Decrease the value of the OS scan T test value by 1.

I changed the hop distance calculation in r26791 to include the end host, so that a directly connected target would be a distance 1, not 0, and so on. But I didn't adjust the calculation of the T test value to compensate. I noticed this in a lot of OS submissions that were directly connected having an estimated initial TTL of T=41, i.e., 65 rather than 64. http://seclists.org/nmap-dev/2011/q3/796
2026-02-13 08:56:34 +00:00 · 2012-10-13 20:37:21 +00:00
parent 1a97b5dd52
commit 22270f6868
1 changed files with 4 additions and 3 deletions
--- a/osscan2.cc
+++ b/osscan2.cc
@@ -1968,9 +1968,10 @@ void HostOsScan::makeFP(HostOsScanStats *hss) {

            if (hss->distance != -1) {
                /* We've gotten response for the UDP probe and thus have
-                   the "true" hop count. Add the received TTL to the hop
-                   count to get the initial TTL. */
-                it->value = string_pool_sprintf("%hX", ttl + hss->distance);
+                   the "true" hop count. Add the number of hops between
+                   us and the target (hss->distance - 1) to the received
+                   TTL to get the initial TTL. */
+                it->value = string_pool_sprintf("%hX", ttl + hss->distance - 1);
            } else {
                /* Guess the initial TTL value */
                it->attribute = "TG";