calin radoni's humble web presence

 homedocstoolboxabout

Installing Honeyd 1.0 and Arpd 0.2 under Fedora Core 4 (with gcc 4.0.0)

Technical detail 5

In order to read the new format of OS fingerprints from xprobe2 0.2.2 I was changed the xp_fp_flags struct from the honeyd 1.0's personality.h file.

I have changed the icmp_echo_ip_id field from this: 

unsigned icmp_echo_ip_id:1;    // 0 == 0, 1 == !0
to this: 
unsigned icmp_echo_ip_id:3;    // [0 (001), !0 (010), SENT (100)]
No coding issues for this was necessary because the field is not used elsewere.

I have added the following fields: 

unsigned icmp_echo_reply:1;               // 1 == yes, 0 == no
unsigned icmp_timestamp_reply_ip_id:3;    // [0 (001), !0 (010), SENT (100)]
unsigned icmp_addrmask_reply_ip_id:3;     // [0 (001), !0 (010), SENT (100)]
unsigned icmp_info_reply_ip_id:3;         // [0 (001), !0 (010), SENT (100)]
unsigned icmp_unreach_reply:1;            // 1 == yes, 0 == no
unsigned icmp_unreach_ip_id:3;            // [0 (001), !0 (010), SENT (100)]

Now, the xp_fp_flags structure looks like this: 

struct xp_fp_flags {
	/* Module A: ICMP ECHO Probe */
	unsigned icmp_echo_reply:1;                // 1 == yes, 0 == no
	unsigned icmp_echo_code:1;                 // 0 == 0, 1 == !0
	unsigned icmp_echo_ip_id:3;                // [0 (001), !0 (010), SENT (100)]
	unsigned icmp_echo_tos_bits:1;             // 0 == 0, 1 == !0
	unsigned icmp_echo_df_bit:1;               // 0 == 0, 1 == !0
	/* Module B: ICMP Timestamp Probe */
	unsigned icmp_timestamp_reply:1;           // 1 == yes, 0 == no
	unsigned icmp_timestamp_reply_ip_id:3;     // [0 (001), !0 (010), SENT (100)]
	/* Module C: ICMP Address Mask Request Probe */
	unsigned icmp_addrmask_reply:1;            // 1 == yes, 0 == no
	unsigned icmp_addrmask_reply_ip_id:3;      // [0 (001), !0 (010), SENT (100)]
	/* Module D: ICMP Information Request Probe */
	unsigned icmp_info_reply:1;                // 1 == yes, 0 == no
	unsigned icmp_info_reply_ip_id:3;          // [0 (001), !0 (010), SENT (100)]
	/* Module E: UDP -> ICMP Unreachable */
	unsigned icmp_unreach_reply:1;             // 1 == yes, 0 == no
	unsigned icmp_unreach_echoed_dtsize:3;     // [8 (001), 64 (010), >64 (100)]
	unsigned icmp_unreach_precedence_bits:8;   // 0xc0, 0, (hex num)
	unsigned icmp_unreach_df_bit:1;            // [0 , 1]
	unsigned icmp_unreach_echoed_udp_cksum:3;  // [0 (001), OK (010), BAD (100)]
	unsigned icmp_unreach_echoed_ip_cksum:3;   // [0 (001), OK (010), BAD (100)]
	unsigned icmp_unreach_echoed_ip_id:2;      // [OK (01), FLIPPED (10)]
	unsigned icmp_unreach_echoed_total_len:3;  // [>20 (001), OK (010), <20 (100)]
	unsigned icmp_unreach_echoed_3bit_flags:2; // [OK (01), FLIPPED (10)]
	unsigned icmp_unreach_ip_id:3;             // [0 (001), !0 (010), SENT (100)]
};

Go back to the article.


Copyright © 2005 - 2009 Calin Radoni Hosted on http://www.oocities.org/calinradoni Last page modification is 12 July 2005