_FORTIFY_SOURCE. tryno equal. Timing ping frequency experiments.
| 0:02:08 10–34–355 | means that a scan took 0:02:08, had 10 hosts up, 34 open ports, and 355 closed ports. |
These are tests with setting a unique ID in each probe instead of matching tryno and pingseq values. Matching a tryno and pingseq can fail during a ping scan when a reply to a SYN probe is matched up to an ACK probe. The harm from this is that the ACK probe becomes the new timing/traceroute probe, when it may be completely inappropriate.
These results seem to show a big decrease in accuracy with tokens on gusto. However, the experiment was flawed: The nmap-token was compiled in a way such that it couldn't access its nmap-services, so it used /etc/services instead. Thus the port list was smaller and different.
| scanme | down-ping | up-ping | random-F | up-F | |
| nmap-1 | 0:06:53 1–2–4 | 0:02:28 0–0–0 | 0:00:02 200–0–0 | 0:12:17 204–942–31203 | 0:11:33 200–922–30125 |
| nmap-2 | 0:06:18 1–2–4 | 0:01:16 0–0–0 | 0:00:02 200–0–0 | 0:10:40 204–942–31255 | 0:09:27 200–916–30039 |
| nmap-3 | 0:06:27 1–2–4 | 0:01:00 0–0–0 | 0:00:02 200–0–0 | 0:12:36 204–933–31091 | 0:13:43 200–921–30024 |
| nmap-4 | 0:06:25 1–2–4 | 0:01:26 0–0–0 | 0:00:02 200–0–0 | 0:10:55 204–935–31275 | 0:09:54 200–917–30052 |
| nmap-token-1 | 0:05:40 1–2–4 | 0:01:51 0–0–0 | 0:00:02 200–0–0 | 0:10:34 204–939–31165 | 0:10:16 200–904–30020 |
| nmap-token-2 | 0:06:35 1–2–4 | 0:01:40 0–0–0 | 0:00:02 200–0–0 | 0:10:43 204–940–31157 | 0:09:45 200–914–30018 |
| nmap-token-3 | 0:07:40 1–2–4 | 0:01:46 0–0–0 | 0:00:02 200–0–0 | 0:11:11 204–932–31175 | 0:10:04 200–915–30026 |
| nmap-token-4 | 0:06:17 1–2–3 | 0:02:01 0–0–0 | 0:00:02 200–0–0 | 0:11:47 204–933–31157 | 0:10:25 200–917–30011 |
| scanme | down-ping | up-ping | random-F | up-F | |
| nmap-1 | 0:10:07 1–2–4 | 0:00:44 0–0–0 | 0:00:03 199–0–0 | 0:07:44 200–964–10452 | 0:07:14 199–953–10051 |
| nmap-2 | 0:10:22 1–2–4 | 0:00:35 0–0–0 | 0:00:02 199–0–0 | 0:08:05 203–967–10446 | 0:07:28 199–952–10058 |
| nmap-3 | 0:10:16 1–2–4 | 0:01:33 0–0–0 | 0:00:03 199–0–0 | 0:07:45 203–970–10399 | 0:07:33 199–957–10077 |
| nmap-4 | 0:10:05 1–2–4 | 0:00:39 0–0–0 | 0:00:02 199–0–0 | 0:08:14 202–968–10391 | 0:07:39 199–954–10060 |
| nmap-token-1 | 0:07:51 1–2–4 | 0:00:42 0–0–0 | 0:00:09 199–0–0 | 0:07:05 202–490–8337 | 0:06:21 192–475–8043 |
| nmap-token-2 | 0:08:37 1–2–4 | 0:01:37 0–0–0 | 0:00:02 199–0–0 | 0:06:58 199–489–8349 | 0:06:13 195–481–8037 |
| nmap-token-3 | 0:08:27 1–2–4 | 0:00:51 0–0–0 | 0:00:02 199–0–0 | 0:07:17 203–497–8345 | 0:06:47 198–478–8045 |
| nmap-token-4 | 0:08:37 1–2–4 | 0:00:18 0–0–0 | 0:00:04 199–0–0 | 0:06:56 201–491–8345 | 0:06:19 197–475–8043 |
This is after fixing the problem with nmap-services.
The means are
> tapply(x$up, list(x$variant, x$scan), mean)
down-ping random-F scanme up-F up-ping
nmap 0 204.00 1 200.00 199.75
nmap-token 0 203.75 1 199.75 200.00
> tapply(x$open, list(x$variant, x$scan), mean)
down-ping random-F scanme up-F up-ping
nmap 0 982.3333 2 960.00 0
nmap-token 0 977.0000 2 960.75 0
> tapply(x$closed, list(x$variant, x$scan), mean)
down-ping random-F scanme up-F up-ping
nmap 0 10582.33 4 10211.75 0
nmap-token 0 10571.50 4 10176.75 0
The hole at nmap-3/random-F was because of a corrupted XML file, maybe due to a filesystem error.
| scanme | down-ping | up-ping | random-F | up-F | |
| nmap-1 | 0:06:36 1–2–4 | 0:02:03 0–0–0 | 0:00:02 199–0–0 | 0:04:28 204–983–10620 | 0:03:45 200–958–10183 |
| nmap-2 | 0:06:02 1–2–4 | 0:01:19 0–0–0 | 0:00:02 200–0–0 | 0:04:58 204–983–10578 | 0:03:52 200–959–10208 |
| nmap-3 | 0:06:47 1–2–4 | 0:01:34 0–0–0 | 0:00:02 200–0–0 | 0:05:35 200–961–10245 | |
| nmap-4 | 0:06:45 1–2–4 | 0:01:51 0–0–0 | 0:00:02 200–0–0 | 0:06:59 204–981–10549 | 0:04:14 200–962–10211 |
| nmap-token-1 | 0:06:49 1–2–4 | 0:02:00 0–0–0 | 0:00:02 200–0–0 | 0:04:58 204–980–10583 | 0:03:45 200–961–10191 |
| nmap-token-2 | 0:05:57 1–2–4 | 0:01:49 0–0–0 | 0:00:02 200–0–0 | 0:03:52 203–979–10579 | 0:04:02 200–962–10208 |
| nmap-token-3 | 0:06:43 1–2–4 | 0:00:44 0–0–0 | 0:00:01 200–0–0 | 0:04:17 204–980–10549 | 0:03:40 199–960–10101 |
| nmap-token-4 | 0:06:33 1–2–4 | 0:01:14 0–0–0 | 0:00:02 200–0–0 | 0:04:42 204–969–10575 | 0:03:50 200–960–10207 |
The means are
> tapply(x$up, list(x$variant, x$scan), mean)
down-ping random-F scanme up-F up-ping
nmap 0 202.75 1 198.75 199
nmap-token 0 202.75 1 198.75 199
> tapply(x$open, list(x$variant, x$scan), mean)
down-ping random-F scanme up-F up-ping
nmap 0 969.50 2.00 953.5 0
nmap-token 0 962.75 1.75 945.0 0
> tapply(x$closed, list(x$variant, x$scan), mean)
down-ping random-F scanme up-F up-ping
nmap 0 10415.75 4.0 10064.5 0
nmap-token 0 10397.75 3.5 10020.5
| scanme | down-ping | up-ping | random-F | up-F | |
| nmap-1 | 0:10:03 1–2–4 | 0:01:43 0–0–0 | 0:00:02 199–0–0 | 0:08:39 202–969–10440 | 0:07:14 199–953–10080 |
| nmap-2 | 0:09:59 1–2–4 | 0:01:44 0–0–0 | 0:00:02 199–0–0 | 0:08:33 203–965–10363 | 0:07:34 199–953–10052 |
| nmap-3 | 0:09:45 1–2–4 | 0:00:29 0–0–0 | 0:00:03 199–0–0 | 0:08:03 203–973–10416 | 0:07:03 198–953–10055 |
| nmap-4 | 0:10:21 1–2–4 | 0:00:17 0–0–0 | 0:00:02 199–0–0 | 0:07:30 203–971–10444 | 0:07:20 199–955–10071 |
