Nmap Development mailing list archives
Re: Minor change to "Chapter 8. Remote OS Detection"
From: Kris Katterjohn <katterjohn () gmail com>
Date: Sat, 07 May 2011 10:42:13 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 05/07/2011 05:13 AM, Luis MartinGarcia. wrote:
Hi, Current version of "Chapter 8. Remote OS Detection" says: "That length varies by implementation because they are allowed to choose how much data from the original probe to include, as long as they meet the minimum RFC 792 requirement. That requirement is to include the original IP header and at least eight bytes of data." I've been reading RFC 792, and the sentence above is not correct. Nowhere in the RFC it says that they are allowed to choose how much data from the original probe to include. I know implementations do what they want, but in theory, they should only include the original IP header plus the next 64 bits of data. This is why I suggest re-writing the sentence to something like the following: "That length varies because, although RFC 792 requires the inclusion of the original IP header plus the next 8 octets of data, some implementations include the whole datagram or more than 8 bytes of its payload." I attach a patch for this, although some native English speaker may want to do a bit of rewording.
Section 3.2.2 of RFC 1122 (Requirements for Internet Hosts): "Every ICMP error message includes the Internet header and at least the first 8 data octets of the datagram that triggered the error; more than 8 octets MAY be sent; this header and data MUST be unchanged from the received datagram." This RFC updates and corrects some details in previous RFCs like 792 and 793, and is the one implementations would follow for things like this, so just changing the RFC number in Ch8 would be more accurate.
Regards, Luis MartinGarcia.
Cheers, Kris Katterjohn -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBAgAGBQJNxWhVAAoJEEQxgFs5kUfuUTMP/iyjKGZ5ljkhg1yTL2kGjt0B MskS3LbRW1OK+2XSPoO2Smk0Q13hU14RfqheDR6CrQ20Vc8UYLtKtL58g/RFdBUx 3L4aZr29XGmXOHbMbIh2A/THxIzZAzg1/eCwM8uexFq7WufHED+Av4HHMi07fqS7 GveJFZPlXhB6NmxsHFK47eUw/f9ObCdIQIieqzRNq5wIYry8BDxoXp+dBKmxe6Th OIC5gWzm8TZ5VoaM91JW0jS0mX7xtOVQF0XF8EXYwHy5Iir9zIdVxV6DGlkk3Cdr YiUN6UfSQ0Hftd+PCbZRS3EsGHh8CFVCIF+U6oSsW+clrJs5uCaGvEzL5oWY3ljS 5wj1XW6j8OjLrlt98Bsd69Rf8JMwkjdj7LIfYIkHMYIttWIJMdQqJfpcdwFqS6dB 7VMCFY2b/O1MU2McFbybMp5LKg/YztdQaPpZP1Ah+tq2PdFJaUf7XDNAe/orhQwf aqSLqr/f43//4Rhmr+SOk3GhP0zXhrcsHos6hvVjzL7Lx77vI1d+7N1WY5q2J7eU db5fHWCuGUguupkaYrk80vHJrBf6QyrdLg87MUUPpM8T50jP4CiqgmNJftyHSlgk 64HdDd9tfOIiLkFIpTeIixkcZ6fAjc0EIso3OU8E8g9wD6CRZEdm2DSustgbTuSe qjUvvz06ZDYR2vHddSF2 =L2Vm -----END PGP SIGNATURE----- _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Minor change to "Chapter 8. Remote OS Detection" Luis MartinGarcia. (May 07)
- Re: Minor change to "Chapter 8. Remote OS Detection" Kris Katterjohn (May 07)
- Re: Minor change to "Chapter 8. Remote OS Detection" Luis MartinGarcia. (May 07)
- Re: Minor change to "Chapter 8. Remote OS Detection" Fyodor (May 11)
- Re: Minor change to "Chapter 8. Remote OS Detection" Luis MartinGarcia. (May 07)
- Re: Minor change to "Chapter 8. Remote OS Detection" Kris Katterjohn (May 07)