Re: TCP window, options information

[Vasiliy Kulikov <segoon () openwall com>]

On Sat, Sep 24, 2011 at 13:54 -0700, David Fifield wrote:
> But also, it might be ambiguous. Some operating systems have different
> initial window sizes for different probes, for example (see W1-W6):
...
> I have also seen the same OS send different TCP options (particularly
> FreeBSD). Notice how the MSS differs in each response, and how O6 is
> missing the "W" window scale.

Looks strange.  However, even such "nonstable" results is better than
nothing.  E.g. if OS decided to include some option in one case and not
to include it in another case because of some heuristics, it's still
interesting to see that OS supports the option at all (IOW, selects it
at least sometimes).  And the detection of syn cookies unlikely can be
stable as they are used at the high load only (at least this is Linux
case).

So, I think the logic of the script should be - send some random syn
packets to the opened port(s) and output the superset of all received
options (probably, with frequency occurance to identify whether the
option is always on or is heuristic) and window ranges.

Other opinions are welcome.

Thanks,

-- 
Vasiliy Kulikov
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/