diff --git a/Target.h b/Target.h index 2d39b6c12..1906e865f 100644 --- a/Target.h +++ b/Target.h @@ -138,6 +138,7 @@ #include "portlist.h" #include "tcpip.h" #include "scan_engine.h" +#include "osscan2.h" #include #include diff --git a/global_structures.h b/global_structures.h index 0fea520fb..c7980252a 100644 --- a/global_structures.h +++ b/global_structures.h @@ -128,24 +128,6 @@ #define GLOBAL_STRUCTURES_H -struct seq_info { - int responses; - int ts_seqclass; /* TS_SEQ_* defines in nmap.h */ - int ipid_seqclass; /* IPID_SEQ_* defines in nmap.h */ - u32 seqs[NUM_SEQ_SAMPLES]; - u32 timestamps[NUM_SEQ_SAMPLES]; - int index; - u16 ipids[NUM_SEQ_SAMPLES]; - long lastboot; /* 0 means unknown */ -}; - -/* Different kinds of Ipids. */ -struct ipid_info { - u32 tcp_ipids[NUM_SEQ_SAMPLES]; - u32 tcp_closed_ipids[NUM_SEQ_SAMPLES]; - u32 icmp_ipids[NUM_SEQ_SAMPLES]; -}; - /* The various kinds of port/protocol scans we can have * Each element is to point to an array of port/protocol numbers */ diff --git a/nmap.cc b/nmap.cc index 4908a575a..f7e226e8a 100644 --- a/nmap.cc +++ b/nmap.cc @@ -2788,63 +2788,6 @@ void free_scan_lists(struct scan_lists *ports) { free(ports->proto_ping_ports); } -char *seqreport(struct seq_info *seq) { - static char report[512]; - - Snprintf(report, sizeof(report), "TCP Sequence Prediction: Difficulty=%d (%s)\n", seq->index, seqidx2difficultystr(seq->index)); - return report; -} - -/* Convert a TCP sequence prediction difficulty index like 1264386 - into a difficulty string like "Worthy Challenge */ -const char *seqidx2difficultystr(unsigned long idx) { - return (idx < 3) ? "Trivial joke" : (idx < 6) ? "Easy" : (idx < 11) ? "Medium" : (idx < 12) ? "Formidable" : (idx < 16) ? "Worthy challenge" : "Good luck!"; -} - -const char *ipidclass2ascii(int seqclass) { - switch (seqclass) { - case IPID_SEQ_CONSTANT: - return "Duplicated ipid (!)"; - case IPID_SEQ_INCR: - return "Incremental"; - case IPID_SEQ_INCR_BY_2: - return "Incrementing by 2"; - case IPID_SEQ_BROKEN_INCR: - return "Broken little-endian incremental"; - case IPID_SEQ_RD: - return "Randomized"; - case IPID_SEQ_RPI: - return "Random positive increments"; - case IPID_SEQ_ZERO: - return "All zeros"; - case IPID_SEQ_UNKNOWN: - return "Busy server or unknown class"; - default: - return "ERROR, WTF?"; - } -} - -const char *tsseqclass2ascii(int seqclass) { - switch (seqclass) { - case TS_SEQ_ZERO: - return "zero timestamp"; - case TS_SEQ_2HZ: - return "2HZ"; - case TS_SEQ_100HZ: - return "100HZ"; - case TS_SEQ_1000HZ: - return "1000HZ"; - case TS_SEQ_OTHER_NUM: - return "other"; - case TS_SEQ_UNSUPPORTED: - return "none returned (unsupported)"; - case TS_SEQ_UNKNOWN: - return "unknown class"; - default: - return "ERROR, WTF?"; - } -} - diff --git a/nmap.h b/nmap.h index 94a81cfc0..469433f93 100644 --- a/nmap.h +++ b/nmap.h @@ -375,33 +375,10 @@ void *realloc(); /* For nonroot. */ #define DEFAULT_PING_CONNECT_PORT_SPEC "80,443" -/* How many syn packets do we send to TCP sequence a host? */ -#define NUM_SEQ_SAMPLES 6 - /* The max length of each line of the subject fingerprint when wrapped. */ #define FP_RESULT_WRAP_LINE_LEN 74 -/* TCP Timestamp Sequence */ -#define TS_SEQ_UNKNOWN 0 -#define TS_SEQ_ZERO 1 /* At least one of the timestamps we received back was 0 */ -#define TS_SEQ_2HZ 2 -#define