Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [Zenmap] patch for log-scale radius on Topology tab

From: David Fifield <david () bamsoftware com>
Date: Mon, 20 Sep 2010 19:01:28 -0700
On Fri, Sep 10, 2010 at 02:27:11PM -0500, Daniel Miller wrote:

I ran into an issue viewing the Topology tab of a scan of our local  
network where a few hosts had firewalls, leading a -sU scan to produce a  
large number (~1000) of open|filtered ports. This made for an unusable  
topology, since the radius of these hosts was enormous (~500) and  
covered all the other hosts (see attachment "original.png").
So I developed a patch which uses a logarithmic scale for the radius,  
specifically radius = BASE_RADIUS + 4 * ln( open_ports ). This is much  
more usable, and still gives an idea of the number of open ports (see  
attachment "log_scale.png").


Thanks for good analysis. I committed a change to use 2 * log(n). This
makes the sizes for 0-10 open ports closer to the current sizes than the
4 * log(n) in your patch. I think that using sqrt(n) has more physical
meaning, because then there is a more direct relationship between circle
area and number of ports. But I think that's less important than just
having more ports mean a bigger circle in a smooth way, and have the
circles be a good size in the diagram.

Here is how the radiuses would be set with different formulas. n/2 is
what Zenmap was doing before this change. 2*log is what it will do now.

    n       n/2   2*log   4*log 0.5*sqrt
    0       5.5     5.5     5.5     5.5
    1       6.0     5.5     5.5     6.0
    2       6.5     6.9     8.3     6.2
    3       7.0     7.7     9.9     6.4
    4       7.5     8.3    11.0     6.5
    5       8.0     8.7    11.9     6.6
    6       8.5     9.1    12.7     6.7
    7       9.0     9.4    13.3     6.8
    8       9.5     9.7    13.8     6.9
    9      10.0     9.9    14.3     7.0
   10      10.5    10.1    14.7     7.1
   50      30.5    13.3    21.1     9.0
  100      55.5    14.7    23.9    10.5
 1000     505.5    19.3    33.1    21.3
10000    5005.5    23.9    42.3    55.5
65535   32773.0    27.7    49.9   133.5


I was still not satisfied, however, since these very secure, firewalled  
machines were showing up as large red circles. So I hijacked the  
calculation of the poorly-named "number_of_scanned_ports" property and  
changed it to ignore open|filtered extraports (I copied the same  
algorithm used by  
zenmapCore.NmapParser.HostInfo.get_port_count_by_state, so results  
should otherwise be the same). For the final view, see attachment  
"both_changes.png." The 3 offending hosts are now small green dots, as  
they should be. Thank you for your consideration.


I did this too, but in a different way, in r20280. Thanks for your
contribution.

David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: