Home page logo

nmap-dev logo Nmap Development mailing list archives

U1 probe RUD test question
From: "Thomas Tavaris J (Tavaris)" <tjthomas () LGSInnovations com>
Date: Thu, 2 Apr 2009 14:52:42 -0400


I'm still looking at the quality of the tests that nmap sends and I have
a question regarding the U1,RUD test. Why is this test producing a G
value when wireshark, tshark, and tcpdump data shows no UDP data  (from
the probe) is contained in the encapsulated ICMP port unreachable
packet? This is especially prevalent when scanning Cisco routers. The
nmap-os-db file says Cisco IOS should report G for the RUD test. From my
(limited) observations this hasn't been the case.  Also the nmap-os-db
file the MatchPoint value is 100 (which implies a high quality test). In
my observations over 1650 values for G appear in the database but would
also imply this test doesn't differentiate a lot of systems with this
test value. Anyone have any insight?


Sent through the nmap-dev mailing list
Archived at http://SecLists.Org

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]