Nmap Development mailing list archives

Re: Forward DNS names in output

From: Patrick Donnelly <batrick () batbytes com>
Date: Fri, 28 Aug 2009 20:38:14 -0400

On Fri, Aug 28, 2009 at 6:55 PM, Fyodor<fyodor () insecure org> wrote:

I can support this (preferring the forward name as the main hostname
used by Nmap) as long as the rDNS name is still noted somewhere
prominently if they differ.  For example, look at this scan:

# nmap -v www.google.com
Starting Nmap 5.00 ( http://nmap.org ) at 2009-08-28 15:16 PDT
NSE: Loaded 0 scripts for scanning.
Warning: Hostname www.google.com resolves to 6 IPs. Using 74.125.127.103.
Initiating Ping Scan at 15:16
Scanning 74.125.127.103 [4 ports]
Completed Ping Scan at 15:16, 0.03s elapsed (1 total hosts)
[...]
Host pz-in-f103.google.com (74.125.127.103) is up (0.094s latency).
Interesting ports on pz-in-f103.google.com (74.125.127.103):
Not shown: 997 filtered ports
PORT    STATE  SERVICE
80/tcp  open   http
113/tcp closed auth
443/tcp open   https

Maybe that second section could be changed to:

Nmap scan report for www.google.com (74.125.127.103)
^^^ This is a new line, which I think is better than only listing the
   host/IP for "Interesting ports" table.  After all, we give a whole
   report now, often including NSE, traceroute, OS detection,
   etc. all below the interesting ports table.
Host is up, received echo-reply (0.094s latency).
^^^ This line still only appears in verbose mode.  I removed the
   name/IP since it is on the previous line.  I added the --reason
   information, as we now should have space to print it in all cases.
   In fact, maybe we should print this line in all cases?  I thinkd
   I'd favor that approach.
Hostname www.google.com resolves to 6 IPs. Only scanned 74.125.127.103
^^^ I'm suggesting moving this here to the target section so it is
   more closely associated with the particular target.  This means
   delaying the information a bit though, so we might still want to keep
   the earlier warning in -v mode (or maybe require -vv).
rDNS record for 74.125.127.103: pz-in-f103.google.com
^^^ This line is only printed if we get an rDNS record and it does not
   match the target name.
Not shown: 997 filtered ports
PORT    STATE  SERVICE
80/tcp  open   http
113/tcp closed auth
443/tcp open   https
^^^ These 5 lines are the same as before, though I removed the line
   "Interesting ports on ..." because we now already know the target
   name/IP, and the "PORT STATE SERVICE" line introduced the port table
   just as well IMHO.

What do folks think about this plan?  It is a moderately big change to
the look of Nmap output.  It will break Nmap -oN parsers, but maybe
that will give them the incentive they need to parse -oX instead.


I like this change.

-- 
-Patrick Donnelly

"Let all men know thee, but no man know thee thoroughly: Men freely
ford that see the shallows."

- Benjamin Franklin

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org

Current thread:

Forward DNS names in output David Fifield (Aug 28)
- Re: Forward DNS names in output Ron (Aug 28)
- Re: Forward DNS names in output Brandon Enright (Aug 28)
- Re: Forward DNS names in output Fyodor (Aug 28)
  - Re: Forward DNS names in output Patrick Donnelly (Aug 28)