Re: SoC: port state reasons

[Fyodor <fyodor () insecure org>]

On Sat, Jun 10, 2006 at 08:37:50PM +0200, Eddie Bell wrote:
> On 10/06/06, Martin Mačok <martin.macok () underground cz> wrote:
> >
>
> I am having problems with the connect scan, at least on linux. The only data
> I can determine
> is connection accepted, connection refused and no response. The code has the
> ability to recognise
> other states, such as icmp errors, but it is down the the connect()
> implementation to return the correct data.

Yeah, we will have to accept some limitations on how detailed the
reson is for connect() scans because some of the errors (like
ECONNREFUSED) are ambiguous.

> I think including other fields in the xml would be useful but it would
> make the normal output too cluttered. if other fields were included then
> passive
> OS fingerprinting could be done with scripting and a nmap xml log file.

Great points.  In fact, I'm starting to worry that even showing the
ttl in verbose mode may clutter things up too much.  How about just
placing the ttl in the XML output for now.  Afterward, someone could
potentially write the code to look for discrepancies where the TTL
response differs between ports, then print a notice to normal output
in that case.  I tend to think that we should probably print the
reason information to the XML output even if --reason wasn't
specified, as it shouldn't take much more computation or inflate the
filesize dramatically.

Cheers,
-F



_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev