Nmap Development mailing list archives

Re: nmap XML output - host latency

From: David Fifield <david () bamsoftware com>
Date: Fri, 6 Nov 2009 14:02:14 -0700

On Tue, Nov 03, 2009 at 10:35:54PM -0800, Fyodor wrote:

On Fri, Oct 30, 2009 at 02:25:53PM +0800, Andrew Smith wrote:

Hi there,

I notice that nmap's standard output provides the latency for each host:

Nmap scan report for 192.168.2.1
Host is up, received arp-response (0.0057s latency).
MAC Address: 00:1C:DF:E3:9F:03 (Belkin International)

However the XML output does not provide the host latency:

<host><status state="up" reason="arp-response">
<address addr="192.168.2.1" addrtype="ipv4">
<address addr="00:1C:DF:E3:9F:03" addrtype="mac" vendor="Belkin 
International"
<hostnames>
</hostnames>
</host>

I have tried increasing both the debug level and verbosity but the host 
latency isn't included in the output.
I can always parse the output of the standard nmap output to get the 
latency, but would prefer to parse the XML.

Would it be possible to include this in the XML output?


Hi Andrew.  I agree that the XML output should have all the useful
information you find in the normal/interactive output (and then some).
So I added this task to the Nmap TODO:

o We should print host latency (when available) in the XML output, as
  suggested at http://seclists.org/nmap-dev/2009/q4/215.
  docs/nmap.dtd will have to be modified accordingly, and you might
  even consider adding support to docs/nmap.xsl.

But just adding the task won't make it happen!  If someone wants to
step up to the plate and write, test, then send a patch to nmap-dev,
please do so!  This should be a pretty easy one.


We already have an element for latency, but it seems it is not written
for ping scans. "nmap -oX - -F scanme.nmap.org" prints

<times srtt="68616" rttvar="20892" to="152184" />

but "nmap -oX - -sP scanme.nmap.org" doesn't print it. I think this is
just an oversight because there are two separate places where host
output can be written depending on whether anything happens past a ping
scan. I agree it would be easy to fix and a good project for a beginner.
The source file where host output is written is nmap.cc.

David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

Current thread:

nmap XML output - host latency Andrew Smith (Oct 29)
- Re: nmap XML output - host latency Fyodor (Nov 03)
  - Re: nmap XML output - host latency David Fifield (Nov 06)
    - Re: nmap XML output - host latency David Fifield (Nov 16)