mirror of
https://github.com/nmap/nmap.git
synced 2025-12-22 23:49:03 +00:00
Merging in r4769:4773 from /nmap-exp/soc07/nmap
This commit is contained in:
kris
53
osscan.cc
53
osscan.cc
@@ -490,7 +490,8 @@ static FingerPrint *get_fingerprint(Target *target, struct seq_info *si) {
|
||||
unsigned int sequence_base;
|
||||
unsigned long openport;
|
||||
unsigned int bytes;
|
||||
unsigned int closedport = 31337;
|
||||
unsigned int closedtcpport = 31337;
|
||||
unsigned int closedudpport = 31337;
|
||||
Port *tport = NULL;
|
||||
char filter[512];
|
||||
double seq_inc_sum = 0;
|
||||
@@ -572,30 +573,52 @@ static FingerPrint *get_fingerprint(Target *target, struct seq_info *si) {
|
||||
target->FPR1->osscan_opentcpport = tport->portno;
|
||||
}
|
||||
|
||||
/* Now we should find a closed port */
|
||||
/* Now we should find a closed TCP port */
|
||||
if ((tport = target->ports.nextPort(NULL, IPPROTO_TCP, PORT_CLOSED))) {
|
||||
closedport = tport->portno;
|
||||
closedtcpport = tport->portno;
|
||||
|
||||
/* Port 0 seems to screw things up, so try to get another if available */
|
||||
/* We'd prefer something non-zero */
|
||||
if (tport->portno == 0)
|
||||
if ((tport = target->ports.nextPort(tport, IPPROTO_TCP, PORT_CLOSED)))
|
||||
closedport = tport->portno;
|
||||
closedtcpport = tport->portno;
|
||||
|
||||
target->FPR1->osscan_closedtcpport = closedport;
|
||||
target->FPR1->osscan_closedtcpport = closedtcpport;
|
||||
} else if ((tport = target->ports.nextPort(NULL, IPPROTO_TCP, PORT_UNFILTERED))) {
|
||||
/* Well, we will settle for unfiltered */
|
||||
closedport = tport->portno;
|
||||
closedtcpport = tport->portno;
|
||||
|
||||
/* We'd prefer something non-zero */
|
||||
if (tport->portno == 0)
|
||||
if ((tport = target->ports.nextPort(tport, IPPROTO_TCP, PORT_CLOSED)))
|
||||
closedtcpport = tport->portno;
|
||||
} else {
|
||||
closedtcpport = (get_random_uint() % 14781) + 30000;
|
||||
}
|
||||
|
||||
/* Now we should find a closed UDP port */
|
||||
if ((tport = target->ports.nextPort(NULL, IPPROTO_UDP, PORT_CLOSED))) {
|
||||
closedudpport = tport->portno;
|
||||
|
||||
/* Port 0 seems to screw things up, so try to get another if available */
|
||||
if (tport->portno == 0)
|
||||
if ((tport = target->ports.nextPort(tport, IPPROTO_TCP, PORT_CLOSED)))
|
||||
closedport = tport->portno;
|
||||
if ((tport = target->ports.nextPort(tport, IPPROTO_UDP, PORT_CLOSED)))
|
||||
closedudpport = tport->portno;
|
||||
|
||||
target->FPR1->osscan_closedudpport = closedudpport;
|
||||
} else if ((tport = target->ports.nextPort(NULL, IPPROTO_UDP, PORT_UNFILTERED))) {
|
||||
/* Well, we will settle for unfiltered */
|
||||
closedudpport = tport->portno;
|
||||
|
||||
/* Port 0 seems to screw things up, so try to get another if available */
|
||||
if (tport->portno == 0)
|
||||
if ((tport = target->ports.nextPort(tport, IPPROTO_UDP, PORT_CLOSED)))
|
||||
closedudpport = tport->portno;
|
||||
} else {
|
||||
closedport = (get_random_uint() % 14781) + 30000;
|
||||
closedudpport = (get_random_uint() % 14781) + 30000;
|
||||
}
|
||||
|
||||
if (o.verbose && openport != (unsigned long) -1)
|
||||
log_write(LOG_STDOUT, "For OSScan assuming port %lu is open, %d is closed, and neither are firewalled\n", openport, closedport);
|
||||
