XML Output Inconsistency

[Fyodor <fyodor () insecure org>]

Hi folks.  I've noticed an inconsistency in the Nmap XML output which
I consider a bug, and I figured I might as well document it here.  But
of course feel free to disagree if you think this behavior is
desirable for some reason.

To reproduce it, I start with an ncat running on port 3389
(ms-term-serv per nmap-services):

ncat -l -k localhost 3389

Then from another window I run:

nmap -oA /t/crap/nmaptst -p 3389 localhost

The normal output includes this:

PORT     STATE SERVICE
3389/tcp open  ms-term-serv

And the XML output includes this entry:

  <port protocol="tcp" portid="3389">
   <state state="open" reason="syn-ack" reason_ttl="0"/>
   <service name="ms-term-serv" method="table" conf="3" />
  </port>

Next I add version detection to the Nmap command:

nmap -oA /t/crap/nmaptst2 -sV --version-light -p 3389 localhost

This leads to the following in normal output:

PORT     STATE SERVICE       VERSION
3389/tcp open  ms-term-serv?

And in XML:

  <port protocol="tcp" portid="3389">
    <state state="open" reason="syn-ack" reason_ttl="0"/>
  </port>

Note that there is no <service> entry for 3389 any more.  If version
detection had succeeded, it would have added a 'method="probed"
conf="10"' entry.  But given that vscan failed, I think we should
still fall back on the table lookup with conf 3 like we had before.

Cheers,
Fyodor

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/