Nmap Development mailing list archives
Re: [Patch] Port and Host State Reasons
From: David Fifield <david () bamsoftware com>
Date: Wed, 16 May 2007 17:52:31 -0600
On Wed, May 16, 2007 at 02:41:20PM +0100, Eddie Bell wrote:
This patch is an updated version of one I wrote last year. Essentially it gives you packet level detail as to why a port is deemed to be in a particulate state. It is activated with the --reason switch and supports all scan/ping types. This is (hopefully) a pretty simple patch but testing and suggestions are always appreciated :)
This patch is really neat. Here are some suggestions I thought of:
Maybe you should enumerate the possible values the "reason" attribute of
the "status" element can take (in the same way that the "state"
attribute can take on only certain values.
In the output table, I think the REASON column should come before the
SERVICE column. The reason for this is that REASON pairs naturally with
STATE and SERVICE pairs with VERSION. This may cause problems if a
program tries to screen-scrape Nmap's output, but then those programs
are going to have trouble with an additional column anyway.
The functions state_reason_init and state_reason_summary_init initialize
the state to ER_NORESPONSE, which is a reason that might plausibly be
returned after a scan. Perhaps it's better to initialize it to
ER_UNKNOWN instead, to make it more obvious if someone modifies the scan
engine to handle another scan type but forgets to call setStateReason.
Putting the reasons in the XML output even without the --reason flag is
the right decision. It may be surprising, though, that the reason
appears in the XSL transformation of the output even when reasons
weren't requested. Maybe it's not a big issue.
Why does the reason_id go in the XML output. The textual names seems
like they'll be more robust.
When scanning a host that returns a response for every port (i.e., every
port is unfiltered), there's an "extrareasons" element in the XML output
with a count of 0:
<extrareasons reason="resets" reason_id="0" count="1702"/>
<extrareasons reason="no-responses" reason_id="33" count="0"/>
This patch looks to be really useful, and you've got a good
implementation.
David
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
Current thread:
- [Patch] Port and Host State Reasons Eddie Bell (May 16)
- Re: [Patch] Port and Host State Reasons David Fifield (May 16)
- Re: [Patch] Port and Host State Reasons Eddie Bell (May 18)
- RE: [Patch] Port and Host State Reasons Thomas Buchanan (May 18)
- Re: [Patch] Port and Host State Reasons Eddie Bell (May 18)
- Re: [Patch] Port and Host State Reasons Eddie Bell (May 19)
- Re: [Patch] Port and Host State Reasons Eddie Bell (May 18)
- Re: [Patch] Port and Host State Reasons David Fifield (May 16)
- Re: [Patch] Port and Host State Reasons Kris Katterjohn (May 18)
- Re: [Patch] Port and Host State Reasons Eddie Bell (May 18)