Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [PATCH] Add option to ignore version and time banner changes to ndiff

From: David Fifield <david () bamsoftware com>
Date: Fri, 4 Mar 2011 23:54:37 -0800
On Tue, Mar 01, 2011 at 10:55:33PM -0800, Fyodor wrote:

On Tue, Mar 01, 2011 at 10:32:09AM -0800, Dr. Jesus wrote:

I use ndiff in a cron job.  This means I get email every time I run it
regardless of whether the two scans being compared are actually
different.  This patch adds an option to ignore the time and version
banner for the purposes of seeing if the two scans changed.  When this
option is enabled, two scans with identical results don't cause cron
to send me mail.


Good point!  But rather than add an option that users have to know
about and remember to specify, maybe we can make the default smarter.

How about making it so that the version/time difference header is
shown ONLY if at least one other change is found?  That way you will
still get it in your normal reports, but ndiff will be silent by
default in the special "no changes" chase.

In verbose mode, we might as well always include the version/time
changes because we still print a bunch of stuff in that mode even if
there were no port/host changes.


This sounds find to me. As a suggestion to Dr. Jesus, you could use the
exit status of the program to determine whether there were any
interesting changes. 0 means no diff and 1 means something changed.


Also, I'd argue that this is a bug in the case where the Nmap version
and time doesn't change:

root@play> cp scanme4.xml  scanme5.xml
root@play> ndiff scanme4.xml scanme5.xml
 Nmap 5.51SVN at 2011-03-01 22:48

I'd argue that in non-verbose mode, we shouldn't be printing the
unchanged version/time information in that case.  After all, we
normally only print information when it changes or is needed for
context in non-verbose mode.  This example is contrived, but it
happened in another case where the first scan went quickly and the
second one started during the same minute as the first one did.


I committed this part.

David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: