Home page logo
/

nmap-dev logo Nmap Development mailing list archives

Re: Minor change to "Chapter 8. Remote OS Detection"
From: Kris Katterjohn <katterjohn () gmail com>
Date: Sat, 07 May 2011 10:42:13 -0500

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 05/07/2011 05:13 AM, Luis MartinGarcia. wrote:
Hi,

Current version of "Chapter 8. Remote OS Detection" says:

"That length varies by implementation because they are allowed to choose
how much data from the original probe to include, as long as they meet
the minimum RFC 792 requirement. That requirement is to include the
original IP header and at least eight bytes of data."

I've been reading RFC 792, and the sentence above is not correct.
Nowhere in the RFC it says that they are allowed to choose how much data
from the original probe to include. I know implementations do what they
want, but in theory, they should only include the original IP header
plus the next 64 bits of data. This is why I suggest re-writing the
sentence to something like the following:

"That length varies because, although RFC 792 requires the inclusion of
the original IP header plus the next 8 octets of data, some
implementations include the whole datagram or more than 8 bytes of its
payload."

I attach a patch for this, although some native English speaker may want
to do a bit of rewording.


Section 3.2.2 of RFC 1122 (Requirements for Internet Hosts):

"Every ICMP error message includes the Internet header and at
least the first 8 data octets of the datagram that triggered
the error; more than 8 octets MAY be sent; this header and data
MUST be unchanged from the received datagram."

This RFC updates and corrects some details in previous RFCs like 792 and 793,
and is the one implementations would follow for things like this, so just
changing the RFC number in Ch8 would be more accurate.

Regards,

Luis MartinGarcia.


Cheers,
Kris Katterjohn
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJNxWhVAAoJEEQxgFs5kUfuUTMP/iyjKGZ5ljkhg1yTL2kGjt0B
MskS3LbRW1OK+2XSPoO2Smk0Q13hU14RfqheDR6CrQ20Vc8UYLtKtL58g/RFdBUx
3L4aZr29XGmXOHbMbIh2A/THxIzZAzg1/eCwM8uexFq7WufHED+Av4HHMi07fqS7
GveJFZPlXhB6NmxsHFK47eUw/f9ObCdIQIieqzRNq5wIYry8BDxoXp+dBKmxe6Th
OIC5gWzm8TZ5VoaM91JW0jS0mX7xtOVQF0XF8EXYwHy5Iir9zIdVxV6DGlkk3Cdr
YiUN6UfSQ0Hftd+PCbZRS3EsGHh8CFVCIF+U6oSsW+clrJs5uCaGvEzL5oWY3ljS
5wj1XW6j8OjLrlt98Bsd69Rf8JMwkjdj7LIfYIkHMYIttWIJMdQqJfpcdwFqS6dB
7VMCFY2b/O1MU2McFbybMp5LKg/YztdQaPpZP1Ah+tq2PdFJaUf7XDNAe/orhQwf
aqSLqr/f43//4Rhmr+SOk3GhP0zXhrcsHos6hvVjzL7Lx77vI1d+7N1WY5q2J7eU
db5fHWCuGUguupkaYrk80vHJrBf6QyrdLg87MUUPpM8T50jP4CiqgmNJftyHSlgk
64HdDd9tfOIiLkFIpTeIixkcZ6fAjc0EIso3OU8E8g9wD6CRZEdm2DSustgbTuSe
qjUvvz06ZDYR2vHddSF2
=L2Vm
-----END PGP SIGNATURE-----
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]