From b4e3fd762acd57e1bbe0e6cadb7353d6b2f4dc2c Mon Sep 17 00:00:00 2001 From: david Date: Thu, 16 Jul 2009 20:36:53 +0000 Subject: [PATCH] Add test and XML Ndiff output samples from Fyodor's Facebook scans. --- ndiff/docs/ndiff.xml | 100 ++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 99 insertions(+), 1 deletion(-) diff --git a/ndiff/docs/ndiff.xml b/ndiff/docs/ndiff.xml index d3eec54df..a38c3bea4 100644 --- a/ndiff/docs/ndiff.xml +++ b/ndiff/docs/ndiff.xml @@ -176,12 +176,38 @@ $ ndiff -v scanme-1.xml scanme-2.xml is an example of text - output. + output. Here, port 80 on the host + photos-cache-snc1.facebook.com gained a service + version (lighttpd 1.5.0). The host + at 69.63.179.25 changed its reverse DNS name. The host at + 69.63.184.145 was completely absent in the first scan but came up in + the second. Ndiff text output +-Nmap 4.85BETA3 at 2009-03-15 11:00 ++Nmap 4.85BETA4 at 2009-03-18 11:00 + + photos-cache-snc1.facebook.com (69.63.178.41): + Host is up. + Not shown: 99 filtered ports + PORT STATE SERVICE VERSION +-80/tcp open http ++80/tcp open http lighttpd 1.5.0 + +-cm.out.snc1.tfbnw.net (69.63.179.25): ++mailout-snc1.facebook.com (69.63.179.25): + Host is up. + Not shown: 100 filtered ports + ++69.63.184.145: ++Host is up. ++Not shown: 98 filtered ports ++PORT STATE SERVICE VERSION ++80/tcp open http Apache httpd 1.3.41.fb1 ++443/tcp open ssl/http Apache httpd 1.3.41.fb1 @@ -203,12 +229,84 @@ $ ndiff -v scanme-1.xml scanme-2.xml shows the XML diff of the same scans shown above in . + Notice how port 80 of + photos-cache-snc1.facebook.com is enclosed in + portdiff tags. For 69.63.179.25, the old hostname + is in a tags and the new is in + b. For the new host 69.63.184.145, there is a + b in the hostdiff without a + corresponding a, indicating that there was no + information for the host in the first scan. Ndiff XML output + + + + + +
+ + + + + + + + + + + + + + + + + + + + + + +
+ + + + + + + + + + + + + + + + + +
+ + + + + + + + + + + + + + + + ]]>