Nmap Development mailing list archives
Re: Nmap-os-db probe values
From: Fyodor <fyodor () insecure org>
Date: Thu, 19 Mar 2009 10:34:03 -0700
On Thu, Mar 19, 2009 at 10:51:38AM -0400, Thomas Tavaris J (Tavaris) wrote:
Hi Folks, I've been looking through the nmap-os-db (database file) and had a question. For the SEQ (ISR) - TCP ISN counter rate test, the nmap documentation says this value should be an integer value calculated from an array of values in the seq_array. When I look at the values in the database, I primarily see ranges of hex values "XX-XX". Could someone provide some clarification for the range values I am seeing? Thanks.
Hi Tavaris. The test produces a single value for a single scan of a machine. But given that this is a statistical test on a small sample size (responses to 6 probes), you might get 0x21 for one scan and then 0x23 for the next. So in the nmap-os-db, we include the range of values we've seen, plus a little bit of buffer room to account for slight outliers. The reasoning is similar for SEQ.GCD. Cheers, -F
-Tavaris _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Nmap-os-db probe values Thomas Tavaris J (Tavaris) (Mar 19)
- Re: Nmap-os-db probe values Fyodor (Mar 19)