Re: nmap +multiping

[Fyodor <fyodor () insecure org>]

On Tue, Nov 27, 2001 at 12:23:49AM -0500, Dion Stempfley wrote:
> I was fighting with the most efficient methods to do host discovery, and
> found that I occaissionally needed to use different tcp ports in tcp ping
> scans to get really reliable results.

Cool!  This has been on my TODO list for a long time, but I haven't
had a chance to implement it cleanly.  I have also been using
multi-run approach of doing a "-sS -P0", plus potentially a "-PI" and
several with "-g" source ports such as 20,53,etc.  Then I merge the
results to determine the hosts that deserve the full "-P0 -sSU -p-"
treatment.  Clearly this is suboptimal.  I would accept a clean patch
for allowing multiport pings.  Ideally it should be well tested,
support all the ping types (-PT, -PB, -PS, etc), and have a reasonable
syntax.  Connect() support would be pretty useful as well.

> So here is a hack to allow nmap to support multiple tcp probe ports during
> scanning.

Did you remember to attach the patch or a URL to it?  If you did
attach it, maybe the content-type was wrong (this listserv bans many
application/* types, Word/Excel documents, etc).

> The syntax is basically:
>
>   nmap -PB -pR:22,23,53,80,443,T:1-1024 ...

Why not extend the current pingport system to allow a list of ports?
For example you can currently do "-PB80" or "-PS80".  How about just
allowing "-PS53,80,113"?

> scanning.  Options such as idle scanning only use the first probe port
> specified.  

That sounds appropriate.

> It seems to work, but has undergone limited testing.  If the general
> consenus is that this is useful I will try to clean it up, and make it
> integrate into the existing code more nicely.

Sure!  I'll bet many people would find it handy!

Cheers,
Fyodor

---------------------------------------------------------------------
For help using this (nmap-dev) mailing list, send a blank email to 
nmap-dev-help () insecure org . List run by ezmlm-idx (www.ezmlm.org).