Re: NMAP XML output too verbose

[David Fifield <david () bamsoftware com>]

On Tue, Mar 09, 2010 at 03:28:23PM -0800, Fyodor wrote:
> On Mon, Mar 08, 2010 at 03:28:24PM -0800, Kevin Friedheim wrote:
> > I see this about a hundred times. I don't want to though. Is there a
> > command line option that I can use to not have this show up? As I
> > understand it, prior to version 5.20 of nmap, I would have to type -v
> > (up the verbosity) in order to see, but now its there by default.
>
> Hi Kevin.  I talked this over with David Fifield today and we have a
> solution proposal which I hope will benefit you and other Nmap users.
> Note that this proposal also significantly changes the --open
> command-line argument:
>
> The first part of our plan is to only show down hosts in the XML in
> verbose mode (as you suggested).  Nmap already works this way for its
> normal/interactive output.  The idea had been that humans don't
> normally read the XML and so we can stuff more information there, but
> this particular case (down hosts) can become excessive.  If someone
> needs the down host information (for the DNS information it provides,
> or to help distinguish between hosts which are down and those which
> are not scanned), they can specify -v.  This should resolve your
> issue.
>
> The second part of our plan is a modification to --open.  Right now it
> only shows open ports in the port table, but it still shows hosts
> which might not have any ports open.  So you end up with entries like:
>
> Nmap scan report for softbank220006197211.bbtec.net (220.6.197.211)
> Host is up (0.15s latency).
> The 1 scanned port on softbank220006197211.bbtec.net (220.6.197.211) is filtered
>
> Our idea is to change --open so that in normal/interactive output, it
> ONLY shows hosts with at least one port open.  And then of course it
> doesn't show the closed/filtered ports.  I suppose it would still
> display NSE results (for open ports and host scripts), traceroute, and
> OS detection information.  After all, people who don't want to see
> those should make their scans faster by not requesting them in the
> first place.
>
> This leads to the question of what we should do with XML output when
> --open is used.  One option is to match the normal output and only
> show entries for hosts which have at least one open port.  Another
> option is to be more comprehensive on the grounds that users still
> might want the full host data available in the XML (in case they want
> to look up something later) even though they only want to see the open
> ports in normal output.  I think I favor matching the XML output to
> the normal output in this case (only including the hosts with open
> ports).

I've implemented these changes as of r16978. Now,

1. Down hosts are omitted from XML output except in verbose mode, and
   when only doing a ping scan.
2. Hosts that don't have any open, open|filtered, or unfiltered ports
   are not shown when --open is used.

I decided to keep all output formats the same, both because I think it's
good to be consistent here, and because the host output functions
currently combine the output formats together.

David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/