calin radoni's humble web presence

home

docs

toolbox

about

Installing Honeyd 1.0 and Arpd 0.2 under Fedora Core 4 (with gcc 4.0.0)

Technical detail 4

The comparation between the OS fingerprint format of the xprobe2.conf that comes with honeyd 1.0 and xprobe2.conf from the xprobe2 0.2.2.

The xprobe2's OS fingerprint format consists of modules. The file that comes with honeyd 1.0 has modules from A to E. The file from xprobe2 0.2.2 has modules from A to G. Moreover, in the A to E modules have been added some new parameters and one was changed. Next, follows the changes by modules.

Module A [ICMP ECHO Probe]

Added icmp_echo_reply = [y, n]
Changed the icmp_echo_ip_id = [ 0, !0 ] to the icmp_echo_ip_id = [0, !0, SENT]

Module B [ICMP Timestamp Probe]

Added icmp_timestamp_reply_ip_id = [0, !0, SENT]

Module C [ICMP Address Mask Request Probe]

Added icmp_addrmask_reply_ip_id = [0, !0, SENT]

Module D [ICMP Information Request Probe]

Added icmp_info_reply_ip_id = [0, !0, SENT]

Module E [UDP -> ICMP Unreachable probe]

Added icmp_unreach_reply = [y, n]
Added icmp_unreach_ip_id = [0, !0, SENT]

Module F [TCP SYN | ACK Module] and Module G [TCP RST|ACK] are newly added modules.

I have modified the personality.h and personality.c to correctly read and store the A to E modules and to dumb read but and not store the new ones, F and G. You can read more in the Technical detail 5 and the Technical detail 6 files.

Go back to the article.

Hosted on http://www.oocities.org/calinradoni

Last page modification is 12 July 2005