Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos network security services platform



Comparing Results
Prev Chapter 12. Zenmap GUI Users' Guide Next

Comparing Results

It is a common desire to run the same scan twice at different times, or run two slightly different scans at the same time, and see how they differ. Zenmap provides an interface for comparing scan results, shown in Figure 12.14. Open the comparison tool by selecting “Compare Results” from the “Tools” menu or by using the ctrl+D (think “diff”) keyboard shortcut. Zenmap supports comparing two scan results at a time.

Figure 12.14. Comparison tool

Comparison tool

The first step in performing a comparison is selecting the two scans to compare. The combo boxes under “Scan Result 1” and “Scan Result 2” allow you to choose from open scans. Or click the “Open” buttons to get scan results from a file. To compare results from the recent scans database, you must first open those scans using the search interface (see the section called “Searching Saved Results”).

The distinction between Scan Result 1 and Scan Result 2 is important. Comparison are always done from Scan Result 1 to Scan Result 2, that is, how Scan Result 2 differs from Scan Result 1. Once the two results have been chosen the comparison is done immediately.

Graphical Comparison

Figure 12.15 shows a comparison of a regular scan and an intense scan of the same host.

Figure 12.15. Graphical comparison

Graphical comparison

The differences and similarities of the two scans is shown hierarchically and in colors. Each color also has a letter code that describes how that part of the scan changed (or not). The codes are: U for unchanged, A for added, M for modified, and N for not present (or deleted). The colors can be modified by clicking the “Color Descriptions” button.

Text Comparison

An alternative view of the comparison is the text mode, which is activated by clicking the “Text Mode” button. A text mode comparison of the same two scans is shown in Figure 12.16. An advantage of the text mode output is that it can be copied and pasted into a file or an email message.

Figure 12.16. Text mode comparison

Text mode comparison

The output of a text mode comparison is similar to that of the Unix diff tool. Each line begins with a character indicating the meaning of the line. The possible character codes are shown in Table 12.1.

Table 12.1. Text diff character codes

CodeMeaning
 ” (space)The line is identical in both scans.
+The line was added in the second scan.
-The line was removed in the second scan.
?^, +, and - characters on the remainder of the line indicate which characters were modified, added, or removed, respectively, in the line immediately above.


An HTML rendering of the text difference can be viewed by clicking the “Open in Browser” button. This view is meant to be saved for archival purposes or printed for a report.

Prev Up Next
Searching Saved Results Home Files Used by Zenmap
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]