| nmap-token-1 | 0:08:08 1–1–2 | 0:01:00 0–0–0 | 0:00:02 199–0–0 | 0:07:13 202–961–10389 | 0:06:48 199–948–10029 |
| nmap-token-2 | 0:07:38 1–2–4 | 0:01:55 0–0–0 | 0:00:03 199–0–0 | 0:07:14 203–964–10409 | 0:06:39 198–940–10016 |
| nmap-token-3 | 0:09:05 1–2–4 | 0:01:11 0–0–0 | 0:00:02 199–0–0 | 0:07:48 203–963–10396 | 0:07:04 199–947–10029 |
| nmap-token-4 | 0:08:33 1–2–4 | 0:02:14 0–0–0 | 0:00:02 199–0–0 | 0:07:23 203–963–10397 | 0:06:46 199–945–10008 |
> tapply(x$up, list(x$variant, x$scan), mean)
down-ping random-F scanme up-F up-ping
nmap 0 204 1 200 200
nmap-token 0 204 1 200 200
> tapply(x$open, list(x$variant, x$scan), mean)
down-ping random-F scanme up-F up-ping
nmap 0 978.50 2 961.0 0
nmap-token 0 971.75 2 957.5 0
> tapply(x$closed, list(x$variant, x$scan), mean)
down-ping random-F scanme up-F up-ping
nmap 0 10581.25 4 10211.0 0
nmap-token 0 10579.25 4 10199.5 0
| scanme | down-ping | up-ping | random-F | up-F | |
| nmap-1 | 0:06:14 1–2–4 | 0:02:09 0–0–0 | 0:00:02 200–0–0 | 0:04:44 204–976–10599 | 0:04:01 200–960–10222 |
| nmap-2 | 0:06:45 1–2–4 | 0:02:13 0–0–0 | 0:00:02 200–0–0 | 0:05:04 204–980–10569 | 0:08:24 200–962–10228 |
| nmap-3 | 0:05:13 1–2–4 | 0:02:06 0–0–0 | 0:00:02 200–0–0 | 0:05:34 204–982–10576 | 0:03:05 200–960–10182 |
| nmap-4 | 0:06:52 1–2–4 | 0:01:56 0–0–0 | 0:00:02 200–0–0 | 0:06:40 204–976–10581 | 0:03:18 200–962–10212 |
| nmap-token-1 | 0:06:38 1–2–4 | 0:02:05 0–0–0 | 0:00:02 200–0–0 | 0:05:26 204–980–10577 | 0:04:11 200–959–10201 |
| nmap-token-2 | 0:06:26 1–2–4 | 0:01:21 0–0–0 | 0:00:02 200–0–0 | 0:04:18 204–978–10585 | 0:03:29 200–961–10196 |
| nmap-token-3 | 0:06:17 1–2–4 | 0:01:13 0–0–0 | 0:00:02 200–0–0 | 0:04:30 204–972–10581 | 0:03:24 200–959–10205 |
| nmap-token-4 | 0:05:19 1–2–4 | 0:02:17 0–0–0 | 0:00:01 200–0–0 | 0:04:14 204–957–10574 | 0:03:38 200–951–10196 |
| scanme | down-ping | up-ping | random-F | up-F | |
| nmap-1 | 0:00:41 0–0–0 | 0:00:02 199–0–0 | 0:08:46 203–1029–10357 | 0:07:21 199–1003–9992 | |
| nmap-2 | 0:00:38 0–0–0 | 0:00:02 199–0–0 | 0:08:31 203–1029–10395 | 0:07:25 199–1008–10008 | |
| nmap-token-1 | 0:02:44 0–0–0 | 0:00:02 199–0–0 | 0:07:41 203–1027–10315 | 0:06:52 199–999–9951 | |
| nmap-token-2 | 0:01:52 0–0–0 | 0:00:02 199–0–0 | 0:07:48 202–1024–10310 | 0:06:41 198–993–9869 | |
| nmap-tryno-1 | 0:00:51 0–0–0 | 0:00:02 199–0–0 | 0:08:03 203–1035–10401 | 0:07:40 199–1010–9969 | |
| nmap-tryno-2 | 0:01:14 0–0–0 | 0:00:02 199–0–0 | 0:08:31 200–1029–10371 | 0:07:39 199–1008–10002 |
