Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Nmap-os-db probe values

From: Fyodor <fyodor () insecure org>
Date: Thu, 19 Mar 2009 10:34:03 -0700
On Thu, Mar 19, 2009 at 10:51:38AM -0400, Thomas Tavaris J (Tavaris) wrote:

Hi Folks,

I've been looking through the nmap-os-db (database file) and had a
question. For the SEQ (ISR) - TCP ISN counter rate test,  the nmap
documentation says this value should be an integer value calculated from
an array of values in the seq_array. When I look at the values in the
database, I primarily see ranges of hex values "XX-XX". Could someone
provide some clarification for the range values I am seeing? Thanks.


Hi Tavaris.  The test produces a single value for a single scan of a
machine.  But given that this is a statistical test on a small sample
size (responses to 6 probes), you might get 0x21 for one scan and then
0x23 for the next.  So in the nmap-os-db, we include the range of
values we've seen, plus a little bit of buffer room to account for
slight outliers.  The reasoning is similar for SEQ.GCD.

Cheers,
-F










-Tavaris

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
Previous By Date Next
Previous By Thread Next

Current thread: