Nmap Development mailing list archives
Re: [Zenmap-Patch] Reducing Topology Noise
From: Jay Bosamiya <jaybosamiya () gmail com>
Date: Wed, 09 Jul 2014 19:53:56 +0530
Hi All!
I've attached an updated the patch with some modifications. Previously,
the patch would lose info about number of hops since it worked like:
/ X -> X \
.. -> a b -> .. => .. -> a -> X -> b -> ..
\ X -> X /
(where lowercase letters (i.e. a,b) are normal and X are anonymous)
The new patch maintains the info about number of hops. The patch now
works like:
/ X -> X \
.. -> a b -> .. => .. -> a -> X -> X -> b -> ..
\ X -> X /
As for hop_split.xml, It now works as:
/ X -> b -> .. / b -> ..
.. -> a => .. -> a -> X
\ X -> c -> .. \ c -> ..
This change makes sense, since we keep all info about number of hops,
but there is absolutely no way to distinguish between the two X's.
As for the change I mentioned for anon_hops_at_known.xml in my previous
mail, I think that this could be something for a future patch due to
some complications that may arise.
Feedback is welcome as always :)
Note: I have added a few more test cases to the zip
(hop_split_at_different_anon.xml, hop_split_at_different_real.xml and
long_anon.xml) which make the changes even more obvious and should help
review the patch better.
Cheers,
Jay
On Saturday 21 June 2014 03:47 PM, Jay Bosamiya wrote:
Hi All!
I've been working on reducing Zenmap's Topology view to reduce noise due
to anonymous hops.
Basically what it does is this:
/ anon_1 \
..-> ip_a ip_b -> .. => .. -> ip_a -> anon -> ip_b -> ..
\ anon_2 /
A big thanks to Anders Sundman for sending in a patch [1] that tried to
do this. Your patch helped a lot though it only solved part of the
problem (worked with only single anonymous hops in parallel).
The current patch can also handle things like:
/ anon_1 -> anon_2 \
..->ip_a ip_b->.. => .. ->ip_a -> anon -> ip_b->..
\ anon_3 -> anon_4 /
Attached is the patch. Also attached is a zip file containing XMLs to
test with (traceroutes with anonymous hops in different combinations).
There are a few cases that we need to think about, however, namely
"anon_hops_at_known.xml" or "hop_split.xml" (from the zip file attached).
For "anon_hops_at_know.xml", I think that the anonymous hop should be
removed completely (since 1.1.1.2 fits perfectly instead of the anon).
I think that it should work like:
/ anon_1 \
..-> ip_a ip_c -> .. => .. -> ip_a -> ip_b -> ip_c -> ..
\ ip_b /
For "hop_split.xml", I am not sure what should be done. Currently, it
works like:
/ anon_1 -> ip_b -> ..
..-> ip_a
\ anon_2 -> ip_c -> ..
but I think it would be better if it became:
/ ip_b -> ..
..-> ip_a -> anon
\ ip_c -> ..
I have not implemented the 2 changes since I wanted some feedback before
I did so.
Cheers,
Jay
Attachment:
noiseRemoval.patch
Description:
Attachment:
testXMLfiles.zip
Description:
_______________________________________________ Sent through the dev mailing list http://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Re: [Zenmap-Patch] Reducing Topology Noise Jay Bosamiya (Jul 09)
- Re: [Zenmap-Patch] Reducing Topology Noise Daniel Miller (Jul 29)
- Re: [Zenmap-Patch] Reducing Topology Noise Jay Bosamiya (Jul 30)
- Re: [Zenmap-Patch] Reducing Topology Noise Daniel Miller (Jul 29)