mailing list archives
Minor change to "Chapter 8. Remote OS Detection"
From: "Luis MartinGarcia." <luis.mgarc () gmail com>
Date: Sat, 07 May 2011 12:13:07 +0200
Current version of "Chapter 8. Remote OS Detection" says:
"That length varies by implementation because they are allowed to choose
how much data from the original probe to include, as long as they meet
the minimum RFC 792 requirement. That requirement is to include the
original IP header and at least eight bytes of data."
I've been reading RFC 792, and the sentence above is not correct.
Nowhere in the RFC it says that they are allowed to choose how much data
from the original probe to include. I know implementations do what they
want, but in theory, they should only include the original IP header
plus the next 64 bits of data. This is why I suggest re-writing the
sentence to something like the following:
"That length varies because, although RFC 792 requires the inclusion of
the original IP header plus the next 8 octets of data, some
implementations include the whole datagram or more than 8 bytes of its
I attach a patch for this, although some native English speaker may want
to do a bit of rewording.
Sent through the nmap-dev mailing list
Archived at http://seclists.org/nmap-dev/
- Minor change to "Chapter 8. Remote OS Detection" Luis MartinGarcia. (May 07)