Nmap Development mailing list archives
Re: Minor nmap feature request with great payback
From: David Fifield <david () bamsoftware com>
Date: Mon, 16 Nov 2009 14:32:03 -0700
On Sun, Nov 08, 2009 at 02:10:17PM -0700, David Fifield wrote:
On Sun, Nov 08, 2009 at 11:54:53AM -0500, Jon Kibler wrote:When scanning a network, it is often helpful to know the IP address and TTL that responded to a probe. Currently, there are several ways to dump packet details, but these do not exactly produce "clean" output. What I would like to see is a new option, "--reason-details" that gives not only the reason for determining that a port was open/closed/filtered/etc., but also gives the IP and TTL of the packet that sent the response.We do already keep track of the IP address and TTL. This is from portreasons.h: /* stored inside a Port Object and describes * why a port is in a specific state */ typedef struct port_reason { reason_t reason_id; struct in_addr ip_addr; unsigned short ttl; int state; } state_reason_t; I seem to remember having seen "admin-prohibited from X.X.X.X" before. Maybe there's some bug preventing it from being printed?
I just verified that "from X.X.X.X" is printed already by default. ALl you have to do is run with the -d option so that the entire port table is shown. Here's a scan I just ran: PORT STATE SERVICE REASON 7/udp filtered echo port-unreach from 192.168.0.1 9/udp filtered discard port-unreach from 192.168.0.1 17/udp filtered qotd port-unreach from 192.168.0.1 19/udp filtered chargen port-unreach from 192.168.0.1 49/udp filtered tacacs port-unreach from 192.168.0.1 53/udp open|filtered domain no-response As for the TTL information, I found this message from Fyodor saying it should be left out of normal output. However it is still always present in XML output. http://seclists.org/nmap-dev/2006/q2/374 David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Minor nmap feature request with great payback Jon Kibler (Nov 08)
- Re: Minor nmap feature request with great payback Rob Nicholls (Nov 08)
- Re: Minor nmap feature request with great payback Jon Kibler (Nov 08)
- Re: Minor nmap feature request with great payback David Fifield (Nov 08)
- Re: Minor nmap feature request with great payback David Fifield (Nov 16)
- Re: Minor nmap feature request with great payback Rob Nicholls (Nov 08)