Re: Suggestion for NMAP

[Daniel Miller <bonsaiviking () gmail com>]

Dave,

On Fri, Oct 3, 2014 at 5:22 PM, Dave Horsfall <dave () horsfall org> wrote:

> Is there a way to timestamp the connections?  The "-v" flag doesn't do it,
> and I can't find any other flag.

You may find the --packet-trace option useful. It will print a line of
output for each sent and received packet. The times are relative to the
start of execution, which is already timestamped in the output file.


> Another idea is a fake client for SMTP/SSH/HTTP etc; accept the connection
> then go through the minimal dialogue necessary to establish information
> about the remote end before dropping it.
>
> E.g. for SMTP it would be something like:
>
> <-- Connect
> --> log, and Banner
> <-- HELO
> --> log, and reply
> <-- MAIL FROM=<...>
> --> log, and OK
> <-- RCPT TO=<...>
> --> log, and OK
> <-- DATA
> --> reject and drop

We already do lots of client emulation to retrieve useful information. The
service version detection scan (-sV) and NSE script scanning (--script) are
the primary examples. But your example seems to show *server emulation* to
gather information about clients. This is not something that Nmap is suited
to, but you could probably do something with our sister program Ncat using
the --exec, --sh-exec, or --lua-exec arguments.

Dan
_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/