[Patch] --exclude-ports option for Nmap

[Jay Bosamiya <jaybosamiya () gmail com>]

Hi All!

Attached is the patch for --exclude-ports option for Nmap. A discussion
for it had occured at [1] before.

When coding it in, however, I realized that we should probably block
even host discovery (ACK, SYN and such) if the user asks for it.
The current patch takes care of such cases and shows relevant error
messages (for example, try running "nmap --unprivileged -sn
--exclude-ports 80,443").

I've also modified some error messages that were shown previously (when
user gives invalid port specifications) so that it matches with
--exclude-ports too.

All tests that I ran on my machine passed.

What I'm not so sure about is something like "nmap --exclude-ports
1-1000 {target}". With the current patch, it correctly shows a warning
that it is skipping TCP ping scan (the reason is that 80 and 443 are
excluded). This might seem like a nuisance to some since they might not
care how host discovery is done (and that's why they left it at default).
Should I rewrite the warning part so that it appears only if non default
host discovery is done?
Another possibility is that I could show the warning always (if non
default) and only when -d is used (if default host). I personally think
that this second method might be more useful, but I think this might
require some thought.

Feedback is welcome as always. :)

Cheers,
Jay

Links:
[1] http://seclists.org/nmap-dev/2014/q2/400

Attachment: excludePorts.patch
Description:

_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/