Nmap Development mailing list archives
Re: [Patch] --exclude-ports option for Nmap
From: Jay Bosamiya <jaybosamiya () gmail com>
Date: Thu, 19 Jun 2014 14:54:05 +0530
Dan, Your hypothesis is correct. Actually, I had added line 1558 in one of my earlier versions (before I added support for host discovery exclusions) to reduce unnecessary calling of the function removepts. Attached is modified patch with just that line removed (and minor change in the comment just before it). Going for the alternative that you mentioned (first and second top ports after exclusion) would not be difficult but I personally think this'd just make things confusing for the end-user. Instead, showing that warning in all cases seems like the right thing to do, now that I think about it. Thanks for the quick feedback. :) Cheers, Jay On Thursday 19 June 2014 12:40 AM, Daniel Miller wrote:
Jay, There is a problem with the patch in handling exclusions of host discovery ports when --top-ports is given: excluded ports are still used in this case. This is because the exclusion is being handled by gettoppts (which does not affect ping ports) only, and not by removepts (which handles all port/protocol types). I think this can be fixed by removing the conditional on line 1558, and simply running removepts regardless. I have not tested that hypothesis, though, so you may come up with a better fix. In general, though, your feature is looking good. I do think that the warning should be shown in all cases where an entire ping type is excluded, because otherwise we will get bug reports that Nmap is not detecting some host that they know is up (perhaps because it is blocking ICMP, and we excluded the available TCP ping ports.) An alternative to simply dropping the default TCP ping ports would be to choose them as the first-and-second-most popular ports after exclusions. This would have the advantage of not eliminating a host discovery type altogether, but it would mean a change to the way things currently work without --exclude-ports, since the 2 most-popular ports are 80 and 23 (443 is 3rd place). I only bring this up as a discussion point; please don't spend time implementing it, since it's not likely to be a desired feature. Dan
Attachment:
excludePorts.patch
Description:
_______________________________________________ Sent through the dev mailing list http://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [Patch] --exclude-ports option for Nmap Jay Bosamiya (Jun 18)
- Re: [Patch] --exclude-ports option for Nmap Daniel Miller (Jun 18)
- Re: [Patch] --exclude-ports option for Nmap Jay Bosamiya (Jun 19)
- Re: [Patch] --exclude-ports option for Nmap Daniel Miller (Jun 18)