[nse] very strange bug on Leopard - endian problems?

[majek04 <majek04+nmap-dev () gmail com>]

Hi!

While developing os.nse[1] I found a bug, maybe someone
can help me with it.

This is what I get with simple debugging patch [2].

on leopard:
$ export NMAPDIR=.; sudo ./nmap -sP  scanme.nmap.org 2>&1

Starting Nmap 4.60 ( http://nmap.org ) at 2008-03-31 15:00 CEST
-- sendto in send_ip_packet: sendto(4, packet, 40, 0, 205.217.153.62, 16) --
-- TCP 192.168.1.8:52620 > 205.217.153.62:80 A ttl=47 id=23788
iplen=10240  seq=1523082815 win=4096 ack=494690232

         4500 2800 5cec 0000 2f06 061c c0a8 0108  E.(.\.../.......
         cdd9 993e cd8c 0050 5ac8 663f 1d7c 5fb8  ...>...PZ.f?.|_.
         5010 1000 6af3 0000                      P...j...



on ubuntu:
$ export NMAPDIR=.; sudo ./nmap -sP  scanme.nmap.org 2>&1

Starting Nmap 4.53 ( http://nmap.org ) at 2008-03-31 15:00 CEST
-- sendto in send_ip_packet: sendto(5, packet, 40, 0, 205.217.153.62, 16) --
-- TCP 192.168.1.108:36822 > 205.217.153.62:80 A ttl=54 id=61594
iplen=40  seq=2094391883 win=3072 ack=450128082

         4500 0028 f09a 0000 3606 6b09 c0a8 016c  E..(....6.k....l
         cdd9 993e 8fd6 0050 7cd5 e24b 1ad4 68d2  ...>...P|..K..h.
         5010 0c00 07ba 0000                      P.......


You see the ip length field? Wtf? 0028 or 2800?
Do we have some endian problems?


Marek Majkowski

[1] http://seclists.org/nmap-dev/2008/q1/0551.html
[2] http://ai.pjwstk.edu.pl/~majek/dump/tcpipcc-debug-sendto.diff

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org