Re: Ndiff ready to be tested

["Michael Pattrick" <mpattrick () rhinovirus org>]

Hey Fyodor,

On Sat, Jul 5, 2008 at 4:23 AM, Fyodor <fyodor () insecure org> wrote:
> The first thing I encountered was the lack of XML::Writer and XML:Twig
> on my system.  So I tried a newer system, and that didn't have these
> Perl modules either.  I was able to easily add the modules, but that
> is a lot to ask of users.  Particularly since we've already lost most
> of the Windows users by requiring Perl.  So it would be good for it to
> work "out of the box" for as many of the remaining users as possible.

I agree, David suggested XML::writer and I happened to have it on my
system so I thought it was common, but I guess not. I could just go
back to how I did it before, concatenating strings to produce XML,
which guaranties compatibility with all. However, it concatenation
cant replace XML::twig(which I also had on my system prior to ndiff)
as it is needed to parse the xml input files. I am open to suggestions
about this, if anyone knows how this could be handled better.

> In an svn checkin you said "Ndiff now handles hosts with dynamic
> addresses intelegently".  Can you describe how it does that?

If a host with ip address A has gone offline, ndiff checks to see if
any other host with ip address B has come online which has all the
same port states, service names, and etc.

So instead of printing this:
A:
  Host has gone offline
  Port 1 was open
  Port 2 was open
  Port 3 was open

B:
  Host has come online
  Port 1 is open
  Port 2 is open
  Port 3 is open

ndiff prints:
A:
  Host has been renamed to B

I implemented this when multiple people pointed out that they have
many hosts on DHCP and were worried that the output would be cluttered
by hosts changing names.


Thanks for the input, ill try to implement it.

Cheers,
Michael

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org