Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Linux 2.6 Uptime Calculations

From: Sean Elble <elbles () sessys com>
Date: Fri, 26 May 2006 11:33:54 -0400
On 5/26/06 3:30 AM, "赵雷" <zhaolei () gmail com> wrote:


systems running either a 100 Hz or 1000 Hz system timer frequency (it could
calculate the uptime for an old Red Hat 7.3 box I still have running when it
was running a 2.4 kernel with a 100 Hz timer frequency, but has problems
with a 2.6.15 kernel with a timer frequency of 250 Hz). Nmap also has no
problems calculating the uptime of a fairly stock CentOS 4.3 system with the
2.6.9 kernel, with the timer running at 1000 Hz.


You are right. Nmap does uptime guessing by the returned TCP timestamp
values. Current Nmap only takes into account the frequencies of 2, 100
and 1000Hz; it would not calculate the uptime of a host which uses
250Hz or other frequencies.
This would be solved in the new Nmap OS fingerprinting system. I have
tested a 2.6.15 kernel compiled with 250Hz :)


Thanks for the reply. When you say it would be solved in the new Nmap OS
fingerprinting system, what do you mean? I apologize, I'm not very familiar
with the details of nmap, but it's always good to know something more about
it. For what it's worth, I looked at how nmap does the uptime calculations,
and patched it so that it can now run the calculations for Linux systems
with a system timer running ~250 Hz (plus or minus a "safety" factor as has
been done for other timer frequencies), and it was fairly trivial to do so
(if I can do it, it's most definitely trivial). Works quite well too . . .
Thanks again for the reply!



Regards,
Zhao Lei


-- 
+-------------------------------------------------+
|  Sean Elble                                     |
|  Virginia Tech                                  |
|  Computer Engineering, Class of 2008            |
|  Vice President, VTLUUG                         |
|  E-Mail:   elbles () sessys com                    |
|  Cell:     860.946.9477                         |
+-------------------------------------------------+



_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Previous By Date Next
Previous By Thread Next

Current thread: