Nmap Development mailing list archives
Re: osscan2.cc ACK/URG anomaly
From: "Gisle Vanem" <gvanem () yahoo no>
Date: Sun, 10 Aug 2014 14:01:10 +0200
"Daniel Miller" <bonsaiviking () gmail com> wrote:
This is the HostOsScan::tcpAck member in osscan2.cc. Perhaps it would be best only to send this when the ACK flag is set, but that might invalidate some of our OS database. Regardless, this is the intended behavior, not a bug.
Thanks for the clarification. I wasn't aware of these details. I was analyzingsome scans with Wireshark/Tshark and saw it complained about these things in it's "expert info".
Why does it send a URG-value without the TH_URG flag set here? IMHO, this should be: 8, TH_CWR|TH_ECE|TH_SYN|TH_URG, prbWindowSz[6], 63477,
Then if the docs says 0xF7F5, then IMHO the source (63477) should says so too. Maybe with some reference to the docs?
BTW. when searching for these source of this "error", I looked into libnetutil/TCPHeader.cc. Only to realize it was for IPv6 + TCP only.
Kinda confusing to have the same proto-builders in several places. --gv _______________________________________________ Sent through the dev mailing list http://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- osscan2.cc ACK/URG anomaly Gisle Vanem (Aug 09)
- Re: osscan2.cc ACK/URG anomaly Daniel Miller (Aug 09)
- Re: osscan2.cc ACK/URG anomaly Gisle Vanem (Aug 10)
- Re: osscan2.cc ACK/URG anomaly Daniel Miller (Aug 09)