| scanme | down-ping | up-ping | random-F | up-F | |
| nmap-1 | 0:00:39 1–0–0 | 0:00:02 199–0–0 | 0:09:58 204–802–10032 | 0:09:25 199–773–9695 | |
| nmap-2 | 0:00:31 1–0–0 | 0:00:02 197–0–0 | 0:09:55 202–803–10034 | 0:08:27 197–775–9665 | |
| nmap-3 | 0:02:04 1–0–0 | 0:00:02 198–0–0 | 0:09:29 203–804–10102 | 0:08:44 198–773–9717 | |
| nmap-4 | 0:00:17 1–0–0 | 0:00:03 198–0–0 | 0:08:29 203–801–10038 | 0:07:49 195–769–9688 | |
| nmap-token-1 | 0:00:35 1–0–0 | 0:00:03 199–0–0 | 0:08:17 204–798–10013 | 0:08:31 199–769–9623 | |
| nmap-token-2 | 0:00:15 1–0–0 | 0:00:03 199–0–0 | 0:09:22 204–800–9994 | 0:07:27 196–767–9630 | |
| nmap-token-3 | 0:01:38 1–0–0 | 0:00:03 198–0–0 | 0:08:43 201–802–10040 | 0:07:13 198–768–9644 | |
| nmap-token-4 | 0:00:11 1–0–0 | 0:00:09 197–0–0 | 0:08:16 200–795–9992 | 0:08:27 198–742–8978 |
> tapply(x$up, list(x$variant, x$scan), mean)
down-ping random-F scanme up-F up-ping
nmap 1 202.25 1 198 198
nmap-token 1 203.00 1 198 198
> tapply(x$open, list(x$variant, x$scan), mean)
down-ping random-F scanme up-F up-ping
nmap 0 1041.50 2 1014.75 0
nmap-token 0 1045.25 2 1010.50 0
> tapply(x$closed, list(x$variant, x$scan), mean)
down-ping random-F scanme up-F up-ping
nmap 0 10554.0 3.75 10164.75 0
nmap-token 0 10532.5 4.00 10086.75 0
> tapply(x$time, list(x$variant, x$scan), mean)
down-ping random-F scanme up-F up-ping
nmap 60.00 390.75 376.75 251.00 2
nmap-token 75.25 350.25 482.75 224.75 2
| scanme | down-ping | up-ping | random-F | up-F | |
| nmap-1 | 0:06:54 1–2–4 | 0:00:48 1–0–0 | 0:00:02 198–0–0 | 0:08:12 203–1042–10350 | 0:03:46 198–1011–9960 |
| nmap-2 | 0:06:09 1–2–3 | 0:00:50 1–0–0 | 0:00:02 198–0–0 | 0:04:16 200–1039–10369 | 0:03:46 198–1013–9970 |
| nmap-3 | 0:06:02 1–2–4 | 0:01:19 1–0–0 | 0:00:02 198–0–0 | 0:04:29 203–1043–10742 | 0:03:35 198–1013–10347 |
| nmap-4 | 0:06:02 1–2–4 | 0:01:03 1–0–0 | 0:00:02 198–0–0 | 0:09:06 203–1042–10755 | 0:05:37 198–1022–10382 |
| nmap-token-1 | 0:06:18 1–2–4 | 0:01:10 1–0–0 | 0:00:02 198–0–0 | 0:04:57 203–1044–10330 | 0:03:12 198–1014–9927 |
| nmap-token-2 | 0:06:33 1–2–4 | 0:01:16 1–0–0 | 0:00:02 198–0–0 | 0:03:45 203–1042–10330 | 0:04:02 198–1016–9949 |
| nmap-token-3 | 0:06:40 1–2–4 | 0:01:24 1–0–0 | 0:00:02 198–0–0 | 0:06:18 203–1047–10736 | 0:03:26 198–1021–10354 |
| nmap-token-4 | 0:12:40 1–2–4 | 0:01:11 1–0–0 | 0:00:02 198–0–0 | 0:08:21 203–1048–10734 | 0:04:19 198–991–10117 |
For this test I used -g 53, because that forces a different method of encoding the token.
