diff --git a/nmap.h b/nmap.h index 99bdfe0fb..8382c45ab 100644 --- a/nmap.h +++ b/nmap.h @@ -327,7 +327,7 @@ void *realloc(); /* Number of hosts we pre-ping and then scan. We do a lot more if randomize_hosts is set. Every one you add to this leads to ~1K of extra always-resident memory in nmap */ -#define PING_GROUP_SZ 2048 +#define PING_GROUP_SZ 4096 /* DO NOT change stuff after this point */ #define UC(b) (((int)b)&0xff) diff --git a/scan_engine.cc b/scan_engine.cc index a91d60739..03bb52693 100644 --- a/scan_engine.cc +++ b/scan_engine.cc @@ -3815,6 +3815,18 @@ static int get_ping_pcap_result(UltraScanInfo *USI, struct timeval *stime) { probeI = hss->probes_outstanding.end(); listsz = hss->num_probes_outstanding(); + /* A check for wierd_responses is needed here. This is not currently + possible because we don't have a good way to look up the original + target of an ICMP probe based on the response. (massping encoded an + array index in the ICMP sequence, which won't work here.) Once we've + found the host that sent the probe that elicited the response, the + test for wierd_responses is + if (sending_host->v4host().s_addr != ip->ip_src.s_addr) + hss->target->wierd_responses++; + (That is, the target that sent the probe is not the same one that + sent the response.) + */ + goodone = false; /* Find the probe that provoked this response. */ @@ -3826,10 +3838,8 @@ static int get_ping_pcap_result(UltraScanInfo *USI, struct timeval *stime) { continue; /* Ensure the connection info matches. */ - if (hss->target->v4sourceip()->s_addr != ip->ip_dst.s_addr) { - hss->target->wierd_responses++; + if (hss->target->v4sourceip()->s_addr != ip->ip_dst.s_addr) continue; - } /* Sometimes we get false results when scanning localhost with -p- because we scan localhost with src port = dst port and