Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: IPv6 Hop Limit as feature in FPEngine

From: David Fifield <david () bamsoftware com>
Date: Mon, 23 Feb 2015 13:54:09 -0800
On Mon, Feb 23, 2015 at 10:00:44AM +0100, Alexandru Geana wrote:

I am submitting two small patches which add the IPv6 Hop Limit field as
a feature for OS probing and detection. I hope this is the first in a
long line of future patches meant to improve the accuracy of OS
detection over IPv6.

One patch is for the nmap tree and the other is for
nmap-exp/luis/ipv6tests. The patch tries to guess the initial value of
the field (255, 128, 64 or 32) and considers each one a distinct class.
Additionally, in FPEngine.cc I switched from "external" declarations to
including a generated header file. The header file (FPModel.h) is
created same as FPModel.cc by the train.py script in Luis' folder. The
reason is consistency in the size of the FPMean and FPVariance matrices.


This is great! I've only read the diff, but it looks good to me.

I'm curious, what is the distribution of hoplimit values in our current
database? Are there any members of a class that appear not to belong
because of a different hoplimit?

David Fifield
_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: