mailing list archives
From: "Gisle Vanem" <gvanem () yahoo no>
Date: Thu, 13 Feb 2014 14:43:11 +0100
While using the a 'nmap -sT -O' command to my Linux router (10.0.0.1), I see
nmap fails to set ACK/URG flags in some cases where those ACK/URG
fields are non-zero. Commands I used was:
tcpdump -w nmap.pcap port 53 or port 22 << ! in another shell or background
nmap -sT -O -p53,22 router
tshark -Vr nmap.pcap | grep "The urgent pointer field is nonzero"
Details: when the ACK or URG tcp-header field is non-zero, the ACK or URG
flags should also be set. I haven't looked at other flags. From the Wireshark Expert
info when analyzing the nmap.pcap-file:
[The acknowledgment number field is nonzero while the ACK flag is not set]
[The urgent pointer field is nonzero while the URG flag is not set]
Is this working-as-designed? Otherwise it should be made clear in the code+docs
somewhere (Xmas scan exempted?). AFAICS it isn't. So I assume
libnetutil/TCPheader.cc is to blame here. But I fail to see how.
I've ran the above commands on Win-XP SP3 (MSVC compiled nmap). Can
anybody confirm this on Windows or elsewhere?
Attached is nmap.pcap from above windump session.
Sent through the dev mailing list
Archived at http://seclists.org/nmap-dev/
- ACK/URG anomaly Gisle Vanem (Feb 13)