> tapply(x$up, list(x$variant, x$scan), mean)
down-ping random-F scanme up-F up-ping
nmap 1 199.75 1 194.25 195.75
nmap-token 1 199.00 1 194.25 194.75
> tapply(x$open, list(x$variant, x$scan), mean)
down-ping random-F scanme up-F up-ping
nmap 0 992.50 2.00 943.5 0
nmap-token 0 963.75 1.75 941.0 0
> tapply(x$closed, list(x$variant, x$scan), mean)
down-ping random-F scanme up-F up-ping
nmap 0 10372.5 4 9992 0
nmap-token 0 10362.5 4 9966 0
> tapply(x$time, list(x$variant, x$scan), mean)
down-ping random-F scanme up-F up-ping
nmap 29.75 618.50 419.0 550.00 3.00
nmap-token 39.50 598.75 422.5 559.75 2.25
| nmap-1 | 0:06:41 1–2–4 | 0:00:22 1–0–0 | 0:00:03 196–0–0 | 0:11:01 201–991–10569 | 0:08:59 196–965–10189 |
| nmap-2 | 0:07:01 1–2–4 | 0:00:45 1–0–0 | 0:00:03 196–0–0 | 0:09:31 199–1003–10569 | 0:09:11 193–932–10189 |
| nmap-3 | 0:07:28 1–2–4 | 0:00:25 1–0–0 | 0:00:04 195–0–0 | 0:10:34 198–987–10175 | 0:09:59 195–955–9792 |
| nmap-4 | 0:06:46 1–2–4 | 0:00:27 1–0–0 | 0:00:02 196–0–0 | 0:10:08 201–989–10177 | 0:08:31 193–922–9798 |
| nmap-token-1 | 0:06:51 1–2–4 | 0:00:34 1–0–0 | 0:00:02 196–0–0 | 0:09:09 199–958–10562 | 0:08:29 190–923–10183 |
| nmap-token-2 | 0:07:05 1–2–4 | 0:00:38 1–0–0 | 0:00:02 194–0–0 | 0:09:26 196–945–10560 | 0:10:14 195–958–10093 |
| nmap-token-3 | 0:06:54 1–2–4 | 0:00:37 1–0–0 | 0:00:02 193–0–0 | 0:10:57 201–976–10172 | 0:09:18 196–950–9797 |
| nmap-token-4 | 0:07:20 1–1–4 | 0:00:49 1–0–0 | 0:00:03 196–0–0 | 0:10:23 200–976–10156 | 0:09:18 196–933–9791 |
In this test I added a third version of Nmap that uses the old tryno-pingseq source port as the token, but it still does a token comparison, not a tryno-pingseq comparison. The results are good this time. This led me to consider restricting the range of source ports.
> tapply(x$up, list(x$variant, x$scan), mean)
down-ping random-F scanme up-F up-ping
nmap 1 199.6667 1 195.6667 196
nmap-token 1 199.0000 1 195.6667 196
nmap-token-tryno 1 201.0000 1 196.0000 196
> tapply(x$open, list(x$variant, x$scan), mean)
down-ping random-F scanme up-F up-ping
nmap 0 956.3333 2 916.3333 0
nmap-token 0 946.0000 2 848.0000 0
nmap-token-tryno 0 954.3333 2 848.6667 0
> tapply(x$closed, list(x$variant, x$scan), mean)
down-ping random-F scanme up-F up-ping
nmap 0 10072.33 3.666667 9631.667 0
nmap-token 0 10037.67 3.666667 9558.667 0
nmap-token-tryno 0 10082.67 4.000000 9607.000 0
> tapply(x$time, list(x$variant, x$scan), mean)
down-ping random-F scanme up-F up-ping
nmap 51.33333 519.0000 610.3333 460.3333 3.000000
nmap-token 73.66667 462.6667 473.6667 429.0000 5.666667
