Nmap Development mailing list archives
Re: nmap and predictable ISN's or SN's
From: Denis Ducamp <Denis.Ducamp () hsc fr>
Date: Tue, 6 Nov 2001 11:44:52 +0100
On Tue, Nov 06, 2001 at 11:23:43AM +0100, Ralf Hildebrandt wrote:
Hi!
Hi,
Today I was looking at http://razor.bindview.com/publish/papers/tcpseq.html
a great paper :)
and asked myself if nmap could be used to gather this data during a scan.
the -Q option from hping http://www.hping.org/ is certainly what you need : # ./hping2 -S -p 80 -c 10 -Q www HPING www (eth0 192.168.1.25): S set, 40 headers + 0 data bytes 1048123854 +1048123854 1983594997 +935471143 1361981332 +3673353630 433528998 +3366514961 727732780 +294203782 959329434 +231596654 1885473328 +926143894 235633102 +2645127069 965566788 +729933686 1781858662 +816291874 --- www hping statistic --- 10 packets tramitted, 10 packets received, 0% packet loss round-trip min/avg/max = 81.9/107.2/140.3 ms
From the HPING2(8) page :
-Q --seqnum This option can be used in order to collect sequence numbers generated by target host. This can be useful when you need to analyze whether TCP sequence number is predictable. Output example: [...] The first column reports the sequence number, the second difference between current and last sequence number. As you can see target host's sequence num bers are predictable.
To analyse it using gnuplot is fairly easy then.
Denis Ducamp. -- Denis.Ducamp () hsc fr --- Hervé Schauer Consultants --- http://www.hsc.fr/ Owl/Openwall/snort/hping/dsniff en français http://www.groar.org/trad/ Owl en français http://www.openwall.com/Owl/fr/ Du bon usage de ... http://usenet-fr.news.eu.org/fr-chartes/rfc1855.html --------------------------------------------------------------------- For help using this (nmap-dev) mailing list, send a blank email to nmap-dev-help () insecure org . List run by ezmlm-idx (www.ezmlm.org).
Current thread:
- nmap and predictable ISN's or SN's Ralf Hildebrandt (Nov 06)
- Re: nmap and predictable ISN's or SN's Denis Ducamp (Nov 06)
- RE: nmap and predictable ISN's or SN's Fernando Cardoso (Nov 06)
- Re: nmap and predictable ISN's or SN's Ralf Hildebrandt (Nov 06)
- Re: nmap and predictable ISN's or SN's Denis Ducamp (Nov 06)