Home page logo
/

nmap-dev logo Nmap Development mailing list archives

[Patch] Improving OS Detection
From: Jay Bosamiya <jaybosamiya () gmail com>
Date: Fri, 04 Jul 2014 12:16:14 +0530

Hi All!

During OS detection, Nmap choses one open TCP port, one closed TCP port
and one closed UDP port to work with. However, if the chosen open TCP
port is "tcpwrapped" (possibly due to a firewall), we may sometimes not
get accurate results.

To get past this, we can choose another open port to work with (since we
only need an open port, the actual port doesn't matter).
The attached patch does this.

I have tested this using multiple VMs with different OSs installed (both
with and without tcpwrapping (using tcpd) and using differing port
ranges too). All tests pass.

Cheers,
Jay

PS: With the current usage of the PortList::isTCPwrapped() function, the
o.debugging>1 messages will NEVER appear but they are there to
facilitate debugging if the function is used elsewhere at some point of
time.

Attachment: osDetectionTCPwrapped.patch
Description:

_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]