The Nmap 3.28 Statistics Patch adds the -c switch which guesses how much longer the scan will take, shows how many ports have been tested, resent, and the ports per second rate. Useful for scanning firewalled hosts.
ea4f1b08c7795a3b387ea8ad7bc01d8df30e1ec9964d3b0da43604e5488c61da
diff -r -u nmap-3.48/nmap.cc nmap-3.48-statistics/nmap.cc
--- nmap-3.48/nmap.cc 2003-09-20 11:03:00.000000000 +0200
+++ nmap-3.48-statistics/nmap.cc 2003-12-22 21:41:52.000000000 +0100
@@ -217,6 +217,7 @@
{
{"version", no_argument, 0, 'V'},
{"verbose", no_argument, 0, 'v'},
+ {"count", no_argument, 0, 'c'},
{"datadir", required_argument, 0, 0},
{"debug", optional_argument, 0, 'd'},
{"help", no_argument, 0, 'h'},
@@ -675,6 +676,7 @@
exit(0);
break;
case 'v': o.verbose++; break;
+ case 'c': o.count=1; break;
}
}
@@ -1347,6 +1349,7 @@
" -p <range> ports to scan. Example range: '1-1024,1080,6666,31337'\n"
" -F Only scans ports listed in nmap-services\n"
" -v Verbose. Its use is recommended. Use twice for greater effect.\n"
+ " -c [] statistics patch [] \n"
" -P0 Don't ping hosts (needed to scan www.microsoft.com and others)\n"
"* -Ddecoy_host1,decoy2[,...] Hide scan using many decoys\n"
" -6 scans via IPv6 rather than IPv4\n"
diff -r -u nmap-3.48/NmapOps.h nmap-3.48-statistics/NmapOps.h
--- nmap-3.48/NmapOps.h 2003-09-13 06:19:54.000000000 +0200
+++ nmap-3.48-statistics/NmapOps.h 2003-12-22 21:37:17.000000000 +0100
@@ -124,6 +124,7 @@
void setPacketTrace(bool pt) { pTrace = pt; }
void setVersionTrace(bool vt) { vTrace = vt; }
int verbose;
+ int count;
int randomize_hosts;
int spoofsource; /* -S used */
char device[64];
diff -r -u nmap-3.48/scan_engine.cc nmap-3.48-statistics/scan_engine.cc
--- nmap-3.48/scan_engine.cc 2003-09-11 04:12:57.000000000 +0200
+++ nmap-3.48-statistics/scan_engine.cc 2003-12-22 22:23:22.000000000 +0100
@@ -639,6 +639,16 @@
struct scanstats ss;
int rawsd = -1;
int scanflags = 0;
+ int iii=0;
+ int itports=0;
+ int itsec=0;
+ int itimes=0;
+ int itotal=0;
+ int iresends = 0;
+ int imax=0;
+ int iloop=0;
+ int iports[5];
+ int isec[5];
int victim;
int senddelay = 0;
int rpcportsscanned = 0;
@@ -650,6 +660,8 @@
int res;
int connecterror = 0;
time_t starttime;
+ time_t checkedtime;
+ time_t lastcheckedtime;
struct sockaddr_storage sock;
struct sockaddr_in *sin = (struct sockaddr_in *) &sock;
#if HAVE_IPV6
@@ -808,6 +820,7 @@
}
starttime = time(NULL);
+ lastcheckedtime = starttime;
if (scantype != SYN_SCAN)
ack_number = get_random_uint();
@@ -1042,6 +1055,32 @@
current->state = PORT_TESTING;
current->trynum = 0;
/* if (!testinglist) testinglist = current; */
+ if (o.count) {
+ itimes++;
+ checkedtime=time(NULL);
+ if ( checkedtime != lastcheckedtime ) {
+ isec[iloop]=checkedtime - lastcheckedtime;
+ lastcheckedtime = checkedtime;
