Nmap Announce mailing list archives

Hey, Fyodor, How does this OS Scan stuff work?

From: Lamont Granquist <lamontg () raven genome washington edu>
Date: Thu, 17 Dec 1998 11:14:29 -0800


We're all breathlessly awaiting your phrack article, but I know it would
save me a huge amount of time in tearing apart these tcpdumps and figuring
out what OS scan is doing on different platforms and why it doesn't always
work, if I could get a little bit of an overview of what the traffic looks
like.  It might also help other nmap-hackers, which is why the post is to
the list...

Could you give an overview of what happens after the portscan and what
packets go out (you don't need to go into details such as timeouts, and
retransmissions and such, i can read the source), but for example, what
in the name of christ is this monstrosity:

         send_tcp_raw(rawsd, &o.decoys[decoy], &target->host, current_port, 
                      openport, sequence_base, 0,TH_BOGUS|TH_SYN, 0,"\003\003\01
2\001\002\004\001\011\010\012\077\077\077\077\000\000\000\000\000\000" , 20, NULL, 0);


-- 
Lamont Granquist                       lamontg () raven genome washington edu
Dept. of Molecular Biotechnology       (206)616-5735  fax: (206)685-7344
Box 352145 / University of Washington / Seattle, WA 98195
PGP pubkey: finger lamontg () raven genome washington edu | pgp -fka

Current thread:

SNMP to nmap? Michael Dodwell (Dec 16)
- Re: SNMP to nmap? Emerson (Dec 17)
  - Re: SNMP to nmap? Matthew Franz (Dec 17)
    - Re: SNMP to nmap? Lamont Granquist (Dec 17)
    - NMAP IRIX Port Lamont Granquist (Dec 17)
    - Hey, Fyodor, How does this OS Scan stuff work? Lamont Granquist (Dec 17)
    - Re: SNMP to nmap? Evan Brewer (Dec 17)
    - RPC portscanning Lamont Granquist (Dec 17)
    - Re: RPC portscanning Evan Brewer (Dec 17)
    - Re: SNMP to nmap? ubik (Dec 17)
    - Re: SNMP to nmap? Evan Brewer (Dec 17)
- <Possible follow-ups>
- Re: SNMP to nmap? James W. Abendschan (Dec 17)