Re: NMAP XML output too verbose

[Farkas Levente <lfarkas () lfarkas org>]

On 03/10/2010 12:28 AM, Fyodor wrote:
> On Mon, Mar 08, 2010 at 03:28:24PM -0800, Kevin Friedheim wrote:
> Hi Kevin.  I talked this over with David Fifield today and we have a
> solution proposal which I hope will benefit you and other Nmap users.
> Note that this proposal also significantly changes the --open
> command-line argument:
>
> The first part of our plan is to only show down hosts in the XML in
> verbose mode (as you suggested).  Nmap already works this way for its
> normal/interactive output.  The idea had been that humans don't
> normally read the XML and so we can stuff more information there, but
> this particular case (down hosts) can become excessive.  If someone
> needs the down host information (for the DNS information it provides,
> or to help distinguish between hosts which are down and those which
> are not scanned), they can specify -v.  This should resolve your
> issue.
>
> The second part of our plan is a modification to --open.  Right now it
> only shows open ports in the port table, but it still shows hosts
> which might not have any ports open.  So you end up with entries like:
>
> Nmap scan report for softbank220006197211.bbtec.net (220.6.197.211)
> Host is up (0.15s latency).
> The 1 scanned port on softbank220006197211.bbtec.net (220.6.197.211) is filtered
>
> Our idea is to change --open so that in normal/interactive output, it
> ONLY shows hosts with at least one port open.  And then of course it
> doesn't show the closed/filtered ports.  I suppose it would still
> display NSE results (for open ports and host scripts), traceroute, and
> OS detection information.  After all, people who don't want to see
> those should make their scans faster by not requesting them in the
> first place.
>
> This leads to the question of what we should do with XML output when
> --open is used.  One option is to match the normal output and only
> show entries for hosts which have at least one open port.  Another
> option is to be more comprehensive on the grounds that users still
> might want the full host data available in the XML (in case they want
> to look up something later) even though they only want to see the open
> ports in normal output.  I think I favor matching the XML output to
> the normal output in this case (only including the hosts with open
> ports).
>
> Since these are material changes to Nmap, we're throwing these
> proposals out for comment.  Please post to the list any comments you
> might have.  It is particularly important to comment if you DISLIKE
> any of these changes, as we don't want to be changing back and forth.

this is almost exactly what i request in my previous mail.
- i like the idea than normal output match with the xml output.
- and i also like to get a list only where a given port is open.
the only problem with this, that there are some case when filtered port 
would be also useful. may be a --filtered option would be useful.

anyway even if only the current proposal will be included in the next 
version, then it'd be a perfect solution for me:-)))

--
  Levente                               "Si vis pacem para bellum!"
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/