Re: Nmap 4.20ALPHA5: Unable to produce ideal -O2 tests ?

[Fyodor <fyodor () insecure org>]

On Fri, Sep 01, 2006 at 03:18:16AM +0000, Brandon Enright wrote:
> First, thanks a bunch for this release, I can hardly wait to play with
> it.

Hi Brenden.  Thanks for testing it!  

> I've been trying to generate O2 fingerprints but I haven't been able to
> for one reason or another.  One of my Linux routers produced an ideal
> fingerprint

Yeah, I saw the submission.  It was the first submission with the new
system.  Thanks!

> A machine that is 12/13 hops away from me produces this error:
>
> "OS fingerprint not ideal because: Host more than fifteen network hops
> away"

Oops.  We changed the limit (these rules are all in
FingerPrintResults.cc OmitSubmissionFP()) from 15 to 10 hops, but
forgot to update the message.  I just fixed that for the next version.
We're worried about problems related to asymetric routing if we take
fingerprints from hosts too many hops away.  We may relax the rules a
bit, but they are currently quite strict to ensure a high quality DB.

> The others machines I've tested (localhost, other machines 1 or 2 hops
> away) all produce this output:
>
> "OS fingerprint not ideal because: maxTimingRatio is greater than 1.4"

Interesting.  Would you run find an open and a closed port on a target
which does that, then run "nmap -p[openport],[closedport]
--packet-trace -d -O2 [target]" and send me the output?  You can
change the IPs to "src" and "target".  That ought to help me figure
out why the timing isn't working right.  How many hosts are you
scanning at once?  Maybe it will work if you scan them one at a time
(but I still want to fix it, so if you could still send me a
--packet-trace of a problematic run that would be great).

Thanks!
Fyodor

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org