nmap for windows fix

["Andy Lutomirski" <AMLuto () hotmail com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

If you are using the Windows version of nMap, and you have win2k or
winxp, you are probably experiencing slow scans in some cases. 
Here's a quick patch that hopefully fixes it :)

In tcpip.c, replace:

int flt_icmptcp_2port(const char *packet, int len)
{
  struct ip* ip = (struct ip*)packet;
  if(ip->ip_dst.s_addr != flt_dsthost) return 0;
  if(ip->ip_p == IPPROTO_ICMP) return 1;
  if(ip->ip_src.s_addr != flt_srchost) return 0;
  if(ip->ip_p == IPPROTO_TCP)
    {
      struct tcphdr* tcp = (struct tcphdr *) (((char *) ip) + 4 *
ip->ip_hl);
      if(len < 4 * ip->ip_hl + 4) return 0;
      if(tcp->th_dport == flt_baseport || tcp->th_dport ==
flt_baseport + 1)
 return 1;
    }
  
  return 0;
}

with:

int flt_icmptcp_2port(const char *packet, int len)
{
  unsigned short dport;
  struct ip* ip = (struct ip*)packet;
  if(ip->ip_dst.s_addr != flt_dsthost) return 0;
  if(ip->ip_p == IPPROTO_ICMP) return 1;
  if(ip->ip_src.s_addr != flt_srchost) return 0;
  if(ip->ip_p == IPPROTO_TCP)
    {
      struct tcphdr* tcp = (struct tcphdr *) (((char *) ip) + 4 *
ip->ip_hl);
      if(len < 4 * ip->ip_hl + 4) return 0;
   dport = ntohs(tcp->th_dport);
      if(dport == flt_baseport || dport == flt_baseport + 1)
 return 1;
    }
  
  return 0;
}

Also, in the spirit of killing possible old bugs, please tell me if
you are having particularly good or bad experiences with
fingerprinting on windows.  Send in the output with --win_trace -d.

Thanks,
Andy

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com>

iQA/AwUBO9j2PzF1mpyDznXTEQLr7wCfeA5pl0LNwc6JhENwbFpoXTLU8uAAniD+
swqh4kUbf+Cca1iUTSIOuWPN
=tu+p
-----END PGP SIGNATURE-----


--------------------------------------------------
For help using this (nmap-hackers) mailing list, send a blank email to 
nmap-hackers-help () insecure org . List run by ezmlm-idx (www.ezmlm.org).