Nmap Development mailing list archives

Re: Forward DNS names in output

From: David Fifield <david () bamsoftware com>
Date: Tue, 27 Oct 2009 17:27:58 -0600

On Tue, Oct 27, 2009 at 07:43:02AM -0600, David Fifield wrote:

I think I've got this implemented. Here are some examples.

# nmap www.google.com
Nmap scan report for www.google.com (74.125.53.105)
Hostname www.google.com resolves to 6 IPs. Only scanned 74.125.53.105
rDNS record for 74.125.53.105: pw-in-f105.1e100.net
Not shown: 997 filtered ports
PORT    STATE  SERVICE
80/tcp  open   http
113/tcp closed auth
443/tcp open   https

# nmap -sP -PN --traceroute google.com
Nmap scan report for google.com (74.125.53.100)
Host is up.
Hostname google.com resolves to 3 IPs. Only scanned 74.125.53.100
rDNS record for 74.125.53.100: pw-in-f100.1e100.net

TRACEROUTE (using proto 1/icmp)
HOP RTT      ADDRESS
1   3.93 ms  192.168.0.1

# nmap -sL google.com/30
Nmap scan report for google.com (74.125.53.100)
Host not scanned
Hostname google.com resolves to 3 IPs. Only scanned 74.125.53.100
rDNS record for 74.125.53.100: pw-in-f100.1e100.net
Nmap scan report for pw-in-f101.1e100.net (74.125.53.101)
Host not scanned
Nmap scan report for pw-in-f102.1e100.net (74.125.53.102)
Host not scanned
Nmap scan report for pw-in-f103.1e100.net (74.125.53.103)
Host not scanned

Notice in the last example how each host gets an "Nmap scan report"
line. It comes before all the other lines with information on a host,
which may include a host status, reverse DNS name, count of IP
addresses, and MAC address. However, because most hosts have only a host
status line, adding the "Nmap scan report" is about twice as verbose.
Would it be better to remove the "Nmap scan report" line and embed the
name and address in the "Host is up" line in the case of a list scan or
a ping-only scan?


After talking with Fyodor today, we decided to get rid of the "Host not
scanned" lines in a list scan, and always include the "Host is up" line
with an estimated latency. Those examples change to

# nmap google.com
Nmap scan report for google.com (74.125.53.100)
Host is up (0.093s latency).
Hostname google.com resolves to 3 IPs. Only scanned 74.125.53.100
rDNS record for 74.125.53.100: pw-in-f100.1e100.net
Not shown: 997 filtered ports
PORT    STATE  SERVICE
80/tcp  open   http
113/tcp closed auth
443/tcp open   https

# nmap -PN -sP --traceroute google.com
Nmap scan report for google.com (74.125.53.100)
Host is up.
Hostname google.com resolves to 3 IPs. Only scanned 74.125.53.100
rDNS record for 74.125.53.100: pw-in-f100.1e100.net

TRACEROUTE (using proto 1/icmp)
HOP RTT      ADDRESS
1   3.86 ms  192.168.0.1

# nmap -sL google.com/30
Nmap scan report for google.com (74.125.53.100)
Hostname google.com resolves to 3 IPs. Only scanned 74.125.53.100
rDNS record for 74.125.53.100: pw-in-f100.1e100.net
Nmap scan report for pw-in-f101.1e100.net (74.125.53.101)
Nmap scan report for pw-in-f102.1e100.net (74.125.53.102)
Nmap scan report for pw-in-f103.1e100.net (74.125.53.103)

David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

Current thread:

Re: Forward DNS names in output David Fifield (Oct 27)
- Re: Forward DNS names in output David Fifield (Oct 27)
- RE: Forward DNS names in output MALTE SIMON (Oct 27)
  - Re: Forward DNS names in output David Fifield (Oct 28)
- <Possible follow-ups>
- Re: Forward DNS names in output MALTE SIMON (Nov 01)