Re: Generating Graphical Diagrams/Maps from Nmap output

[magnus () linuxtag org (Nils Magnus)]

Re,

On Thu, May 25, 2006 at 04:17:58PM +0200, Diman Todorov wrote:

> > Once again, regardless of the purpose, this subject is less a question
> > of graphing than to have proper data structures. Most networks I work
> > with and which I scan are pretty easy in terms of their graph  
> > structure.
> May I point out that a graph is a data structure.

Yes, a graph is usually a tuple of sets of edges and vertexes, which can
be annotated under circumstances.

> It is also a data structure which is well suit for representation of
> computer networks.

While this may be true in a very general environment, I object it is
suitable in our situation.

> Nils, if I am understanding you correctly you want to have edges
> which represent sub nets. These edges would have the property
> to provide a connection from any host in the sub net to any other
> host in the sub net.

No, definitely not. In fact that's the main issue, I tried to point out.
It is very dangerous to connect hosts to other hosts in data structures.
Actually, what we need is a data model which has more "vertexes" than
just hosts:

First, there are hosts. Unfortunately, hosts have usually (from nmap's
point of view) no easy identifier. Note that IP or MAC addresses are no
suitable identifiers as they are not necessarily unique and well defined
for a given system (such as a router which has at least two of each). A
host hassome properties such as the operating system (there may be
others).

A host has a number of interfaces. Each interface can be identified with
a MAC and/or an IP address as attributes. I suggest that interfaces are
also entities. Most of the acquired nmap data should be associated to
interfaces rather than to hosts (like ports, port stati etc.).

An interface is connected to a subnet entity. The main property of the
subnet is its network address and its netmask.

So in fact there are three types of entities (or classes if you're
talking about OO): hosts, interfaces, and subnets. In this model, edges
don't need to be annotated.

While this data model seems to be slightly bloated at first sight, it is
able to model several situations that cannot easily modelled with the
host/network-edge/host model: Multihomed servers, routers etc.

> In terms of graph theory this would be a hyper
> graph. Hyper graphs are well researched by database theory people.
> The main reason not to use hyper graphs for anything automated
> is that many problems which can be solved in polynomial time
> if your graph only has binary edges become NP hard if your edges
> have more than 2 peers.

Again: I don't see much need of calculating complex algorithms on this
data structures. The main objective is probably to display them (which
is hard enough if done automatically).

If you do some calculations, most of them involve their immediate
neighborhood, so complex and troblesome search algorithms are usually
not necessary. What kind of relationsship of two arbitrary hosts would
you like to compute as the results of your scan?

Regards,

Nils Magnus
Program-Chair LinuxTag 2006 Free Conference Program

LinuxTag 2006: Where .com meets .org - magnus () linuxtag org


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev