Nmap Development mailing list archives
Re: TCP window, options information
From: David Fifield <david () bamsoftware com>
Date: Sat, 24 Sep 2011 13:54:09 -0700
On Sat, Sep 24, 2011 at 11:20:25PM +0400, Vasiliy Kulikov wrote:
Hi, Is there any way to get raw target TCP stack information like initial window size, specific TCP options support? Most of this information should be already known after OS fingerprint if at least one opened port is found. However, I cannot find any reference neither in documentation nor in NSE scripts. I might simply miss it, but probably the output of TCP stack info is not implemented yet?
That information is not available to NSE. It hasn't been implemented. But also, it might be ambiguous. Some operating systems have different initial window sizes for different probes, for example (see W1-W6): Fingerprint 3Com Baseline Switch 2250-SFP Plus Class 3Com | embedded || switch WIN(W1=43E0%W2=4110%W3=423C%W4=43E0%W5=4180%W6=403D) I have also seen the same OS send different TCP options (particularly FreeBSD). Notice how the MSS differs in each response, and how O6 is missing the "W" window scale. Fingerprint FreeBSD 7.0-CURRENT Class FreeBSD | FreeBSD | 7.X | general purpose OPS(O1=M5B4NW8NNT11%O2=M578NW8NNT11%O3=M280NW8NNT11%O4=M3FD8NW8NNT11%O5=M218NW8NNT11%O6=M109NNT11) The answer for you might be to send your own probe so that results are consistent. David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- TCP window, options information Vasiliy Kulikov (Sep 24)
- Re: TCP window, options information David Fifield (Sep 24)
- Re: TCP window, options information Vasiliy Kulikov (Sep 27)
- Re: TCP window, options information David Fifield (Sep 24)