Nmap Development mailing list archives
RE: nmap and predictable ISN's or SN's
From: "Fernando Cardoso" <fernando.cardoso () whatevernet com>
Date: Tue, 6 Nov 2001 10:56:07 -0000
Better yet. ISNprober by Tom Vandepoel. # isnprober -c www:80 www2:443 -- ISNprober / 1.01 / Tom Vandepoel (Tom.Vandepoel () ubizen com) -- Using eth0:z.z.z.z Probing host: www on TCP port 80. Probing host: www2 on TCP port 443. Host:port ISN Delta www3:80 1832271647 www2:443 1833423850 1152203 www:80 1833668032 244182 www2:443 1834155463 487431 www:80 1834484097 328634 www2:443 1835762782 1278685 www:80 [+] <> www2:443 [+] == [+] Cheers Fernando -- Fernando Cardoso - Security Consultant WhatEverNet Computing, S.A. Phone : +351 21 7994200 Praca de Alvalade, 6 - Piso 6 Fax : +351 21 7994242 1700-036 Lisboa - Portugal email : fernando.cardoso () whatevernet com http://www.whatevernet.com/
-----Original Message----- From: Denis Ducamp [mailto:Denis.Ducamp () hsc fr] Sent: terça-feira, 6 de Novembro de 2001 10:45 To: nmap-dev () insecure org Subject: Re: nmap and predictable ISN's or SN's On Tue, Nov 06, 2001 at 11:23:43AM +0100, Ralf Hildebrandt wrote:Hi!Hi,Today I was looking at http://razor.bindview.com/publish/papers/tcpseq.htmla great paper :)and asked myself if nmap could be used to gather this dataduring a scan. the -Q option from hping http://www.hping.org/ is certainly what you need : # ./hping2 -S -p 80 -c 10 -Q www HPING www (eth0 192.168.1.25): S set, 40 headers + 0 data bytes 1048123854 +1048123854 1983594997 +935471143 1361981332 +3673353630 433528998 +3366514961 727732780 +294203782 959329434 +231596654 1885473328 +926143894 235633102 +2645127069 965566788 +729933686 1781858662 +816291874 --- www hping statistic --- 10 packets tramitted, 10 packets received, 0% packet loss round-trip min/avg/max = 81.9/107.2/140.3 ms From the HPING2(8) page : -Q --seqnum This option can be used in order to collect sequence numbers generated by target host. This can be useful when you need to analyze whether TCP sequence number is predictable. Output example: [...] The first column reports the sequence number, the second difference between current and last sequence number. As you can see target host's sequence num bers are predictable.To analyse it using gnuplot is fairly easy then.Denis Ducamp. -- Denis.Ducamp () hsc fr --- Hervé Schauer Consultants --- http://www.hsc.fr/ Owl/Openwall/snort/hping/dsniff en français http://www.groar.org/trad/ Owl en français http://www.openwall.com/Owl/fr/ Du bon usage de ... http://usenet-fr.news.eu.org/fr-chartes/rfc1855.html --------------------------------------------------------------------- For help using this (nmap-dev) mailing list, send a blank email to nmap-dev-help () insecure org . List run by ezmlm-idx (www.ezmlm.org).
_____________________________________________________________________ INTERNET MAIL FOOTER A presente mensagem pode conter informação considerada confidencial. Se o receptor desta mensagem não for o destinatário indicado, fica expressamente proibido de copiar ou endereçar a mensagem a terceiros. Em tal situação, o receptor deverá destruir a presente mensagem e por gentileza informar o emissor de tal facto. --------------------------------------------------------------------- Privileged or confidential information may be contained in this message. If you are not the addressee indicated in this message, you may not copy or deliver this message to anyone. In such case, you should destroy this message and kindly notify the sender by reply email. --------------------------------------------------------------------- --------------------------------------------------------------------- For help using this (nmap-dev) mailing list, send a blank email to nmap-dev-help () insecure org . List run by ezmlm-idx (www.ezmlm.org).
Current thread:
- nmap and predictable ISN's or SN's Ralf Hildebrandt (Nov 06)
- Re: nmap and predictable ISN's or SN's Denis Ducamp (Nov 06)
- RE: nmap and predictable ISN's or SN's Fernando Cardoso (Nov 06)
- Re: nmap and predictable ISN's or SN's Ralf Hildebrandt (Nov 06)
- Re: nmap and predictable ISN's or SN's Denis Ducamp (Nov 06)