Nmap Development mailing list archives
Re: [PATCH] TCP Idle Scan in IPv6
From: David Fifield <david () bamsoftware com>
Date: Sat, 29 Jun 2013 19:21:02 -0700
On Sat, Jun 29, 2013 at 02:47:00PM -0700, David Fifield wrote:
+ //for me, htonl is not necessary, instead diving by 2 if (seqclass == IPID_SEQ_BROKEN_INCR) { /* Convert to network byte order */ - startid = htons(startid); - endid = htons(endid); - return endid - startid; + //startid = htonl(startid); + //endid = htonl(endid); + return (endid - startid)/2; }You seem to be treating IPID_SEQ_BROKEN_INCR as meaning "counts by 2," but it really means "counts by 1 but byteswapped." That is, instead of counting 0000,0001,0002,...,00ff,0100,0101,0102,...,feff,ff00,ff01,... it counts 0000,0100,0200,...,ff00,0001,0101,0201,...,fffe,00ff,01ff,... You probably need to add a new IPID_SEQ define for "counts by 2." That said, calling htons to swap bytes will not work on big-endian platforms, which is a bug in the current code.
I committed a fix for this in r31162. David Fifield _______________________________________________ Sent through the dev mailing list http://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Re: Re: [Paper] New Idle Scan Techniques Mathias Morbitzer (May 27)
- Re: Re: [Paper] New Idle Scan Techniques David Fifield (May 27)
- Re: [Paper] New Idle Scan Techniques Mathias Morbitzer (May 28)
- [PATCH] TCP Idle Scan in IPv6 Mathias Morbitzer (Jun 03)
- Re: [PATCH] TCP Idle Scan in IPv6 Paulino Calderon (Jun 03)
- Re: [PATCH] TCP Idle Scan in IPv6 Luis MartinGarcia (Jun 03)
- Re: [PATCH] TCP Idle Scan in IPv6 Mathias Morbitzer (Jun 03)
- Re: [PATCH] TCP Idle Scan in IPv6 David Fifield (Jun 29)
- Re: [PATCH] TCP Idle Scan in IPv6 David Fifield (Jun 29)
- Re: Re: [Paper] New Idle Scan Techniques David Fifield (May 27)