think telnet -- though Brandon's data suggests telnet is still more common than, say, VNC.) Anyways, I'm very open to ideas on how tackle this important problem. Best, Doug
Attachment:
signature.asc
Description: Digital signature
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Feature Request: --top-ports option for -PS when performing host discovery Nelson (Feb 19)
- Re: Feature Request: --top-ports option for -PS when performing host discovery Brandon Enright (Feb 19)
- Re: Feature Request: --top-ports option for -PS when performing host discovery doug (Feb 19)
- Re: Feature Request: --top-ports option for -PS when performing host discovery Brandon Enright (Feb 19)
- Re: Feature Request: --top-ports option for -PS when performing host discovery Fyodor (Feb 19)
- Re: Feature Request: --top-ports option for -PS when performing host discovery doug (Feb 19)
- Re: Feature Request: --top-ports option for -PS when performing host discovery Brandon Enright (Feb 19)