PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-11 10:19:03 +00:00
Code Issues Projects Releases Wiki Activity
Files
bb8be37ecea8d11f5093e085bd637afbe7029cc3
nmap/ndiff/docs/ndiff.1
david 68e326252e Remove "other" from doubly consolidated port state change lines. When all the 
ports had the same state change, "other" doesn't make sense.
2008-09-19 00:33:35 +00:00

104 lines
3.1 KiB
Groff
Raw Blame History

.\" Title: ndiff
.\" Author:
.\" Generator: DocBook XSL Stylesheets v1.73.2 <http://docbook.sf.net/>
.\" Date: 09/18/2008
.\" Manual:
.\" Source:
.\"
.TH "NDIFF" "1" "09/18/2008" "" ""
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
.SH "NAME"
ndiff - Utility to compare the results of Nmap scans
.SH "SYNOPSIS"
.HP 6
\fBndiff\fR [\fIoptions\fR] {\fI\fIa\.xml\fR\fR} {\fI\fIb\.xml\fR\fR}
.SH "DESCRIPTION"
.PP
Ndiff is a tool to aid in the comparison of Nmap scans\. Specifically, it takes two Nmap XML output files and prints the differences between them: hosts coming up and down, ports becoming open or closed, and things like that\.
.PP
Ndiff compares two scans at a time\. The
\(lqbefore\(rq
scan is called the A scan and the
\(lqafter\(rq
scan is the B scan\. The letters A and B are used to avoid giving the impression that scans must be given in time order\. They do not; it\'s possible to get a
\(lqbackward\(rq
diff from a newer scan to an older scan\.
.PP
Ndiff can produce output in human\-readable text or machine\-readable XML formats\. Use the
\fB\-\-text\fR
and
\fB\-\-xml\fR
options to control which\. Output goes to standard output\.
.SH "OPTIONS SUMMARY"
.PP
\fB\-h\fR, \fB\-\-help\fR
.RS 4
Show a help message and exit\.
.RE
.PP
\fB\-v\fR, \fB\-\-verbose\fR
.RS 4
Do not consolidate long port lists into a simple count\. When a host is up in the B scan that was not present in the A scan, commonly most of its ports will change from the state "unknown" to "closed" or "filtered"\. If the port list is very long, it will be consolidated into a line like
.sp
.RS 4
.nf
994 tcp ports changed state from unknown to filtered\.
.fi
.RE
.sp
With
\fB\-\-verbose\fR, all 994 ports will be listed:
.sp
.RS 4
.nf
The following tcp ports changed state from unknown to filtered:
1,3,4,6,7,9,13,17,19\-21,23,24,26,30,32,
33,37,42,43,49,79,81\-85,88\-90,99,100,106,109\-11
1,119,125,135,139,143,144,146,161,163,179,199,2
.fi
.RE
.sp
and so on\.
.sp
In XML output, every port is always listed explictly\.
\fB\-\-verbose\fR
has no effect\.
.RE
.PP
\fB\-\-text\fR
.RS 4
Write output in human\-readable text format\.
.RE
.PP
\fB\-\-xml\fR
.RS 4
Write output in machine\-readable text format\. For a description of the XML format see the
\fInmap\.dtd\fR
file in the Ndiff distribution\.
.RE
.PP
Any other arguments are taken to be the names of Nmap XML output files\. There must be exactly two\. The first one listed is the A scan and the second is the B scan\.
.SH "BUGS"
.PP
Report bugs to the
nmap\-dev
mailing list at
<nmap\-dev@insecure\.org>\.
.SH "HISTORY"
.PP
Ndiff started as a project by Michael Pattrick during the 2008 Google Summer of Code\. Michael designed the program and led the discussion of its output formats\. He wrote versions of the program in Perl and C++, but the summer ended shortly after it was decided to rewrite the program in Python for the sake of Windows compatibility\. This Python version is written by David Fifield\.
.SH "AUTHORS"
.PP
David Fifield
<david@bamsoftware\.com>
.PP
Michael Pattrick
<mpattrick@rhinovirus\.org>
.SH "WEB SITE"
.PP
\fI\%http://nmap.org/ndiff/\fR
Reference in New Issue View Git Blame Copy Permalink