Nmap Development mailing list archives

Re: Minor nmap feature request with great payback

From: David Fifield <david () bamsoftware com>
Date: Mon, 16 Nov 2009 14:32:03 -0700

On Sun, Nov 08, 2009 at 02:10:17PM -0700, David Fifield wrote:

On Sun, Nov 08, 2009 at 11:54:53AM -0500, Jon Kibler wrote:

When scanning a network, it is often helpful to know the IP address
and TTL that responded to a probe. Currently, there are several ways
to dump packet details, but these do not exactly produce "clean"
output.

What I would like to see is a new option, "--reason-details" that
gives not only the reason for determining that a port was
open/closed/filtered/etc., but also gives the IP and TTL of the packet
that sent the response.


We do already keep track of the IP address and TTL. This is from
portreasons.h:

/* stored inside a Port Object and describes
 * why a port is in a specific state */
typedef struct port_reason {
        reason_t reason_id;
        struct in_addr ip_addr;
        unsigned short ttl;
        int state;
} state_reason_t;

I seem to remember having seen "admin-prohibited from X.X.X.X" before.
Maybe there's some bug preventing it from being printed?


I just verified that "from X.X.X.X" is printed already by default. ALl
you have to do is run with the -d option so that the entire port table
is shown. Here's a scan I just ran:

PORT      STATE         SERVICE         REASON
7/udp     filtered      echo            port-unreach from 192.168.0.1
9/udp     filtered      discard         port-unreach from 192.168.0.1
17/udp    filtered      qotd            port-unreach from 192.168.0.1
19/udp    filtered      chargen         port-unreach from 192.168.0.1
49/udp    filtered      tacacs          port-unreach from 192.168.0.1
53/udp    open|filtered domain          no-response

As for the TTL information, I found this message from Fyodor saying it
should be left out of normal output. However it is still always present
in XML output.

http://seclists.org/nmap-dev/2006/q2/374

David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

Current thread:

Minor nmap feature request with great payback Jon Kibler (Nov 08)
- Re: Minor nmap feature request with great payback Rob Nicholls (Nov 08)
  - Re: Minor nmap feature request with great payback Jon Kibler (Nov 08)
- Re: Minor nmap feature request with great payback David Fifield (Nov 08)
  - Re: Minor nmap feature request with great payback David Fifield (Nov 16)