Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Suggestion for NMAP

From: Dave Horsfall <dave () horsfall org>
Date: Sat, 4 Oct 2014 08:22:13 +1000 (EST)
(Archives searched, and nothing relevant)

I've been using NMAP for many years now and I've started using it for 
monitoring open-but-unused ports e.g. an exposed server with no HTTP 
listener etc.

Is there a way to timestamp the connections?  The "-v" flag doesn't do it, 
and I can't find any other flag.

Version here is 5.50 on FreeBSD (I need to update) and 6.01 on OS/X.

If there is no flag then I'll grab the source and submit a patch.

Another idea is a fake client for SMTP/SSH/HTTP etc; accept the connection 
then go through the minimal dialogue necessary to establish information 
about the remote end before dropping it.

E.g. for SMTP it would be something like:

<-- Connect
--> log, and Banner
<-- HELO
--> log, and reply
<-- MAIL FROM=<...>
--> log, and OK
<-- RCPT TO=<...>
--> log, and OK
<-- DATA
--> reject and drop

Similarly for SSH and HTTP etc.

Thanks for a wonderful program.

-- Dave
_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: