Home page logo

nmap-dev logo Nmap Development mailing list archives

Re: TCP Sequence
From: Brandon Enright <bmenrigh () ucsd edu>
Date: Sun, 21 Oct 2007 07:36:27 +0000

Hash: SHA1

On Thu, 18 Oct 2007 13:12:02 +0200 plus or minus some time Mohamed Abdel
Kader <mak.pen () gmail com> wrote:


Been using nmap for as long as I remember but recently starting to see a
problem with the TCP sequence algorithm.

Using nmap 4.2 under xp the TCP sequence class comes up as trivial time
dependency, with the difficulty being trivial joke.

However when I used the alpha release (4.22 SOC7) the class became truly
random with a difficulty of "Good Luck"!

Which is more reliabe? Does the alpha release contain improvements in
detecting the TCP sequence algorithm in use?

Thanks a million Fyodor!



The bug in 4.20 was fixed (as you have seen).  The problem was that when
the second-gen OS detection was added, the difficulty numbers were changed
to much lower values and the ranges for each class (Trivial Joke, Worthy
Challenge, Good Luck, etc) were lowered with the numbers.  The problem
shows up in 4.20 only when the first-gen OS detection is run because some
debug code related to the numbering and naming was left in.

If you want to use first-gen detection still, you'll need to update to one
of the pre-release versions.  Otherwise, you can force Nmap 4.20 to just
use gen-2 by doing -O2 and your numbers and names will be accurate.


Version: GnuPG v1.4.7 (GNU/Linux)


Sent through the nmap-dev mailing list
Archived at http://SecLists.Org

  By Date           By Thread  

Current thread:
  • TCP Sequence Mohamed Abdel Kader (Oct 20)
    • Re: TCP Sequence Brandon Enright (Oct 21)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]