Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

[PATCH] Report more accurate host start and end times

From: Brandon Enright <bmenrigh () ucsd edu>
Date: Sat, 22 Dec 2007 03:58:25 +0000
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Developers,

Attached is a patch to report when each individual host started being
scanned and when the host finished.  For scans involving just a handful
of hosts (just one hostgroup) the times reported are nearly exactly the
same time as the start and end time of Nmap.  The output requires
at least verbosity level 1 and looks like this:

Host gamma.ucsd.edu (132.239.181.229) appears to be up ... good.
Scan of 132.239.181.229 started at 2007-12-22 03:33:06 UTC and ended at 2007-12-22 03:36:12 UTC
Interesting ports on gamma.ucsd.edu (132.239.181.229):
Not shown: 65450 closed ports, 82 filtered ports
PORT     STATE SERVICE
80/tcp   open  http
443/tcp  open  https
5959/tcp open  unknown

I've also added this data to the XML output on the <host> element like
so:

<host starttime="1198292349" endtime="1198292370">

The DTD has been updated accordingly.

Now, you might be asking yourself "Why is this useful? Doesn't Nmap
already report when it was started and ended?".  Yes, Nmap does, but
sometimes it isn't detailed enough for each host.  Often I run scans
that either by necessity or design take many hours to finish.
Somewhere in that time, each of thousands of hosts were started,
scanned, and finished.  Currently the output isn't explicit enough
about /when/ within that time each individual host was scanned.

This sort of problem is generally only run into scanning very transient
hosts on wireless or VPN networks.  I suppose for very long scans even
DHCP networks may require the host time resolution provided in this
patch.

Brandon

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFHbIthqaGPzAsl94IRAg/FAJ4mmsCoiM9xrWvtmMgPxJa2897wSgCfRbFF
3Y2yJ/NTs6/wwD+VMAjbDEI=
=V/Y9
-----END PGP SIGNATURE-----

Attachment: host_times.diff
Description: 


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
Previous By Date Next
Previous By Thread Next

Current thread: