On Sun, 06 May 2001, Ofir Arkin wrote:
> The first ICMP Echo request sent from the Microsoft NT 4 based machine was
> sent with IP ID of 28416. The second ICMP Echo request was sent with IP ID
> value of 28672. Simple calculation will show a gap of 256 between the IP ID
> field values.

And some simple thinking will show that this is because they send out a
little endian value that is incremented.

> Looking at the replies the LINUX based machine produced, we see a gap of 1
> between one IP ID to the next.

And OpenBSD is random.
So is Linux if you use my patch (shameless plug) at http://synscan.nss.nu
(for 2.2.16 but should patch against 2.2.18, probably).

Predictable IP.ids are used in ipidscan (mine) and idlescan (someone elses),
both released in Dec 2000. ipidscan has a flag (-e) for using against windows.

Check out posts from antirez in Dec 1998 and posts on this topic in Dec 1999.

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]