TS_SEQ_100HZ 3 -#define TS_SEQ_1000HZ 4 -#define TS_SEQ_OTHER_NUM 5 -#define TS_SEQ_UNSUPPORTED 6 /* System didn't send back a timestamp */ - -#define IPID_SEQ_UNKNOWN 0 -#define IPID_SEQ_INCR 1 /* simple increment by one each time */ -#define IPID_SEQ_BROKEN_INCR 2 /* Stupid MS -- forgot htons() so it - counts by 256 on little-endian platforms */ -#define IPID_SEQ_RPI 3 /* Goes up each time but by a "random" positive - increment */ -#define IPID_SEQ_RD 4 /* Appears to select IPID using a "random" distributions (meaning it can go up or down) */ -#define IPID_SEQ_CONSTANT 5 /* Contains 1 or more sequential duplicates */ -#define IPID_SEQ_ZERO 6 /* Every packet that comes back has an IP.ID of 0 (eg Linux 2.4 does this) */ -#define IPID_SEQ_INCR_BY_2 7 /* simple increment by two each time */ - #ifndef MAXHOSTNAMELEN #define MAXHOSTNAMELEN 64 #endif @@ -443,13 +420,7 @@ void nmap_free_mem(); const char *statenum2str(int state); const char *scantype2str(stype scantype); void reaper(int signo); -char *seqreport(struct seq_info *seq); -const char *ipidclass2ascii(int seqclass); -const char *tsseqclass2ascii(int seqclass); -/* Convert a TCP sequence prediction difficulty index like 1264386 - into a difficulty string like "Worthy Challenge */ -const char *seqidx2difficultystr(unsigned long idx); int nmap_fetchfile(char *filename_returned, int bufferlen, const char *file); int nmap_fileexistsandisreadable(const char* pathname); int gather_logfile_resumption_state(char *fname, int *myargc, char ***myargv); diff --git a/osscan2.cc b/osscan2.cc index 26e9f0bcb..91be091db 100644 --- a/osscan2.cc +++ b/osscan2.cc @@ -390,6 +390,56 @@ int get_ipid_sequence_16(int numSamples, u32 *ipids, int islocalhost) { } } +/* Convert a TCP sequence prediction difficulty index like 1264386 + into a difficulty string like "Worthy Challenge */ +const char *seqidx2difficultystr(unsigned long idx) { + return (idx < 3) ? "Trivial joke" : (idx < 6) ? "Easy" : (idx < 11) ? "Medium" : (idx < 12) ? "Formidable" : (idx < 16) ? "Worthy challenge" : "Good luck!"; +} + +const char *ipidclass2ascii(int seqclass) { + switch (seqclass) { + case IPID_SEQ_CONSTANT: + return "Duplicated ipid (!)"; + case IPID_SEQ_INCR: + return "Incremental"; + case IPID_SEQ_INCR_BY_2: + return "Incrementing by 2"; + case IPID_SEQ_BROKEN_INCR: + return "Broken little-endian incremental"; + case IPID_SEQ_RD: + return "Randomized"; + case IPID_SEQ_RPI: + return "Random positive increments"; + case IPID_SEQ_ZERO: + return "All zeros"; + case IPID_SEQ_UNKNOWN: + return "Busy server or unknown class"; + default: + return "ERROR, WTF?"; + } +} + +const char *tsseqclass2ascii(int seqclass) { + switch (seqclass) { + case TS_SEQ_ZERO: + return "zero timestamp"; + case TS_SEQ_2HZ: + return "2HZ"; + case TS_SEQ_100HZ: + return "100HZ"; + case TS_SEQ_1000HZ: + return "1000HZ"; + case TS_SEQ_OTHER_NUM: + return "other"; + case TS_SEQ_UNSUPPORTED: + return "none returned (unsupported)"; + case TS_SEQ_UNKNOWN: + return "unknown class"; + default: + return "ERROR, WTF?"; + } +} + /* Start the timeout clocks of any targets that aren't already timedout */ static void startTimeOutClocks(OsScanInfo *OSI) { diff --git a/osscan2.h b/osscan2.h index 1c290f7ad..a216ad9a2 100644 --- a/osscan2.h +++ b/osscan2.h @@ -131,7 +131,8 @@ #include #include #include "timing.h" -#include "Target.h" +#include "osscan.h" +#include "tcpip.h" class Target; @@ -159,11 +160,52 @@ class Target; // between probes, leaving 500MS between 1st and 6th. #define OS_SEQ_PROBE_DELAY 100 +/* How many syn packets do we send to TCP sequence a host? */ +#define NUM_SEQ_SAMPLES 6 + +/* TCP Timestamp Sequence */ +#define TS_SEQ_UNKNOWN 0 +#define TS_SEQ_ZERO 1 /* At least one of the timestamps we received back was 0 */ +#define TS_SEQ_2HZ 2 +#define TS_SEQ_100HZ 3 +#define TS_SEQ_1000HZ 4 +#define TS_SEQ_OTHER_NUM 5 +#define TS_SEQ_UNSUPPORTED 6 /* System didn't send back a timestamp */ + +#define IPID_SEQ_UNKNOWN 0 +#define IPID_SEQ_INCR 1 /* simple increment by one each time */ +#define IPID_SEQ_BROKEN_INCR 2 /* Stupid MS -- forgot htons() so it + counts by 256 on little-endian platforms */ +#define IPID_SEQ_RPI 3 /* Goes up each time but by a "random" positive + increment */ +#define IPID_SEQ_RD 4 /* Appears to select IPID using a "random" distributions (meaning it can go up or down) */ +#define IPID_SEQ_CONSTANT 5 /* Contains 1 or more sequential duplicates */ +#define IPID_SEQ_ZERO 6 /* Every packet that comes back has an IP.ID of 0 (eg Linux 2.4 does this) */ +#define IPID_SEQ_INCR_BY_2 7 /* simple increment by two each time */ + /****************************************************************************** * TYPE AND STRUCTURE DEFINITIONS * ******************************************************************************/ +struct seq_info { + int responses; + int ts_seqclass; /* TS_SEQ_* defines in nmap.h */ + int ipid_seqclass; /* IPID_SEQ_* defines in nmap.h */ + u32 seqs[NUM_SEQ_SAMPLES]; + u32 timestamps[NUM_SEQ_SAMPLES]; + int index; + u16 ipids[NUM_SEQ_SAMPLES]; + long lastboot; /* 0 means unknown */ +}; + +/* Different kinds of Ipids. */ +struct ipid_info { + u32 tcp_ipids[NUM_SEQ_SAMPLES]; + u32 tcp_closed_ipids[NUM_SEQ_SAMPLES]; + u32 icmp_ipids[NUM_SEQ_SAMPLES]; +}; + struct udpprobeinfo { u16 iptl; u16 ipid; @@ -202,6 +244,12 @@ int get_diffs(u32 *ipid_diffs, int numSamples, u32 *ipids, int islocalhost); int get_ipid_sequence_16(int numSamples, u32 *ipids, int islocalhost); int get_ipid_sequence_32(int numSamples, u32 *ipids, int islocalhost); +const char *ipidclass2ascii(int seqclass); +const char *tsseqclass2ascii(int seqclass); + +/* Convert a TCP sequence prediction difficulty index like 1264386 + into a difficulty string like "Worthy Challenge */ +const char *seqidx2difficultystr(unsigned long idx); /****************************************************************************** * CLASS DEFINITIONS * ******************************************************************************/ diff --git a/output.cc b/output.cc index 02c862808..137d67f6f 100644 --- a/output.cc +++ b/output.cc @@ -130,6 +130,7 @@ #include "nmap.h" #include "output.h" #include "osscan.h" +#include "osscan2.h" #include "NmapOps.h" #include "NmapOutputTable.h" #include "MACLookup.h" @@ -2030,7 +2031,7 @@ void printosscanoutput(Target *currenths) { xml_close_empty_tag(); xml_newline(); if (o.verbose) - log_write(LOG_PLAIN, "%s", seqreport(&(currenths->seq))); + log_write(LOG_PLAIN, "TCP Sequence Prediction: Difficulty=%d (%s)\n", currenths->seq.index, seqidx2difficultystr(currenths->seq.index)); log_write(LOG_MACHINE, "\tSeq Index: %d", currenths->seq.index); }