Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: small XML output inconsistency and a fix

From: David Fifield <david () bamsoftware com>
Date: Mon, 4 Aug 2008 11:51:47 -0600
On Sat, Aug 02, 2008 at 03:42:45PM -0400, Michael Pattrick wrote:

Hey everyone,

I just noticed this small oddity, when I run a command with custom
scan flags such as:
nmap --scanflags URGACK -p80 -oX test.xml 10.0.0.1

The XML file reports:
<scaninfo type="syn" protocol="tcp" numservices="1" services="80" />

URGACK is just an example, no matter what you use, by default it will
always report as syn.

I wrote a patch to fix this(attached) but it adds another attribute to
the scaninfo element so I thought I owuld announce it here before
committing. This patch will change the XML output to the following:
<scaninfo type="syn" scanflags="ACKURG" protocol="tcp" numservices="1"
services="80" />


I think it's a good idea to include the scanflags in the XML output.
Kris is right that scanflags only applies to TCP scans so the scanflags
should be included only when protocol="tcp".

What about instead of scanflags="NONE" and scanflags="ALL", using
scanflags="" and scanflags="FINSYNRSTPSHACKURGECECWR"? Would that make
it easier on writers of parsers? I know Nmap takes "NONE" and "ALL" as a
convenience but I don't think there's a reason to abbreviate the XML
output.

David Fifield

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
Previous By Date Next
Previous By Thread Next

Current thread: