Nmap Development mailing list archives
Re: Bad IP-checksums
From: "Michael Pattrick" <mpattrick () rhinovirus org>
Date: Fri, 15 Aug 2008 18:38:38 -0400
On Fri, Aug 15, 2008 at 4:07 PM, Fyodor <fyodor () insecure org> wrote:
On Fri, Aug 15, 2008 at 03:11:02PM +0200, Gisle Vanem wrote:After some digging, I found two places where 'ip->ip_sum' wasn't cleared before calculating the sum. I believe the omission in osscan2.cc that was causing me trouble. A patch against today's svn:Did this actually fix the problem for you? For osscan2.cc, it looks at first glance like ip_sum should already be zero because of line 3064: memset((char *) packet, 0, sizeof(struct ip) + sizeof(struct udp_hdr));
This fixed the problem for me, after debugging a bit I noticed that the ip check sum is set after: realcheck = magic_tcpudp_cksum(source, victim, IPPROTO_UDP, sizeof(struct udp_hdr) + datalen, (char *) udp); The actual checksum value seems to change at line 1052 of tcpip.cc, but I'm not sure why. Hope this helps, Michael _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Bad IP-checksums Gisle Vanem (Jul 25)
- Re: Bad IP-checksums Brandon Enright (Jul 25)
- Re: Bad IP-checksums David Fifield (Jul 25)
- Re: Bad IP-checksums Brandon Enright (Jul 25)
- Re: Bad IP-checksums Gisle Vanem (Jul 26)
- Re: Bad IP-checksums Gisle Vanem (Jul 26)
- Re: Bad IP-checksums Gisle Vanem (Aug 15)
- Re: Bad IP-checksums Fyodor (Aug 15)
- Re: Bad IP-checksums Gisle Vanem (Aug 15)
- Re: Bad IP-checksums Michael Pattrick (Aug 15)
- Re: Bad IP-checksums Gisle Vanem (Aug 16)
- Re: Bad IP-checksums David Fifield (Aug 20)
- Re: Bad IP-checksums Michael Pattrick (Aug 20)
- Re: Bad IP-checksums Gisle Vanem (Aug 21)
- Re: Bad IP-checksums David Fifield (Aug 21)
- Re: Bad IP-checksums David Fifield (Jul 25)
- Re: Bad IP-checksums Brandon Enright (Jul 25)