diff --git a/idle_scan.cc b/idle_scan.cc index ebabfe9bc..c2d173c37 100644 --- a/idle_scan.cc +++ b/idle_scan.cc @@ -282,7 +282,7 @@ static int ipid_proxy_probe(struct idle_proxy_info *proxy, int *probes_sent, o.ipoptions, o.ipoptionslen, base_port + tries, proxy->probe_port, seq_base + (packet_send_count++ * 500) + 1, ack, 0, TH_SYN | TH_ACK, 0, 0, - (u8 *) "\x02\x04\x05\xb4", 4, + (u8 *) TCP_SYN_PROBE_OPTIONS, TCP_SYN_PROBE_OPTIONS_LEN, NULL, 0); else { ipv6_packet = build_tcp_raw_ipv6(proxy->host.v6sourceip(), proxy->host.v6hostip(), @@ -290,7 +290,7 @@ static int ipid_proxy_probe(struct idle_proxy_info *proxy, int *probes_sent, o.ttl, base_port + tries, proxy->probe_port, seq_base + (packet_send_count++ * 500) + 1, ack, 0, TH_SYN | TH_ACK, 0, 0, - (u8 *) "\x02\x04\x05\xb4", 4, + (u8 *) TCP_SYN_PROBE_OPTIONS, TCP_SYN_PROBE_OPTIONS_LEN, NULL, 0, &packetlen); proxy->host.TargetSockAddr(&ss, &sslen); @@ -728,7 +728,7 @@ static void initialize_idleproxy(struct idle_proxy_info *proxy, char *proxyName, o.ipoptions, o.ipoptionslen, o.magic_port + probes_sent + 1, proxy->probe_port, sequence_base + probes_sent + 1, ack, 0, TH_SYN | TH_ACK, 0, 0, - (u8 *) "\x02\x04\x05\xb4", 4, + (u8 *) TCP_SYN_PROBE_OPTIONS, TCP_SYN_PROBE_OPTIONS_LEN, NULL, 0); else if (o.af() == AF_INET6) { ipv6_packet = build_tcp_raw_ipv6(proxy->host.v6sourceip(), proxy->host.v6hostip(), @@ -736,7 +736,7 @@ static void initialize_idleproxy(struct idle_proxy_info *proxy, char *proxyName, o.ttl, o.magic_port + probes_sent + 1, proxy->probe_port, sequence_base + probes_sent + 1, ack, 0, TH_SYN | TH_ACK, 0, 0, - (u8 *) "\x02\x04\x05\xb4", 4, + (u8 *) TCP_SYN_PROBE_OPTIONS, TCP_SYN_PROBE_OPTIONS_LEN, NULL, 0, &packetlen); res = send_ip_packet(proxy->rawsd, proxy->ethptr, &ss, ipv6_packet, packetlen); @@ -922,16 +922,16 @@ static void initialize_idleproxy(struct idle_proxy_info *proxy, char *proxyName, o.ipoptions, o.ipoptionslen, o.magic_port, proxy->probe_port, sequence_base + probes_sent + 1, ack, 0, TH_SYN | TH_ACK, 0, 0, - (u8 *) "\x02\x04\x05\xb4", - 4, NULL, 0); + (u8 *) TCP_SYN_PROBE_OPTIONS, + TCP_SYN_PROBE_OPTIONS_LEN, NULL, 0); } else { ipv6_packet = build_tcp_raw_ipv6(target->v6hostip(), proxy->host.v6hostip(), 0x00, 0x0000, o.ttl, o.magic_port, proxy->probe_port, sequence_base + probes_sent + 1, ack, 0, TH_SYN | TH_ACK, 0, 0, - (u8 *) "\x02\x04\x05\xb4", - 4, NULL, 0, + (u8 *) TCP_SYN_PROBE_OPTIONS, + TCP_SYN_PROBE_OPTIONS_LEN, NULL, 0, &packetlen); res = send_ip_packet(proxy->rawsd, proxy->ethptr, &ss, ipv6_packet, packetlen); if (res == -1) @@ -1096,14 +1096,14 @@ static int idlescan_countopen2(struct idle_proxy_info *proxy, o.ttl, false, o.ipoptions, o.ipoptionslen, proxy->probe_port, ports[pr0be], seq, 0, 0, TH_SYN, 0, 0, - (u8 *) "\x02\x04\x05\xb4", 4, + (u8 *) TCP_SYN_PROBE_OPTIONS, TCP_SYN_PROBE_OPTIONS_LEN, o.extra_payload, o.extra_payload_length); } else { packet = build_tcp_raw_ipv6(proxy->host.v6hostip(), target->v6hostip(), 0x00, 0x0000, o.ttl, proxy->probe_port, ports[pr0be], seq, 0, 0, TH_SYN, 0, 0, - (u8 *) "\x02\x04\x05\xb4", 4, + (u8 *) TCP_SYN_PROBE_OPTIONS, TCP_SYN_PROBE_OPTIONS_LEN, o.extra_payload, o.extra_payload_length, &packetlen); res = send_ip_packet(proxy->rawsd, eth.ethsd ? ð : NULL, &ss, packet, packetlen); diff --git a/nmap.h b/nmap.h index 62e95cb7f..c6c99d27f 100644 --- a/nmap.h +++ b/nmap.h @@ -232,6 +232,10 @@ #define MAXFALLBACKS 20 /* How many comma separated fallbacks are allowed in the service-probes file? */ +/* TCP Options for TCP SYN probes: MSS 1460 */ +#define TCP_SYN_PROBE_OPTIONS "\x02\x04\x05\xb4" +#define TCP_SYN_PROBE_OPTIONS_LEN (sizeof(TCP_SYN_PROBE_OPTIONS)-1) + /* Default maximum send delay between probes to the same host */ #ifndef MAX_TCP_SCAN_DELAY #define MAX_TCP_SCAN_DELAY 1000 diff --git a/scan_engine_raw.cc b/scan_engine_raw.cc index 54f258ae4..0d9cdfa87 100644 --- a/scan_engine_raw.cc +++ b/scan_engine_raw.cc @@ -1307,8 +1307,8 @@ UltraProbe *sendIPScanProbe(UltraScanInfo *USI, HostScanStats *hss, seq = seq32_encode(USI, tryno, pingseq); if (pspec->pd.tcp.flags & TH_SYN) { - tcpops = (u8 *) "\x02\x04\x05\xb4"; - tcpopslen = 4; + tcpops = (u8 *) TCP_SYN_PROBE_OPTIONS; + tcpopslen = TCP_SYN_PROBE_OPTIONS_LEN; } if (hss->target->af() == AF_INET) { diff --git a/traceroute.cc b/traceroute.cc index 4804187dd..b49cc52f3 100644 --- a/traceroute.cc +++ b/traceroute.cc @@ -745,8 +745,8 @@ public: ack = 0; if ((pspec.pd.tcp.flags & TH_SYN) == TH_SYN) { /* MSS 1460 bytes. */ - tcpopts = "\x02\x04\x05\xb4"; - tcpoptslen = 4; + tcpopts = TCP_SYN_PROBE_OPTIONS; + tcpoptslen = TCP_SYN_PROBE_OPTIONS_LEN; } else if ((pspec.pd.tcp.flags & TH_ACK) == TH_ACK) { ack = get_random_u32(); }