Nmap Development mailing list archives
Off by one in ICMP distance calculation?
From: David Fifield <david () bamsoftware com>
Date: Thu, 15 Sep 2011 09:48:51 -0700
During OS detection, we calculate distance by subtracting the encapsulated TTL in an ICMP error reply from the TTL we set originally when sending the probe: /* Count hop count */ if (hss->distance == -1) { hss->distance = this->udpttl - ip2->ip_ttl; } I think this is off by one: it reports one less than the actual distance. I added this debugging line: log_write(LOG_PLAIN, "TTL distance: %d - %d == %d\n", this->udpttl, ip2->ip_ttl, this->udpttl - ip2->ip_ttl); and I tried running with traceroute. Here's a remote host: TTL distance: 56 - 46 == 10 Network Distance: 11 hops TRACEROUTE (using port 53/tcp) HOP RTT ADDRESS 1 6.11 ms 192.168.0.1 ... 9 29.23 ms 10gigabitethernet1-1.core1.fmt1.he.net (72.52.92.109) 10 14.23 ms linode-llc.10gigabitethernet2-3.core1.fmt1.he.net (64.62.250.6) 11 17.00 ms li86-221.members.linode.com (74.207.244.221) and here's a directly connected host: TTL distance: 61 - 61 == 0 Network Distance: 1 hop TRACEROUTE HOP RTT ADDRESS 1 0.23 ms 192.168.0.3 Directly connected hosts are already treated as a special case and set to distance 1, so you would only notice the discrepancy against multiple-hop hosts. Does anyone else agree that this is off by one? David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Off by one in ICMP distance calculation? David Fifield (Sep 15)
- Re: Off by one in ICMP distance calculation? Luis MartinGarcia. (Sep 30)
- Re: Off by one in ICMP distance calculation? David Fifield (Sep 30)
- Re: Off by one in ICMP distance calculation? Luis MartinGarcia. (Sep 30)