Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Repeated Random numbers with data-length option

From: Andrew Jason Farabee <afarabee () uci edu>
Date: Mon, 10 Nov 2014 22:49:15 -0800
I was hoping someone could explain to me why the default behavior is for
the same random numbers to be padded at the end of each packet sent in an
nmap instance.  For example, if I run "nmap 10.0.0.1/24 --data-length 100"
every packet to every port to every address in the specified target network
will contain the same data.

It seems like this behavior makes the --data-length option more conspicuous
instead of less (sending the same data to every port, multiple remote
addresses sending the same data during decoy scans, letting targeted
network admins know when one instance of nmap has stopped and another has
started.)

Why does nmap not regenerate the random data for each packet by default?
Is it just a question of efficiency or would using a random string not
actually be any less conspicuous?

Thanks a lot.  Also, I wanted to say thanks for the nmap devs for creating
and maintaining such a useful and helpful system.

_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: