Nmap Development mailing list archives

Re: nmap returns "Host <ip_address> appears to be up" instead of "Host <hostname> appears to be up" for some of the nodes

From: Guang Cheng Li <liguangc () cn ibm com>
Date: Fri, 13 Nov 2009 09:27:59 +0800

HI David,

Thank you for your reponse.

The -oX and -oG does change the output format to make it easier for the
output parsing, but the "hostname" information is still not available for
some nodes. I can update my script to check both the ip address and the
hostname, but I have to call lot of hostname resolution system calls to
resolve the hostnames/ip addresses, the performance degradation might be a
problem for me because I can have at most 64,000 nodes in my cluster.

Actually we are using /etc/hosts to resolve the host names because the DNS
itself also has some kind of scaling issues, though the DNS hostname
resolution also works in the cluster. Do you think the flag "--system-dns"
will be a better choice for us because we are using /etc/hosts for hostname
resolution? The experiment also shows that the "--system-dns" runs faster
in my environment, is there any other side effects by specifying the
"--system-dns" flag?


Thanks,
-------------------------------------------------------------------------
 Li,Guang Cheng (李光成)
 IBM China Software Development Laboratory



                                                                           
             David Fifield                                                 
             <david@bamsoftwar                                             
             e.com>                                                     To 
                                       Guang Cheng Li/China/IBM@IBMCN      
             2009-11-12 23:52                                           cc 
                                       nmap-dev () insecure org               
                                                                   Subject 
                                       Re: nmap returns "Host <ip_address> 
                                       appears to be up" instead of        
                                       "Host <hostname> appears to be up"  
                                       for some of the nodes               
                                                                           
                                                                           
                                                                           
                                                                           
                                                                           
                                                                           




On Thu, Nov 12, 2009 at 04:41:57PM +0800, Guang Cheng Li wrote:

HI,

OS: SLES 11 on IBM System p
nmap version: 4.75 and 5.00

I am using nmap to detect whether all of the nodes in my cluster and up

and

running, nmap returns "Host <ip_address> appears to be up" for some nodes
but returns "Host <hostname> appears to be up" for the other nodes. Since

script is used to parse the output, so it is difficult for me to write

the

script.  Could someone let me know that why the nmap returns both "Host
<ip_address> appears to be up" and "Host <hostname> appears to be up"?
thank you.

Starting Nmap 4.75 ( http://nmap.org ) at 2009-11-12 03:39 EST
Host 10.6.1.5 appears to be up.
Host c906f06c03p21.cluster.com (10.6.3.21) appears to be up.


Nmap's normal output to the screen is meant to be read by humans, so
often lines will have different forms depending on what information is
available. In version 4.76, the form "Host <hostname> (<ip address>)
appears to be up" means that a reverse-DNS record for the IP address was
found.

For parsing with a script you should use the XML (-oX) or grepable
output formats (-oG). This is especially important because normal output
may change from time to time, and it will definitely be different in the
next release so that it can hold reverse-DNS records.

Try running

nmap -oX output.xml -PE --send-ip -sP c906f06c01p05

or if you want to pipe the output directly to a script,

nmap -oX - -PE --send-ip -sP c906f06c01p05

Sometimes I parse Nmap's normal output just for convenience. If you do
that you have to make your parser handle all these cases and be ware
that the output can change in the future. Here is the documentation on
all the output formats:

http://nmap.org/book/output.html

David Fifield

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

Current thread:

nmap returns "Host <ip_address> appears to be up" instead of "Host <hostname> appears to be up" for some of the nodes Guang Cheng Li (Nov 12)
- Re: nmap returns "Host <ip_address> appears to be up" instead of "Host <hostname> appears to be up" for some of the nodes David Fifield (Nov 12)
  - Re: nmap returns "Host <ip_address> appears to be up" instead of "Host <hostname> appears to be up" for some of the nodes Rob Nicholls (Nov 12)
  - Re: nmap returns "Host <ip_address> appears to be up" instead of "Host <hostname> appears to be up" for some of the nodes Guang Cheng Li (Nov 12)
    - Re: nmap returns "Host <ip_address> appears to be up" instead of "Host <hostname> appears to be up" for some of the nodes David Fifield (Nov 12)
    - Re: nmap returns "Host <ip_address> appears to be up" instead of "Host <hostname> appears to be up" for some of the nodes Guang Cheng Li (Nov 12)