Nmap Development mailing list archives
ACK/URG anomaly
From: "Gisle Vanem" <gvanem () yahoo no>
Date: Thu, 13 Feb 2014 14:43:11 +0100
While using the a 'nmap -sT -O' command to my Linux router (10.0.0.1), I see nmap fails to set ACK/URG flags in some cases where those ACK/URG fields are non-zero. Commands I used was: tcpdump -w nmap.pcap port 53 or port 22 << ! in another shell or background nmap -sT -O -p53,22 router tshark -Vr nmap.pcap | grep "The urgent pointer field is nonzero" Details: when the ACK or URG tcp-header field is non-zero, the ACK or URG flags should also be set. I haven't looked at other flags. From the Wireshark Expert info when analyzing the nmap.pcap-file: [The acknowledgment number field is nonzero while the ACK flag is not set] [The urgent pointer field is nonzero while the URG flag is not set]Is this working-as-designed? Otherwise it should be made clear in the code+docs somewhere (Xmas scan exempted?). AFAICS it isn't. So I assume
libnetutil/TCPheader.cc is to blame here. But I fail to see how.I've ran the above commands on Win-XP SP3 (MSVC compiled nmap). Can anybody confirm this on Windows or elsewhere?
Attached is nmap.pcap from above windump session. --gv
Attachment:
nmap.pcap
Description:
_______________________________________________ Sent through the dev mailing list http://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- ACK/URG anomaly Gisle Vanem (Feb 13)