Re: Feature request list all IP addresses of a host name

[David Fifield <david () bamsoftware com>]

On Wed, Apr 28, 2010 at 11:23:21PM -0700, Fyodor wrote:
> On Wed, Apr 28, 2010 at 07:19:34PM -0600, David Fifield wrote:
> > On Wed, Apr 28, 2010 at 09:11:21PM -0400, Derek wrote:
> >
> > We do keep track of all the IP addresses, in the Target::resolved_addrs
> > member. But I don't think they're printed out anywhere. Please give us
> > an example of what you want the output to look like.
>
> It is certainly an interesting issue.  When I scan Google.com, I get
> (in verbose mode or not) a line like:
>
> Hostname google.com resolves to 4 IPs. Only scanned 74.125.19.147
>
> Of course the IP address shifts among the four each time, and someone
> elsewhere might get a completely different set if it is geo based DNS.
> I agree that printing all four IPs is desirable, but I wonder if we
> should go even further.  Maybe instead of picking one of the IPs
> arbitrarily to scan, we should scan ALL the IPs (and print a line
> noting what we are doing)?  When I specify a host name without a
> subnet mask, that is usually what I want.

Ignoring for a moment the question of whether to scan all the addresses,
I made a change to at least print the addresses that were resolved but
not scanned. It replaces the line "Hostname ... resolves to N IPs. Only
scanned ...". It looks like this in context:

Starting Nmap 5.30BETA1 ( http://nmap.org ) at 2010-05-10 23:57 MDT
Nmap scan report for google.com (66.102.7.99)
Host is up (0.073s latency).
Other addresses for google.com (not scanned): 66.102.7.104
rDNS record for 66.102.7.99: lax04s01-in-f99.1e100.net

David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/