|
Nmap Development
mailing list archives
Re: [PATCH] scan_engine.cc get_(ping_)?pcap_result() goodseq cleanup
From: David Fifield <david () bamsoftware com>
Date: Mon, 2 Nov 2009 15:59:33 -0700
Hi,
This is in response to http://seclists.org/nmap-dev/2009/q1/414. In that
thread, Daniel Roethlisberger made a patch that slightly changed how TCP
probes were matched in some cases. I tested the change and found that it
negatively affected accuracy, but I recently realized that I made a
mistake in testing. Corrected tests show that it doesn't affect
accuracy. Daniel, accept my apology.
I realized this when I made the same mistake in a recent test while
working on better probe matching to distibuish responses to SYN and ACK
probes. The erroneous results are here:
http://www.bamsoftware.com/wiki/Nmap/PerformanceNotes#token-2009-10-10
The mistake I made is that I configured one of the test nmaps with a
prefix of /usr/local, but didn't install it there. I have my usual
installation in /usr. When it looked for its nmap-services file in
/usr/local/share/nmap, it didn't find it, and fell back to /etc/services
instead. Thus it was using a completely different set of ports, and I
think that accounts for all of the difference I saw.
I have redone Daniel's patch in my nmap-token branch, which I think will
be merged shortly.
David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
 By Date 
By Thread
Current thread:
- Re: [PATCH] scan_engine.cc get_(ping_)?pcap_result() goodseq cleanup David Fifield (Nov 02)
|
Intro
