From 6af66cd95415cc5457d38f5e0df2796d8b98035a Mon Sep 17 00:00:00 2001 From: fyodor Date: Sun, 3 Sep 2006 01:15:17 +0000 Subject: [PATCH] Nmap 4.20ALPHA6 --- CHANGELOG | 10 ++++++++++ FingerPrintResults.cc | 2 +- Makefile.in | 2 +- nmap_winconfig.h | 2 +- osscan2.cc | 18 ++++++++++-------- 5 files changed, 23 insertions(+), 11 deletions(-) diff --git a/CHANGELOG b/CHANGELOG index e21556370..d0cd9a173 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,5 +1,15 @@ # Nmap Changelog ($Id$); -*-text-*- +4.20ALPHA6 + +o Fixed a bug in 2nd generation OS detection which would (usually) prevent + fingerprints from being printed when systems don't respond to the 1st + ICMP echo probe (the one with bogus code value of 9). Thanks to + Brandon Enright for reporting and helping me debug the problem. + +o Fixed some problematic Nmap version detection signatures which could + cause warning messages. Thanks to Brandon Enright for the initial patch. + 4.20ALPHA5 o Worked with Zhao to improve the new OS detection system with diff --git a/FingerPrintResults.cc b/FingerPrintResults.cc index d6029d1d5..8987fa5fe 100644 --- a/FingerPrintResults.cc +++ b/FingerPrintResults.cc @@ -165,7 +165,7 @@ const char *FingerPrintResults::OmitSubmissionFP() { } if (maxTimingRatio > 1.4) { - snprintf(reason, sizeof(reason), "maxTimingRatio (%f) is greater than 1.4"); + snprintf(reason, sizeof(reason), "maxTimingRatio (%e) is greater than 1.4", maxTimingRatio); return reason; } diff --git a/Makefile.in b/Makefile.in index 7967e0b61..2949cbc10 100644 --- a/Makefile.in +++ b/Makefile.in @@ -1,4 +1,4 @@ -export NMAP_VERSION = 4.20ALPHA5 +export NMAP_VERSION = 4.20ALPHA6 NMAP_NAME= Nmap NMAP_URL= http://Insecure.Org NMAP_PLATFORM=@host@ diff --git a/nmap_winconfig.h b/nmap_winconfig.h index f7c798725..24a037ce0 100644 --- a/nmap_winconfig.h +++ b/nmap_winconfig.h @@ -106,7 +106,7 @@ /* Without this, Windows will give us all sorts of crap about using functions like strcpy() even if they are done safely */ #define _CRT_SECURE_NO_DEPRECATE 1 -#define NMAP_VERSION "4.20ALPHA5" +#define NMAP_VERSION "4.20ALPHA6" #define NMAP_NAME "Nmap" #define NMAP_URL "http://www.insecure.org/nmap" #define NMAP_PLATFORM "i686-pc-windows-windows" diff --git a/osscan2.cc b/osscan2.cc index 4f30a72c5..e26669f15 100644 --- a/osscan2.cc +++ b/osscan2.cc @@ -304,8 +304,7 @@ public: int distance_guess; /* Returns the amount of time taken between sending 1st tseq probe - and the 1st ICMP probe divided by the amount of time it should - have taken. Ratios far from 1 can cause bogus results. Zero is + and the last one. Zero is returned if we didn't send the tseq probes because there was no open tcp port */ double timingRatio(); @@ -366,7 +365,6 @@ private: */ u16 lastipid; struct timeval seq_send_times[NUM_SEQ_SAMPLES]; - struct timeval first_icmp_send_time; int TWinReplyNum; /* how many TWin replies are received. */ int TOpsReplyNum; /* how many TOps replies are received. Actually it is the same with TOpsReplyNum. */ @@ -731,7 +729,6 @@ void HostOsScanStats::initScanStats() { } memset(&seq_send_times, 0, sizeof(seq_send_times)); - memset(&first_icmp_send_time, 0, sizeof(first_icmp_send_time)); if (icmpEchoReply) { free(icmpEchoReply); @@ -797,8 +794,13 @@ void HostOsScanStats::moveProbeToUnSendList(list::iterator probeI) { double HostOsScanStats::timingRatio() { if (openTCPPort < 0) return 0; - int msec_ideal = OS_SEQ_PROBE_DELAY * 5 + OS_PROBE_DELAY; - int msec_taken = TIMEVAL_MSEC_SUBTRACT(first_icmp_send_time, seq_send_times[0]); + int msec_ideal = OS_SEQ_PROBE_DELAY * (NUM_SEQ_SAMPLES - 1); + int msec_taken = TIMEVAL_MSEC_SUBTRACT(seq_send_times[NUM_SEQ_SAMPLES -1 ], + seq_send_times[0]); + if (o.debugging) { + printf("OS detection timingRatio() == (%.3f - %.3f) * 1000 / %d == %.3f\n", + seq_send_times[NUM_SEQ_SAMPLES - 1].tv_sec + seq_send_times[NUM_SEQ_SAMPLES - 1].tv_usec / 1000000.0, seq_send_times[0].tv_sec + (float) seq_send_times[0].tv_usec / 1000000.0, msec_ideal, (float) msec_taken / msec_ideal); + } return (double) msec_taken / msec_ideal; } @@ -1376,7 +1378,6 @@ void HostOsScan::sendTIcmpProbe(HostOsScanStats *hss, int probeNo) { assert(hss); assert(probeNo>=0&&probeNo<2); if(probeNo==0) { - gettimeofday(&hss->first_icmp_send_time, NULL); send_icmp_echo_probe(rawsd, ethptr, hss->target->v4hostip(), IP_TOS_DEFAULT, true, 9, icmpEchoId, icmpEchoSeq, 120); } @@ -3637,7 +3638,8 @@ static void endRound(OsScanInfo *OSI, HostOsScan *HOS, int roundNum) { hsi->FPs[roundNum] = hsi->hss->getFP(); hsi->target->FPR->FPs[roundNum] = hsi->FPs[roundNum]; - hsi->target->FPR->maxTimingRatio = MAX(hsi->target->FPR->maxTimingRatio, hsi->hss->timingRatio()); + double tr = hsi->hss->timingRatio(); + hsi->target->FPR->maxTimingRatio = MAX(hsi->target->FPR->maxTimingRatio, tr); match_fingerprint(hsi->FPs[roundNum], &hsi->FP_matches[roundNum], o.reference_FPs, OSSCAN_GUESS_THRESHOLD);