Nmap Announce mailing list archives
Re: [tcpdump-workers] patch to print TCP RST data with -v option (fwd)
From: Kevin Steves <stevesk () sweden hp com>
Date: Sun, 16 Jul 2000 09:39:55 +0200 (METDST)
On Sat, 15 Jul 2000, Darren Reed wrote:
Hmmm, those ascii messages in RST packets should be very fruitful when it comes to doing system identification :-)
Indeed, and I wonder if it makes sense to add this as an OS detection technique to nmap. I've also seen text messages from Solaris 2.7, though they seem somewhat unpredictable.
Even more, if you get messages like the one below from HP-UX 11.0, it gives big clues on what's open, etc.
For HP-UX 11.0, you can set tcp_text_in_resets to 0 to disable this feature: # ndd -get /dev/tcp tcp_text_in_resets 1 # ndd -set /dev/tcp tcp_text_in_resets 0 # ndd -get /dev/tcp tcp_text_in_resets 0 Add to /etc/rc.config.d/nddconf to have it configured at system startup. http://people.hp.se/stevesk/bastion11.html covers this and other stuff on HP-UX 11. -------------------------------------------------- For help using this (nmap-hackers) mailing list, send a blank email to nmap-hackers-help () insecure org . List run by ezmlm-idx (www.ezmlm.org).
Current thread:
- Re: [tcpdump-workers] patch to print TCP RST data with -v option (fwd) Darren Reed (Jul 15)
- Re: [tcpdump-workers] patch to print TCP RST data with -v option (fwd) Kevin Steves (Jul 17)