Re: nmap XML output - host latency

[David Fifield <david () bamsoftware com>]

On Fri, Nov 06, 2009 at 02:02:14PM -0700, David Fifield wrote:
> On Tue, Nov 03, 2009 at 10:35:54PM -0800, Fyodor wrote:
> > On Fri, Oct 30, 2009 at 02:25:53PM +0800, Andrew Smith wrote:
> > > Hi there,
> > >
> > > I notice that nmap's standard output provides the latency for each host:
> > >
> > > Nmap scan report for 192.168.2.1
> > > Host is up, received arp-response (0.0057s latency).
> > > MAC Address: 00:1C:DF:E3:9F:03 (Belkin International)
> > >
> > > However the XML output does not provide the host latency:
> > >
> > > <host><status state="up" reason="arp-response">
> > > <address addr="192.168.2.1" addrtype="ipv4">
> > > <address addr="00:1C:DF:E3:9F:03" addrtype="mac" vendor="Belkin 
> > > International"
> > > <hostnames>
> > > </hostnames>
> > > </host>
> > >
> > > I have tried increasing both the debug level and verbosity but the host 
> > > latency isn't included in the output.
> > > I can always parse the output of the standard nmap output to get the 
> > > latency, but would prefer to parse the XML.
> > >
> > > Would it be possible to include this in the XML output?
> >
> > Hi Andrew.  I agree that the XML output should have all the useful
> > information you find in the normal/interactive output (and then some).
> > So I added this task to the Nmap TODO:
> >
> > o We should print host latency (when available) in the XML output, as
> >   suggested at http://seclists.org/nmap-dev/2009/q4/215.
> >   docs/nmap.dtd will have to be modified accordingly, and you might
> >   even consider adding support to docs/nmap.xsl.
> >
> > But just adding the task won't make it happen!  If someone wants to
> > step up to the plate and write, test, then send a patch to nmap-dev,
> > please do so!  This should be a pretty easy one.
>
> We already have an element for latency, but it seems it is not written
> for ping scans. "nmap -oX - -F scanme.nmap.org" prints
>
> <times srtt="68616" rttvar="20892" to="152184" />
>
> but "nmap -oX - -sP scanme.nmap.org" doesn't print it. I think this is
> just an oversight because there are two separate places where host
> output can be written depending on whether anything happens past a ping
> scan. I agree it would be easy to fix and a good project for a beginner.
> The source file where host output is written is nmap.cc.

I found where this was missing for ping scans and added it in r16098. I
also disable the printing of the stats when they had not been changed
from the original undefined values. Otherwise it was printing the line

Final times for host: srtt: -1 rttvar: -1  to: 10000000

even for list scan.

David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/