Nmap Development mailing list archives
Re: Suggestion for NMAP
From: Daniel Miller <bonsaiviking () gmail com>
Date: Sat, 4 Oct 2014 14:49:39 -0500
Dave, On Fri, Oct 3, 2014 at 5:22 PM, Dave Horsfall <dave () horsfall org> wrote:
Is there a way to timestamp the connections? The "-v" flag doesn't do it, and I can't find any other flag.
You may find the --packet-trace option useful. It will print a line of output for each sent and received packet. The times are relative to the start of execution, which is already timestamped in the output file.
Another idea is a fake client for SMTP/SSH/HTTP etc; accept the connection then go through the minimal dialogue necessary to establish information about the remote end before dropping it. E.g. for SMTP it would be something like: <-- Connect --> log, and Banner <-- HELO --> log, and reply <-- MAIL FROM=<...> --> log, and OK <-- RCPT TO=<...> --> log, and OK <-- DATA --> reject and drop
We already do lots of client emulation to retrieve useful information. The service version detection scan (-sV) and NSE script scanning (--script) are the primary examples. But your example seems to show *server emulation* to gather information about clients. This is not something that Nmap is suited to, but you could probably do something with our sister program Ncat using the --exec, --sh-exec, or --lua-exec arguments. Dan _______________________________________________ Sent through the dev mailing list http://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Suggestion for NMAP Dave Horsfall (Oct 03)
- Re: Suggestion for NMAP Daniel Miller (Oct 04)
- Re: Suggestion for NMAP Dave Horsfall (Oct 04)
- Re: Suggestion for NMAP Daniel Miller (Oct 04)