Nmap Development mailing list archives
Re: probe for unspecified port
From: Fyodor <fyodor () insecure org>
Date: Sun, 7 Mar 2004 16:57:26 -0800
On Mon, Mar 08, 2004 at 01:40:35AM +0100, Gisle Vanem wrote:
The uptime is based on the Timestamp in the tcp options. Isn't it? And I must say that doesn't work for all OS'es either. How can nmap conclude that the TSval is based on a 1000Hz counter from the time was started? Does RFC-1323 really say this?
Nmap does several probes over a few seconds to determine how fast the counter is incrementing. Then it can extrapolate back to when the counter was zero (generally boot time). Nmap also used the timestamp frequency it determines as part of OS fingerprinting. Cheers, -F --------------------------------------------------------------------- For help using this (nmap-dev) mailing list, send a blank email to nmap-dev-help () insecure org . List archive: http://seclists.org
Current thread:
- probe for unspecified port Gisle Vanem (Mar 06)
- <Possible follow-ups>
- probe for unspecified port testic (Mar 06)
- Re: probe for unspecified port MadHat (Mar 06)
- Re: probe for unspecified port CBuH. (Mar 07)
- Re: probe for unspecified port Gisle Vanem (Mar 07)
- Re: probe for unspecified port Fyodor (Mar 07)
- Re: probe for unspecified port MadHat (Mar 06)