Nmap Development mailing list archives
Re: NMAP XML output too verbose
From: Fyodor <fyodor () insecure org>
Date: Tue, 9 Mar 2010 15:28:23 -0800
On Mon, Mar 08, 2010 at 03:28:24PM -0800, Kevin Friedheim wrote:
I see this about a hundred times. I don't want to though. Is there a command line option that I can use to not have this show up? As I understand it, prior to version 5.20 of nmap, I would have to type -v (up the verbosity) in order to see, but now its there by default.
Hi Kevin. I talked this over with David Fifield today and we have a solution proposal which I hope will benefit you and other Nmap users. Note that this proposal also significantly changes the --open command-line argument: The first part of our plan is to only show down hosts in the XML in verbose mode (as you suggested). Nmap already works this way for its normal/interactive output. The idea had been that humans don't normally read the XML and so we can stuff more information there, but this particular case (down hosts) can become excessive. If someone needs the down host information (for the DNS information it provides, or to help distinguish between hosts which are down and those which are not scanned), they can specify -v. This should resolve your issue. The second part of our plan is a modification to --open. Right now it only shows open ports in the port table, but it still shows hosts which might not have any ports open. So you end up with entries like: Nmap scan report for softbank220006197211.bbtec.net (220.6.197.211) Host is up (0.15s latency). The 1 scanned port on softbank220006197211.bbtec.net (220.6.197.211) is filtered Our idea is to change --open so that in normal/interactive output, it ONLY shows hosts with at least one port open. And then of course it doesn't show the closed/filtered ports. I suppose it would still display NSE results (for open ports and host scripts), traceroute, and OS detection information. After all, people who don't want to see those should make their scans faster by not requesting them in the first place. This leads to the question of what we should do with XML output when --open is used. One option is to match the normal output and only show entries for hosts which have at least one open port. Another option is to be more comprehensive on the grounds that users still might want the full host data available in the XML (in case they want to look up something later) even though they only want to see the open ports in normal output. I think I favor matching the XML output to the normal output in this case (only including the hosts with open ports). Since these are material changes to Nmap, we're throwing these proposals out for comment. Please post to the list any comments you might have. It is particularly important to comment if you DISLIKE any of these changes, as we don't want to be changing back and forth. Cheers, Fyodor _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- NMAP XML output too verbose Kevin Friedheim (Mar 09)
- Re: NMAP XML output too verbose Fyodor (Mar 09)
- Re: NMAP XML output too verbose Ron (Mar 09)
- Re: NMAP XML output too verbose Duarte Silva (Mar 09)
- Re: NMAP XML output too verbose Farkas Levente (Mar 11)
- Re: NMAP XML output too verbose David Fifield (Mar 12)
- Re: NMAP XML output too verbose Ron (Mar 09)
- Re: NMAP XML output too verbose Fyodor (Mar 09)