+ iports[iloop]=itimes;
+ itotal=itotal+itimes;
+ itimes=0;
+ iii=0;
+ itports=0;
+ itsec=0;
+ while(iii <= imax) {
+ itports=itports+iports[iii];
+ itsec=itsec+isec[iii];
+ iii++;
+ }
+ iloop++;
+ if(imax<4) imax++;
+ if(iloop==5) iloop=0;
+ log_write(LOG_STDOUT, "Tried: %5d (%d resends) \nP/S: %8.2f ETS: %7.0f \e[38D\e[A", itotal , iresends ,
+(double) itports / itsec , (double) ( numports - itotal + iresends ) / ( (double) itports / itsec ) );
+ log_flush(LOG_STDOUT);
+ }
+ }
+
ss.numqueries_outstanding++;
gettimeofday(¤t->sent[0], NULL);
if ((scantype == SYN_SCAN) || (scantype == WINDOW_SCAN) ||
@@ -1181,6 +1220,7 @@
current->state = PORT_FRESH;
current->trynum = 0;
current->sd[0] = current->sd[1] = current->sd[2] = -1;
+ iresends++;
}
pil.firewalled = NULL;
} else {
@@ -1368,7 +1408,16 @@
double fallback_percent = 0.7;
int rawsd;
int scanflags = 0;
-
+ int iii=0;
+ int itports=0;
+ int itsec=0;
+ int itimes=0;
+ int itotal=0;
+ int iresends = 0;
+ int imax=0;
+ int iloop=0;
+ int iports[5];
+ int isec[5];
int dropped = 0; /* These three are for UDP squelching */
int freshportstried = 0;
int senddelay = 0;
@@ -1385,6 +1434,8 @@
int tries = 0;
int tmp = 0;
time_t starttime;
+ time_t checkedtime;
+ time_t lastcheckedtime;
u16 newport;
int newstate = 999; /* This ought to break something if used illegally */
struct portinfo *scan, *openlist, *current, *testinglist, *next;
@@ -1478,6 +1529,7 @@
fatal("Unknown scan type for super_scan"); }
starttime = time(NULL);
+ lastcheckedtime = starttime;
if (o.debugging || o.verbose) {
struct tm *tm = localtime(&starttime);
@@ -1562,6 +1614,36 @@
/* lets send a packet! */
current->state = PORT_TESTING;
/* if (!testinglist) testinglist = current; */
+ if (o.count) {
+ itimes++;
+ checkedtime=time(NULL);
+ if ( checkedtime != lastcheckedtime ) {
+ isec[iloop]=checkedtime - lastcheckedtime;
+ lastcheckedtime = checkedtime;
+ iports[iloop]=itimes;
+ itotal=itotal+itimes;
+ itimes=0;
+ iii=0;
+ itports=0;
+ itsec=0;
+ while(iii <= imax) {
+ itports=itports+iports[iii];
+ itsec=itsec+isec[iii];
+ iii++;
+ }
+ iloop++;
+ if(imax<4) imax++;
+ if(iloop==5) iloop=0;
+
+ log_write(LOG_STDOUT, "Tried: %5d (%d resends) \nP/S: %8.2f ETS: %7.0f \e[38D\e[A", itotal , iresends , (
+double) itports / itsec , (double) ( numports - itotal + iresends ) / ( (double) itports / itsec ) );
+ log_flush(LOG_STDOUT);
+ }
+ }
+
+
+
+
numqueries_outstanding++;
gettimeofday(¤t->sent[0], NULL);
if (o.fragscan)
@@ -1786,6 +1868,7 @@
for(current = openlist; current; current = (current->next >= 0)? &scan[current->next] : NULL) {
current->state = PORT_FRESH;
current->trynum = 0;
+ iresends++;
if (o.debugging) {
log_write(LOG_STDOUT, "Preparing for retry, open port %lu noted\n", current->portno);
}