Re: [jffnms-users] JFFNMS port Discovery

Thu, 18 Feb 2010 14:29:04 -0800 

On Thu, Feb 18, 2010 at 10:50:39AM +0200, Lyndon Labuschagne wrote:
> # Nmap 5.21 scan initiated Thu Feb 18 10:36:36 2010 as: /usr/local/bin/nmap 
> -sT -p1-500,600-1024 -n -oG 
> /usr/local/www/jffnms/engine/temp/4b7cfc146c0cd.log 196.216.18.69 
> Host: 196.216.18.69 ()        Status: Up
> Host: 196.216.18.69 ()        Ports: 21/open/tcp//ftp///, 
> 22/open/tcp//ssh///, 25/open/tcp//smtp///, 80/open/tcp//http///, 
> 199/open/tcp//smux///      Ignored State: closed (920)
> # Nmap done at Thu Feb 18 10:36:42 2010 -- 1 IP address (1 host up) scanned 
> in 5.80 seconds

The format of this file is slightly different to what I get.
# Nmap 5.00 scan initiated Fri Feb 19 09:09:28 2010 as: nmap -sU  
-p1-500,600-1024 --host_timeout 60000 -n -oG blah 127.0.0.1
Host: 127.0.0.1 ()      Ports: 123/open|filtered/udp//ntp///, 
137/open|filtered/udp//netbios-ns///, 138/open|filtered/udp//netbios-dgm///, 
161/open|filtered/udp//snmp///, 500/open|filtered/udp//isakmp///, 
//631/open|filtered/udp//ipp/// Ignored State: closed (919)
# Nmap done at Fri Feb 19 09:09:29 2010 -- 1 IP address (1 host up) scanned in 
1.32 seconds

I've had a look at engine/discovery/tcp_ports.inc.php and its a tad
ugly. It expects the Ports: line to be line 2, but for you its line 3.
That must be due to nmap different format between 5.00 and 5.21
Either try to work out how to stop nmap printing that Host Status: UP
line or edit tcp_ports.inc.php

Look at these lines:

25:            if (count($data)==3) {
26:                $pos1 = strpos($data[1],"Ports")+6;
27:                if ($pos1 > 6) {
28:                    $pos2 = strpos($data[1],"\n");
29:                    $data_line = substr($data[1],$pos1,$pos2-$pos1);
 
Line 25, should be ==4
line 26,28 and 29 data[1] is now data[2]

I've made a note in the TODO to look into this better.

 - Craig
-- 
Craig Small      GnuPG:1C1B D893 1418 2AF4 45EE  95CB C76C E5AC 12CA DFA5
http://www.enc.com.au/                             csmall at : enc.com.au
http://www.debian.org/          Debian GNU/Linux, software should be Free 

------------------------------------------------------------------------------
Download Intel® Parallel Studio Eval
Try the new software tools for yourself. Speed compiling, find bugs
proactively, and fine-tune applications for parallel performance.
See why Intel Parallel Studio got high marks during beta.
http://p.sf.net/sfu/intel-sw-dev
_______________________________________________
jffnms-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/jffnms-users

Reply via email to