Re: [PATCH] scan_engine.cc get_(ping_)?pcap_result() goodseq cleanup

[Daniel Roethlisberger <daniel () roe ch>]

Hey,

David Fifield <david () bamsoftware com> 2009-11-02:
> This is in response to http://seclists.org/nmap-dev/2009/q1/414. In that
> thread, Daniel Roethlisberger made a patch that slightly changed how TCP
> probes were matched in some cases. I tested the change and found that it
> negatively affected accuracy, but I recently realized that I made a
> mistake in testing. Corrected tests show that it doesn't affect
> accuracy. Daniel, accept my apology.

There really is no need to apologize, no harm has been done.  I'm
glad that there is a rational explanation for the surprising
results we had back then.

> I realized this when I made the same mistake in a recent test while
> working on better probe matching to distibuish responses to SYN and ACK
> probes. The erroneous results are here:
>
> http://www.bamsoftware.com/wiki/Nmap/PerformanceNotes#token-2009-10-10
>
> The mistake I made is that I configured one of the test nmaps with a
> prefix of /usr/local, but didn't install it there. I have my usual
> installation in /usr. When it looked for its nmap-services file in
> /usr/local/share/nmap, it didn't find it, and fell back to /etc/services
> instead. Thus it was using a completely different set of ports, and I
> think that accounts for all of the difference I saw.
>
> I have redone Daniel's patch in my nmap-token branch, which I think will
> be merged shortly.

That's great to hear, thanks for taking this issue up again and
bringing it to a good end.

-- 
Daniel Roethlisberger
http://daniel.roe.ch/
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/