Nmap Development mailing list archives

Re: 4.03 "write buffer not large enough" and "-q (quiet)"

From: Fyodor <fyodor () insecure org>
Date: Sun, 14 May 2006 23:03:08 -0700

On Mon, May 15, 2006 at 12:18:26AM +0000, Brandon Enright wrote:

Rather than getting output like this --

(The 34179 ports scanned but not shown below are in state: closed)
... long list of filtered and open ports ...

I'd like the option of not printing any port state with a frequency
higher than say, 1024.  Something like this --

(The 65531 ports scanned but not shown below are in states: closed or
filtered)
... short list of open ports ...


Good call.  I agree, and just implemented something like that for the
next development version (due out this week).  Here are a couple
examples:

flog/home/fyodor/nmap#./nmap -T4 -p- zardoz

Starting Nmap 4.03 ( http://www.insecure.org/nmap/ ) at 2006-05-14 23:02 PDT
Interesting ports on zardoz (192.168.0.69):
Not shown: 64530 closed ports, 1000 filtered ports
PORT      STATE SERVICE
22/tcp    open  ssh
80/tcp    open  http
111/tcp   open  rpcbind
443/tcp   open  https
32769/tcp open  unknown

Nmap finished: 1 IP address (1 host up) scanned in 26.463 seconds
flog/home/fyodor/nmap#./nmap -T4 -p3000-4500 zardoz

Starting Nmap 4.03 ( http://www.insecure.org/nmap/ ) at 2006-05-14 23:03 PDT
All 1501 scanned ports on zardoz (192.168.0.69) are closed (1000) or filtered (501)

Nmap finished: 1 IP address (1 host up) scanned in 3.247 seconds

And here is the CHANGELOG entry, which covers some corner cases:

o Nmap now allows multiple ingored port states.  If a 65K-port scan
  had, 64K filtered ports, 1K closed ports, and a few dozen open
  ports, Nmap used to list the dozen open ones among a thousand lines
  of closed ports.  Now Nmap will give reports like "Not shown: 64330
  filtered ports, 1000 closed ports" or "All 2051 scanned ports on
  192.168.0.69 are closed (1051) or filtered (1000)", and omit all of
  those ports from the table.  Open ports are never ignored.  XML
  output can now have multiple <extraports> directive (one for each
  ignored state).  The number of ports in a single state before it is
  consolidated defaults to 26 or more, though that number increases as
  you add -v or -d options.  With -d3 or higher, no ports will be
  consolidated.  The XML output should probably be augmented to give
  the extraports directive 'ip', 'tcp', and 'udp' attributes which
  specify the corresponding port numbers in the given state in the
  same listing format as the nmaprun.scaninfo.services attribute, but
  that part hasn't yet been implemented.  If you absoultely need the
  exact port numbers for each state in the XML, use -d3 for now.

Cheers,
Fyodor



_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev

Current thread:

4.03 "write buffer not large enough" and "-q (quiet)" Brandon Enright (May 14)
- Re: 4.03 "write buffer not large enough" and "-q (quiet)" Martin Mačok (May 14)
- Re: 4.03 "write buffer not large enough" and "-q (quiet)" Fyodor (May 14)
  - [PATCH] Re: 4.03 "write buffer not large enough" and "-q (quiet)" Brandon Enright (May 20)
    - Re: [PATCH] Re: 4.03 "write buffer not large enough" and "-q (quiet)" Fyodor (May 27)