Nmap Development mailing list archives
Re: [PATCH] scan_engine.cc get_(ping_)?pcap_result() goodseq cleanup
From: David Fifield <david () bamsoftware com>
Date: Mon, 2 Nov 2009 15:59:33 -0700
Hi, This is in response to http://seclists.org/nmap-dev/2009/q1/414. In that thread, Daniel Roethlisberger made a patch that slightly changed how TCP probes were matched in some cases. I tested the change and found that it negatively affected accuracy, but I recently realized that I made a mistake in testing. Corrected tests show that it doesn't affect accuracy. Daniel, accept my apology. I realized this when I made the same mistake in a recent test while working on better probe matching to distibuish responses to SYN and ACK probes. The erroneous results are here: http://www.bamsoftware.com/wiki/Nmap/PerformanceNotes#token-2009-10-10 The mistake I made is that I configured one of the test nmaps with a prefix of /usr/local, but didn't install it there. I have my usual installation in /usr. When it looked for its nmap-services file in /usr/local/share/nmap, it didn't find it, and fell back to /etc/services instead. Thus it was using a completely different set of ports, and I think that accounts for all of the difference I saw. I have redone Daniel's patch in my nmap-token branch, which I think will be merged shortly. David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Re: [PATCH] scan_engine.cc get_(ping_)?pcap_result() goodseq cleanup David Fifield (Nov 02)
- Re: [PATCH] scan_engine.cc get_(ping_)?pcap_result() goodseq cleanup Daniel Roethlisberger (Nov 04)