Nmap Development mailing list archives
Re: IPv6 Hop Limit as feature in FPEngine
From: Alexandru Geana <alex () alegen net>
Date: Thu, 26 Feb 2015 13:43:24 +0100
On 02/24, David Fifield wrote:
I think it's worth looking into this issue more closely, if it interests you.
Yes yes it does. Thank you for the feedback, it is greatly appreciated
especially during the early stages.
I thought about your previous comments and I made some slight changes to
the patches. For each fingerprint, I check the value of the hop limit
field from all responses and choose the one with the highest frequency.
Applied to your example:
# Linux web 2.6.39.1-x86_64-linode19 #1 SMP Tue Jun 21 10:04:20 EDT 2011 x86_64 x86_64 x86_64 GNU/Linux, from david
SCAN(V=5.61TEST4%OT=22%CT=1%CU=43013%DS=5%DC=I)
S1(P=6000{4}28063cXX{32}0016d16db53cd79b11e290fda01237c8e5b10000020405a00402080a56b00078ff{4}01030307%ST=0.040266%RT=0.053091)
S2(P=6000{4}28063cXX{32}0016d16ebbc9586611e290fea01237c85df40000020405a00402080a56b000dcff{4}01030307%ST=0.140216%RT=0.153378)
S3(P=6000{4}2806fbXX{32}0016d16fc1a1601211e290ffa01237c853090000020405a00101080a56b00142ff{4}01030307%ST=0.240215%RT=0.255098)
S4(P=6000{4}28063cXX{32}0016d170c79360b211e29100a01237c849120000020405a00402080a56b001a4ff{4}01030307%ST=0.340212%RT=0.353178)
S5(P=6000{4}28063cXX{32}0016d171cd323b5411e29101a01237c8686b0000020405a00402080a56b00208ff{4}01030307%ST=0.440216%RT=0.453243)
^^
the value of the common fingerprint hop limit would be 3c.
In addition, I also added some code to the python tooling to parse the
scan line of each fingerprint and I now take into consideration the DS
value when guessing the original hop limit. For the c/c++ code, the hop
distance calculations was aleardy there, just needed to find my way to
it.
Let me know if/what you think can still be improved.
Best regards,
Alexandru Geana
alegen.net
Attachment:
nmap.diff
Description:
Attachment:
ipv6tests.diff
Description:
Attachment:
signature.asc
Description: Digital signature
_______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- IPv6 Hop Limit as feature in FPEngine Alexandru Geana (Feb 23)
- Re: IPv6 Hop Limit as feature in FPEngine David Fifield (Feb 23)
- Re: IPv6 Hop Limit as feature in FPEngine Alexandru Geana (Feb 24)
- Re: IPv6 Hop Limit as feature in FPEngine David Fifield (Feb 24)
- Re: IPv6 Hop Limit as feature in FPEngine Alexandru Geana (Feb 26)
- Re: IPv6 Hop Limit as feature in FPEngine Alexandru Geana (Feb 24)
- Re: IPv6 Hop Limit as feature in FPEngine David Fifield (Feb 24)
- Re: IPv6 Hop Limit as feature in FPEngine Alexandru Geana (Mar 11)
- Re: IPv6 Hop Limit as feature in FPEngine David Fifield (Mar 12)
- Re: IPv6 Hop Limit as feature in FPEngine Alexandru Geana (Mar 19)
- Re: IPv6 Hop Limit as feature in FPEngine David Fifield (Mar 19)
- Re: IPv6 Hop Limit as feature in FPEngine Alexandru Geana (Mar 23)
- Re: IPv6 Hop Limit as feature in FPEngine David Fifield (Mar 23)
- Re: IPv6 Hop Limit as feature in FPEngine Alexandru Geana (Mar 26)
- Re: IPv6 Hop Limit as feature in FPEngine David Fifield (Feb 23)