Home page logo

nmap-dev logo Nmap Development mailing list archives

Re: [nmap-svn] r21941 - nmap/todo
From: David <david () bamsoftware com>
Date: Mon, 24 Jan 2011 16:16:37 -0800

On Mon, Jan 24, 2011 at 05:35:24PM +0100, Luis MartinGarcia. wrote:
On 01/22/2011 05:58 PM, David wrote:
On Sat, Jan 22, 2011 at 01:16:17PM +0100, Luis MartinGarcia wrote:
On Fri, Jan 21, 2011 at 10:58 PM,  <commit-mailer () insecure org> wrote:
Author: david
Date: Fri Jan 21 13:58:55 2011
New Revision: 21941

o [Nping] See whether --echo-client mode really requires root, and
 remove that restriction if not.

Hi David,

Nping does need root access for echo mode (for both client and server
roles). This is because the protocol requires the client to provide
the server with details about the packets that are going to be
transmitted. When Nping is run in unprivileged mode, most of that
information cannot be accessed as it is the OS who crafts network
layer and transport layer headers.

If you need a more elaborate answer, please let me know.
What kind of information? What is the client unable to provide with, for
    nping --echo-client "public" --tcp-connect server
What phase of the connection does it send this information in?

So, why does the echo client require root access? Because it needs to
know the IP IDs, windows sizes, seq and ack numbers, etc. Otherwise, the
server would not have enough information for the the packet matching
engine. It is true that we could relax these constraints but I don't
think its worth it, as it would reduce the security of the system and
limit the server's multi-user capabilities.

Okay, that's a good explanation. I hadn't understood the
matching/scoring system.

David Fifield
Sent through the nmap-dev mailing list
Archived at http://seclists.org/nmap-dev/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]