nmap-token-tryno 55.33333 513.3333 611.3333 475.3333 2.000000
| scanme | down-ping | up-ping | random-F | up-F | |
| nmap-1 | 0:10:23 1–2–4 | 0:01:10 1–0–0 | 0:00:04 196–0–0 | 0:08:24 199–1034–10185 | 0:07:33 196–1002–9810 |
| nmap-2 | 0:10:11 1–2–3 | 0:00:47 1–0–0 | 0:00:03 196–0–0 | 0:08:11 200–1033–10151 | 0:07:30 195–976–9564 |
| nmap-3 | 0:09:57 1–2–4 | 0:00:37 1–0–0 | 0:00:02 196–0–0 | 0:09:22 200–802–9881 | 0:07:58 196–771–9521 |
| nmap-token-1 | 0:08:20 1–2–3 | 0:00:30 1–0–0 | 0:00:05 196–0–0 | 0:07:29 200–1022–10148 | 0:06:37 195–999–9765 |
| nmap-token-2 | 0:07:23 1–2–4 | 0:01:57 1–0–0 | 0:00:09 196–0–0 | 0:07:50 201–1027–10140 | 0:07:13 196–773–9455 |
| nmap-token-3 | 0:07:58 1–2–4 | 0:01:14 1–0–0 | 0:00:03 196–0–0 | 0:07:49 196–789–9825 | 0:07:37 196–772–9456 |
| nmap-token-tryno-1 | 0:10:11 1–2–4 | 0:00:43 1–0–0 | 0:00:02 196–0–0 | 0:08:26 201–1030–10167 | 0:07:12 196–1005–9834 |
| nmap-token-tryno-2 | 0:09:59 1–2–4 | 0:00:48 1–0–0 | 0:00:02 196–0–0 | 0:08:25 201–1034–10200 | 0:08:26 196–772–9492 |
| nmap-token-tryno-3 | 0:10:24 1–2–4 | 0:01:15 1–0–0 | 0:00:02 196–0–0 | 0:08:49 201–799–9881 | 0:08:08 196–769–9495 |
| scanme | down-ping | up-ping | random-F | up-F | |
| nmap-token-1 | 0:00:01 0–0–0 | 0:01:00 1–0–0 | 0:00:03 197–0–0 | 0:02:31 203–1053–10739 | 0:01:55 198–1023–10331 |
| nmap-token-2 | 0:00:00 0–0–0 | 0:01:43 1–0–0 | 0:00:02 198–0–0 | 0:02:34 203–1048–10727 | 0:02:04 198–1020–10346 |
| nmap-token-3 | 0:00:00 0–0–0 | 0:01:03 1–0–0 | 0:00:03 198–0–0 | 0:02:51 203–1047–10742 | 0:01:57 198–1020–10341 |
| nmap-token-4 | 0:00:00 0–0–0 | 0:01:30 1–0–0 | 0:00:03 198–0–0 | 0:02:54 203–1052–10736 | 0:02:12 198–1018–10341 |
In this test, tokens are constrained to the range 0x8000–0xBFFF, instead of 0x8000–0xFFFF as before. The results are a lot better now.
> tapply(x$up, list(x$variant, x$scan), mean)
down-ping random-F scanme up-F up-ping
nmap 1 199.5 1 195.75 196
nmap-token 1 200.5 1 195.50 196
> tapply(x$open, list(x$variant, x$scan), mean)
down-ping random-F scanme up-F up-ping
nmap 0 853.5 2 830.25 0
nmap-token 0 852.5 2 815.50 0
> tapply(x$closed, list(x$variant, x$scan), mean)
down-ping random-F scanme up-F up-ping
nmap 0 9941.0 4 9581.5 0
nmap-token 0 9910.5 4 9564.0 0
> tapply(x$time, list(x$variant, x$scan), mean)
down-ping random-F scanme up-F up-ping
nmap 50.75 505.00 624.75 484.75 4.25
nmap-token 40.25 477.75 497.50 411.25 3.25
| scanme | down-ping | up-ping | random-F | up-F | |
| nmap-1 | 0:12:38 1–2–4 | 0:00:34 1–0–0 | 0:00:02 196–0–0 | 0:08:11 199–792–9862 | 0:08:15 196–776–9474 |
| nmap-2 | 0:10:09 1–2–4 | 0:00:09 1–0–0 | 0:00:10 196–0–0 | 0:07:42 198–1022–10161 | 0:07:29 196–1002–9824 |
| nmap-3 | 0:09:25 1–2–4 | 0:01:20 1–0–0 | 0:00:02 196–0–0 | 0:08:49 201–803–9878 | 0:08:04 196–772–9497 |
| nmap-4 | 0:09:27 1–2–4 | 0:01:20 1–0–0 | 0:00:03 196–0–0 | 0:08:58 200–797–9863 | 0:08:31 195–771–9531 |
| nmap-token-1 | 0:08:19 1–2–4 | 0:01:34 1–0–0 | 0:00:03 196–0–0 | 0:08:07 201–792–9822 | 0:06:51 196–763–9423 |
| nmap-token-2 | 0:08:19 1–2–4 | 0:00:09 1–0–0 | 0:00:03 196–0–0 | 0:07:26 200–1027–10164 | 0:06:19 195–967–9512 |
| nmap-token-3 | 0:08:30 1–2–4 | 0:00:42 1–0–0 | 0:00:03 196–0–0 | 0:08:28 200–796–9832 | 0:06:48 196–762–9462 |
| nmap-token-4 | 0:08:02 1–2–4 | 0:00:16 1–0–0 | 0:00:04 196–0–0 | 0:07:50 201–795–9824 | 0:07:27 195–770–9859 |
Now constraining token values to 0x8000–0x9FFF.
> tapply(x$up, list(x$scan, x$variant), mean)
nmap nmap-token
down-ping 1.0000 1.0000
down-ping-g 1.0000 1.0000
random-F 199.6667 199.0000
random-F-g 198.3333 197.6667
up-F 196.0000 195.3333
up-F-g 195.3333 192.3333
up-ping 196.0000 196.0000
up-ping-g 195.6667 195.3333
> tapply(x$open, list(x$scan, x$variant), mean)
nmap nmap-token
down-ping 0.0000 0.0000
down-ping-g 0.0000 0.0000
random-F 798.3333 791.6667
random-F-g 748.6667 734.0000
up-F 772.6667 767.6667
up-F-g 720.0000 701.3333
up-ping 0.0000 0.0000
up-ping-g 0.0000 0.0000
> tapply(x$closed, list(x$scan, x$variant), mean)
nmap nmap-token
down-ping 0.000 0.000
down-ping-g 0.000 0.000
random-F 9854.000 9774.667
random-F-g 9818.667 9827.000
up-F 9511.333 9449.333
up-F-g 9444.667 9416.000
up-ping 0.000 0.000
up-ping-g 0.000 0.000
> tapply(x$time, list(x$scan, x$variant), mean)
nmap nmap-token
down-ping 43.000000 63.666667
down-ping-g 40.333333 39.333333
random-F 555.333333 527.333333
random-F-g 530.000000 580.000000
up-F 505.000000 424.333333
up-F-g 553.000000 489.666667
up-ping 2.000000 4.333333
up-ping-g 2.666667 2.666667
| down-ping | up-ping | random-F | up-F | down-ping-g | random-F-g | up-F-g | up-ping-g | |
| nmap-1 | 0:00:53 1–0–0 | 0:00:02 196–0–0 | 0:09:45 201–798–9853 | 0:09:38 196–775–9490 | 0:01:04 1–0–0 | 0:08:22 200–756–9789 | 0:09:57 196–734–9449 | 0:00:02 195–0–0 |
| nmap-2 | 0:00:54 1–0–0 | 0:00:02 196–0–0 | 0:08:47 198–801–9866 | 0:07:56 196–771–9505 | 0:00:28 1–0–0 | 0:09:37 197–753–9838 | 0:08:34 195–702–9426 | 0:00:03 196–0–0 |
| nmap-3 | 0:00:22 1–0–0 | 0:00:02 196–0–0 | 0:09:14 200–796–9843 | 0:07:41 196–772–9539 | 0:00:29 1–0–0 | 0:08:31 198–737–9829 | 0:09:08 195–724–9459 | 0:00:03 196–0–0 |
| nmap-token-1 | 0:01:03 1–0–0 | 0:00:08 196–0–0 | 0:08:56 198–792–9823 | 0:07:07 195–766–9444 | 0:00:48 1–0–0 | 0:09:39 197–719–9803 | 0:07:57 195–709–9449 | 0:00:03 196–0–0 |