log_write(LOG_STDOUT, "For OSScan assuming port %lu is open, tcp/%d and udp/%d are closed, and neither are firewalled\n", openport, closedtcpport, closedudpport);
|
||||
|
||||
current_port = o.magic_port + NUM_SEQ_SAMPLES +1;
|
||||
|
||||
@@ -643,7 +666,7 @@ static FingerPrint *get_fingerprint(Target *target, struct seq_info *si) {
|
||||
if (!FPtests[5]) {
|
||||
if (o.scan_delay) enforce_scan_delay(NULL);
|
||||
send_tcp_raw_decoys(rawsd, ethptr, target->v4hostip(), o.ttl, false, NULL, 0,
|
||||
current_port +4, closedport, sequence_base, 0, 0,
|
||||
current_port +4, closedtcpport, sequence_base, 0, 0,
|
||||
TH_SYN, 0, 0, (u8 *) "\003\003\012\001\002\004\001\011\010\012\077\077\077\077\000\000\000\000\000\000" , 20, NULL, 0);
|
||||
}
|
||||
|
||||
@@ -651,7 +674,7 @@ static FingerPrint *get_fingerprint(Target *target, struct seq_info *si) {
|
||||
if (!FPtests[6]) {
|
||||
if (o.scan_delay) enforce_scan_delay(NULL);
|
||||
send_tcp_raw_decoys(rawsd, ethptr, target->v4hostip(), o.ttl, false, NULL, 0,
|
||||
current_port +5, closedport, sequence_base, 0, 0,
|
||||
current_port +5, closedtcpport, sequence_base, 0, 0,
|
||||
TH_ACK, 0, 0, (u8 *) "\003\003\012\001\002\004\001\011\010\012\077\077\077\077\000\000\000\000\000\000" , 20, NULL, 0);
|
||||
}
|
||||
|
||||
@@ -659,14 +682,14 @@ static FingerPrint *get_fingerprint(Target *target, struct seq_info *si) {
|
||||
if (!FPtests[7]) {
|
||||
if (o.scan_delay) enforce_scan_delay(NULL);
|
||||
send_tcp_raw_decoys(rawsd, ethptr, target->v4hostip(), o.ttl, false, NULL, 0,
|
||||
current_port +6, closedport, sequence_base, 0, 0,
|
||||
current_port +6, closedtcpport, sequence_base, 0, 0,
|
||||
TH_FIN|TH_PUSH|TH_URG, 0, 0, (u8 *) "\003\003\012\001\002\004\001\011\010\012\077\077\077\077\000\000\000\000\000\000" , 20, NULL, 0);
|
||||
}
|
||||
|
||||
/* Test 8 */
|
||||
if (!FPtests[8]) {
|
||||
if (o.scan_delay) enforce_scan_delay(NULL);
|
||||
upi = send_closedudp_probe(rawsd, ethptr, target->v4hostip(), o.magic_port, closedport);
|
||||
upi = send_closedudp_probe(rawsd, ethptr, target->v4hostip(), o.magic_port, closedudpport);
|
||||
}
|
||||
gettimeofday(&t1, NULL);
|
||||
timeout = 0;
|
||||
|
||||
@@ -1985,7 +1985,7 @@ static UltraProbe *sendConnectScanProbe(UltraScanInfo *USI, HostScanStats *hss,
|
||||
CP = probe->CP();
|
||||
/* Initiate the connection */
|
||||
CP->sd = socket(o.af(), SOCK_STREAM, IPPROTO_TCP);
|
||||
if (CP->sd == 1) pfatal("Socket creation in sendConnectScanProbe");
|
||||
if (CP->sd == -1) pfatal("Socket creation in sendConnectScanProbe");
|
||||
unblock_socket(CP->sd);
|
||||
init_socket(CP->sd);
|
||||
if (hss->target->TargetSockAddr(&sock, &socklen) != 0) {
|
||||
|
||||
62
tcpip.cc
62
tcpip.cc
@@ -535,6 +535,8 @@ static const char *ippackethdrinfo(const u8 *packet, u32 len) {
|
||||
snprintf(protoinfo, sizeof(protoinfo), "ICMP %s > %s fragment %s (incomplete)", srchost, dsthost, ipinfo);
|
||||
} else if (ip->ip_p == IPPROTO_ICMP) {
|
||||
char icmptype[128];
|
||||
char *ip2dst;
|
||||
struct ip *ip2;
|
||||
struct ppkt {
|
||||
unsigned char type;
|
||||
unsigned char code;
|
||||
@@ -547,41 +549,67 @@ static const char *ippackethdrinfo(const u8 *packet, u32 len) {
|
||||
case 0:
|
||||
strcpy(icmptype, "Echo reply"); break;
|
||||
case 3:
|
||||
ip2 = (struct ip *) ((char *) ip + (ip->ip_hl * 4) + 8);
|
||||
