Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Tunnel information not always included in XML output

From: David Fifield <david () bamsoftware com>
Date: Fri, 30 Mar 2012 20:24:20 -0700
On Tue, Feb 14, 2012 at 10:28:52AM +0000, Matt Foster wrote:

On Tue Feb 14 03:54:47 2012, David Fifield wrote:

On Mon, Feb 13, 2012 at 11:00:07AM +0000, Matt Foster wrote:

Hi All,

I recently noticed that there's no tunnel information in Nmap's XML
output when the service is 'ssl/unknown'. In these cases, there's no
service tag in the output, so as a consequence there's no tunnel
attribute set.

A similar problem to this (but relating to text output) seems to have
been fixed back in 2009, but I couldn't find any mention of issues like
this relating to XML output.

I've attached a very simple patch, to make sure there's a service tag
whenever there's an identified SSL tunnel. It may not be the best way to
fix this, but so far it seems to be working for me.


What XML does it emit in the conditions you've identified?



We saw:

<port protocol="tcp" portid="6801"><state state="open" reason="syn-ack"
reason_ttl="51"/></port>

without the patch, and then:

<ports><port protocol="tcp" portid="6801"><state state="open"
reason="syn-ack" reason_ttl="51"/><service name="unknown" tunnel="ssl"
method="table" conf="3"/></port>

With it.

That said, I've been trying to replicate the issue using openssl
s_server in order to send you a decent example, and I can't. Nmap
behaves as it should, and reports the tunnel -- so this was probably
cause by something else, rather than what I described above.


I see what was going on. If the port was present in nmap-services, even
with a service name of "unknown", the tunnel information was shown. But
if the port was not even present in the file, the tunnel information was
not shown. For example, port 1753 gave me tunnel information, but port
1235 did not.

I have applied your patch, thanks.

David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: