Nmap Development mailing list archives
U1 probe RUD test question
From: "Thomas Tavaris J (Tavaris)" <tjthomas () LGSInnovations com>
Date: Thu, 2 Apr 2009 14:52:42 -0400
Hello, I'm still looking at the quality of the tests that nmap sends and I have a question regarding the U1,RUD test. Why is this test producing a G value when wireshark, tshark, and tcpdump data shows no UDP data (from the probe) is contained in the encapsulated ICMP port unreachable packet? This is especially prevalent when scanning Cisco routers. The nmap-os-db file says Cisco IOS should report G for the RUD test. From my (limited) observations this hasn't been the case. Also the nmap-os-db file the MatchPoint value is 100 (which implies a high quality test). In my observations over 1650 values for G appear in the database but would also imply this test doesn't differentiate a lot of systems with this test value. Anyone have any insight? -Tavaris _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- U1 probe RUD test question Thomas Tavaris J (Tavaris) (Apr 02)
- Re: U1 probe RUD test question David Fifield (Apr 02)
- Re: U1 probe RUD test question David Fifield (Apr 02)
- Re: U1 probe RUD test question David Fifield (Apr 07)
- Re: U1 probe RUD test question David Fifield (Apr 02)
- Re: U1 probe RUD test question David Fifield (Apr 02)