tcp = (struct tcp_hdr *) ((char *) ip2 + (ip2->ip_hl * 4));
|
||||
udp = (struct udp_hdr *) ((char *) ip2 + (ip2->ip_hl * 4));
|
||||
ip2dst = inet_ntoa(ip2->ip_dst);
|
||||
switch (ping->code) {
|
||||
case 0:
|
||||
strcpy(icmptype, "network unreachable"); break;
|
||||
snprintf(icmptype, sizeof icmptype, "network %s unreachable", ip2dst);
|
||||
break;
|
||||
case 1:
|
||||
strcpy(icmptype, "host unreachable"); break;
|
||||
snprintf(icmptype, sizeof icmptype, "host %s unreachable", ip2dst);
|
||||
break;
|
||||
case 2:
|
||||
strcpy(icmptype, "protocol unreachable"); break;
|
||||
snprintf(icmptype, sizeof icmptype, "protocol %u unreachable", ip2->ip_p);
|
||||
break;
|
||||
case 3:
|
||||
strcpy(icmptype, "port unreachable"); break;
|
||||
if (ip2->ip_p == IPPROTO_UDP)
|
||||
snprintf(icmptype, sizeof icmptype, "port %u unreachable", ntohs(udp->uh_dport));
|
||||
else if (ip2->ip_p == IPPROTO_TCP)
|
||||
snprintf(icmptype, sizeof icmptype, "port %u unreachable", ntohs(tcp->th_dport));
|
||||
else
|
||||
strcpy(icmptype, "port unreachable");
|
||||
break;
|
||||
case 4:
|
||||
strcpy(icmptype, "fragmentation required"); break;
|
||||
strcpy(icmptype, "fragmentation required");
|
||||
break;
|
||||
case 5:
|
||||
strcpy(icmptype, "source route failed"); break;
|
||||
strcpy(icmptype, "source route failed");
|
||||
break;
|
||||
case 6:
|
||||
strcpy(icmptype, "destination network unknown"); break;
|
||||
snprintf(icmptype, sizeof icmptype, "destination network %s unknown", ip2dst);
|
||||
break;
|
||||
case 7:
|
||||
strcpy(icmptype, "destination host unknown"); break;
|
||||
snprintf(icmptype, sizeof icmptype, "destination host %s unknown", ip2dst);
|
||||
break;
|
||||
case 8:
|
||||
strcpy(icmptype, "source host isolated"); break;
|
||||
strcpy(icmptype, "source host isolated");
|
||||
break;
|
||||
case 9:
|
||||
strcpy(icmptype, "destination network administratively prohibited"); break;
|
||||
snprintf(icmptype, sizeof icmptype, "destination network %s administratively prohibited", ip2dst);
|
||||
break;
|
||||
case 10:
|
||||
strcpy(icmptype, "destination host administratively prohibited"); break;
|
||||
snprintf(icmptype, sizeof icmptype, "destination host %s administratively prohibited", ip2dst);
|
||||
break;
|
||||
case 11:
|
||||
strcpy(icmptype, "network unreachable for TOS"); break;
|
||||
snprintf(icmptype, sizeof icmptype, "network %s unreachable for TOS", ip2dst);
|
||||
break;
|
||||
case 12:
|
||||
strcpy(icmptype, "host unreachable for TOS"); break;
|
||||
snprintf(icmptype, sizeof icmptype, "host %s unreachable for TOS", ip2dst);
|
||||
break;
|
||||
case 13:
|
||||
strcpy(icmptype, "communication administratively prohibited by filtering"); break;
|
||||
strcpy(icmptype, "communication administratively prohibited by filtering");
|
||||
break;
|
||||
case 14:
|
||||
strcpy(icmptype, "host precedence violation"); break;
|
||||
strcpy(icmptype, "host precedence violation");
|
||||
break;
|
||||
case 15:
|
||||
strcpy(icmptype, "precedence cutoff in effect"); break;
|
||||
strcpy(icmptype, "precedence cutoff in effect");
|
||||
break;
|
||||
default:
|
||||
strcpy(icmptype, "unknown unreachable code"); break;
|
||||
strcpy(icmptype, "unknown unreachable code");
|
||||
break;
|
||||
}
|
||||
break;
|
||||
case 4:
|
||||
|
||||
Reference in New Issue
Block a user