The Nmap 3.20 Statistics Patch adds the -c switch which guesses how much longer the scan will take, shows how many ports have been tested, resent, and the ports per second rate. Useful for scanning firewalled hosts.
4544455af5ab0ed47cbcb4e33e29760ad56ff4235407df2e003cab38ff519257diff -r -u nmap-3.20/NmapOps.h nmap-3.20.sp/NmapOps.h
--- nmap-3.20/NmapOps.h 2003-03-18 11:54:30.000000000 +0100
+++ nmap-3.20.sp/NmapOps.h 2003-04-02 11:02:20.000000000 +0200
@@ -81,6 +81,7 @@
// setPacketTrace(false) has been called
void setPacketTrace(bool pt) { pTrace = pt; }
int verbose;
+ int count;
int randomize_hosts;
int spoofsource; /* -S used */
char device[64];
diff -r -u nmap-3.20/nmap.cc nmap-3.20.sp/nmap.cc
--- nmap-3.20/nmap.cc 2003-03-18 11:54:30.000000000 +0100
+++ nmap-3.20.sp/nmap.cc 2003-04-05 05:09:13.000000000 +0200
@@ -173,6 +173,7 @@
{
{"version", no_argument, 0, 'V'},
{"verbose", no_argument, 0, 'v'},
+ {"count", no_argument, 0, 'c'},
{"datadir", required_argument, 0, 0},
{"debug", optional_argument, 0, 'd'},
{"help", no_argument, 0, 'h'},
@@ -612,6 +613,7 @@
exit(0);
break;
case 'v': o.verbose++; break;
+ case 'c': o.count=1; break;
}
}
@@ -1272,6 +1274,7 @@
" -p <range> ports to scan. Example range: '1-1024,1080,6666,31337'\n"
" -F Only scans ports listed in nmap-services\n"
" -v Verbose. Its use is recommended. Use twice for greater effect.\n"
+ " -c Counting stats\n"
" -P0 Don't ping hosts (needed to scan www.microsoft.com and others)\n"
"* -Ddecoy_host1,decoy2[,...] Hide scan using many decoys\n"
" -6 scans via IPv6 rather than IPv4\n"
diff -r -u nmap-3.20/scan_engine.cc nmap-3.20.sp/scan_engine.cc
--- nmap-3.20/scan_engine.cc 2003-03-17 04:27:41.000000000 +0100
+++ nmap-3.20.sp/scan_engine.cc 2003-04-06 03:52:19.000000000 +0200
@@ -586,6 +586,16 @@
struct scanstats ss;
int rawsd = -1;
int scanflags = 0;
+ int iii=0;
+ int itports=0;
+ int itsec=0;
+ int itimes=0;
+ int itotal=0;
+ int iresends = 0;
+ int imax=0;
+ int iloop=0;
+ int iports[5];
+ int isec[5];
int victim;
int senddelay = 0;
pcap_t *pd = NULL;
@@ -595,6 +605,8 @@
int res;
int connecterror = 0;
time_t starttime;
+ time_t checkedtime;
+ time_t lastcheckedtime;
struct sockaddr_storage sock;
struct sockaddr_in *sin = (struct sockaddr_in *) &sock;
#if HAVE_IPV6
@@ -749,6 +761,7 @@
}
starttime = time(NULL);
+ lastcheckedtime = starttime;
if (scantype != SYN_SCAN)
ack_number = get_random_uint();
@@ -965,6 +978,33 @@
current->state = PORT_TESTING;
current->trynum = 0;
/* if (!testinglist) testinglist = current; */
+ if (o.count) {
+ itimes++;
+ checkedtime=time(NULL);
+ if ( checkedtime != lastcheckedtime ) {
+ isec[iloop]=checkedtime - lastcheckedtime;
+ lastcheckedtime = checkedtime;
+ iports[iloop]=itimes;
+ itotal=itotal+itimes;
+ itimes=0;
+ iii=0;
+ itports=0;
+ itsec=0;
+ while(iii <= imax) {
+ itports=itports+iports[iii];
+ itsec=itsec+isec[iii];
+ iii++;
+ }
+ iloop++;
+ if(imax<4) imax++;
+ if(iloop==5) iloop=0;
+
+ log_write(LOG_STDOUT, "Tried: %5d (%d resends) \nP/S: %8.2f ETS: %7.0f \e[38D\e[A", itotal , iresends , (double) itports / itsec , (double) ( numports - itotal + iresends ) / ( (double) itports / itsec ) );
+ log_flush(LOG_STDOUT);
+ }
+ }
+
+
ss.numqueries_outstanding++;
gettimeofday(¤t->sent[0], NULL);
if ((scantype == SYN_SCAN) || (scantype == WINDOW_SCAN) ||
@@ -1107,6 +1147,7 @@
current->state = PORT_FRESH;
current->trynum = 0;
current->sd[0] = current->sd[1] = current->sd[2] = -1;
+ iresends++;
}
pil.firewalled = NULL;
} else {
@@ -1293,7 +1334,16 @@
double fallback_percent = 0.7;
int rawsd;
int scanflags = 0;
-
+ int iii=0;
+ int itports=0;
+ int itsec=0;
+ int itimes=0;
+ int itotal=0;
+ int iresends = 0;
+ int imax=0;
+ int iloop=0;
+ int iports[5];
+ int isec[5];
int dropped = 0; /* These three are for UDP squelching */
int freshportstried = 0;
int senddelay = 0;
@@ -1310,6 +1360,8 @@
int tries = 0;
int tmp = 0;
time_t starttime;
+ time_t checkedtime;
+ time_t lastcheckedtime;
u16 newport;
int newstate = 999; /* This ought to break something if used illegally */
struct portinfo *scan, *openlist, *current, *testinglist, *next;
@@ -1402,6 +1454,7 @@
fatal("Unknown scan type for super_scan"); }
starttime = time(NULL);
+ lastcheckedtime = starttime;
if (o.debugging || o.verbose) {
struct tm *tm = localtime(&starttime);
@@ -1486,6 +1539,32 @@
/* lets send a packet! */
current->state = PORT_TESTING;
/* if (!testinglist) testinglist = current; */
+ if (o.count) {
+ itimes++;
+ checkedtime=time(NULL);
+ if ( checkedtime != lastcheckedtime ) {
+ isec[iloop]=checkedtime - lastcheckedtime;
+ lastcheckedtime = checkedtime;
+ iports[iloop]=itimes;
+ itotal=itotal+itimes;
+ itimes=0;
+ iii=0;
+ itports=0;
+ itsec=0;
+ while(iii <= imax) {
+ itports=itports+iports[iii];
+ itsec=itsec+isec[iii];
+ iii++;
+ }
+ iloop++;
+ if(imax<4) imax++;
+ if(iloop==5) iloop=0;
+
+ log_write(LOG_STDOUT, "Tried: %5d (%d resends) \nP/S: %8.2f ETS: %7.0f \e[38D\e[A", itotal , iresends , (double) itports / itsec , (double) ( numports - itotal + iresends ) / ( (double) itports / itsec ) );
+ log_flush(LOG_STDOUT);
+ }
+ }
+
numqueries_outstanding++;
gettimeofday(¤t->sent[0], NULL);
if (o.fragscan)
@@ -1710,6 +1789,7 @@
for(current = openlist; current; current = (current->next >= 0)? &scan[current->next] : NULL) {
current->state = PORT_FRESH;
current->trynum = 0;
+ iresends++;
if (o.debugging) {
log_write(LOG_STDOUT, "Preparing for retry, open port %lu noted\n", current->portno);
}
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed