Nmap Announce mailing list archives

Re: [tcpdump-workers] patch to print TCP RST data with -v option (fwd)

From: Kevin Steves <stevesk () sweden hp com>
Date: Sun, 16 Jul 2000 09:39:55 +0200 (METDST)

On Sat, 15 Jul 2000, Darren Reed wrote:

Hmmm, those ascii messages in RST packets should be very fruitful when it
comes to doing system identification :-)


Indeed, and I wonder if it makes sense to add this as an OS detection
technique to nmap.  I've also seen text messages from Solaris 2.7, though
they seem somewhat unpredictable.

Even more, if you get messages like the one below from HP-UX 11.0, it gives
big clues on what's open, etc.


For HP-UX 11.0, you can set tcp_text_in_resets to 0 to disable this
feature:

# ndd -get /dev/tcp tcp_text_in_resets
1
# ndd -set /dev/tcp tcp_text_in_resets 0
# ndd -get /dev/tcp tcp_text_in_resets
0

Add to /etc/rc.config.d/nddconf to have it configured at system startup.

http://people.hp.se/stevesk/bastion11.html covers this and other stuff on
HP-UX 11.


--------------------------------------------------
For help using this (nmap-hackers) mailing list, send a blank email to 
nmap-hackers-help () insecure org . List run by ezmlm-idx (www.ezmlm.org).

Current thread:

Re: [tcpdump-workers] patch to print TCP RST data with -v option (fwd) Darren Reed (Jul 15)
- Re: [tcpdump-workers] patch to print TCP RST data with -v option (fwd) Kevin Steves (Jul 17)