| nmap-token-2 | 0:00:43 1–0–0 | 0:00:02 196–0–0 | 0:09:42 201–792–9669 | 0:07:16 196–769–9457 | 0:00:22 1–0–0 | 0:10:31 198–737–9839 | 0:08:24 190–695–9337 | 0:00:02 195–0–0 |
| nmap-token-3 | 0:01:25 1–0–0 | 0:00:03 196–0–0 | 0:07:44 198–791–9832 | 0:06:50 195–768–9447 | 0:00:48 1–0–0 | 0:08:50 198–746–9839 | 0:08:08 192–700–9462 | 0:00:03 195–0–0 |
> tapply(x$up, list(x$scan, x$variant), mean)
nmap nmap-token
down-ping 1.0000 1.0000
down-ping-g 1.0000 1.0000
random-F 199.6667 199.3333
random-F-g 196.0000 198.3333
up-F 195.0000 194.3333
up-F-g 194.6667 193.6667
up-ping 195.3333 195.6667
up-ping-g 194.0000 194.3333
> tapply(x$open, list(x$scan, x$variant), mean)
nmap nmap-token
down-ping 0.0000 0.0000
down-ping-g 0.0000 0.0000
random-F 797.6667 793.3333
random-F-g 734.6667 753.0000
up-F 768.6667 766.6667
up-F-g 714.0000 733.6667
up-ping 0.0000 0.0000
up-ping-g 0.0000 0.0000
> tapply(x$closed, list(x$scan, x$variant), mean)
nmap nmap-token
down-ping 0.000 0.000
down-ping-g 0.000 0.000
random-F 9852.000 9857.333
random-F-g 9840.667 9841.333
up-F 9487.667 9483.667
up-F-g 9464.333 9433.667
up-ping 0.000 0.000
up-ping-g 0.000 0.000
> tapply(x$time, list(x$scan, x$variant), mean)
nmap nmap-token
down-ping 65.333333 56.333333
down-ping-g 51.000000 40.000000
random-F 541.666667 513.000000
random-F-g 506.000000 542.666667
up-F 486.333333 434.000000
up-F-g 485.666667 540.666667
up-ping 2.666667 3.333333
up-ping-g 3.000000 2.000000
| scanme | down-ping | up-ping | random-F | up-F | down-ping-g | random-F-g | up-F-g | up-ping-g | |
| nmap-1 | 0:00:50 1–0–0 | 0:00:03 196–0–0 | 0:09:31 201–801–9838 | 0:08:16 194–766–9479 | 0:01:02 1–0–0 | 0:08:44 198–732–9841 | 0:08:31 196–711–9465 | 0:00:02 196–0–0 | |
| nmap-2 | 0:01:28 1–0–0 | 0:00:02 195–0–0 | 0:08:59 198–795–9839 | 0:08:01 195–769–9483 | 0:01:00 1–0–0 | 0:07:44 196–741–9846 | 0:07:45 193–700–9460 | 0:00:04 190–0–0 | |
| nmap-3 | 0:00:58 1–0–0 | 0:00:03 195–0–0 | 0:08:35 200–797–9879 | 0:08:02 196–771–9501 | 0:00:31 1–0–0 | 0:08:50 194–731–9835 | 0:08:01 195–731–9468 | 0:00:03 196–0–0 | |
| nmap-token-1 | 0:00:39 1–0–0 | 0:00:02 196–0–0 | 0:08:39 201–800–9852 | 0:07:06 193–766–9480 | 0:00:54 1–0–0 | 0:09:13 200–755–9840 | 0:09:39 195–742–9462 | 0:00:02 196–0–0 | |
| nmap-token-2 | 0:01:01 1–0–0 | 0:00:06 196–0–0 | 0:08:40 197–786–9866 | 0:07:26 196–773–9486 | 0:00:28 1–0–0 | 0:08:50 198–757–9842 | 0:08:11 191–727–9374 | 0:00:02 191–0–0 | |
| nmap-token-3 | 0:01:09 1–0–0 | 0:00:02 195–0–0 | 0:08:20 200–794–9854 | 0:07:10 194–761–9485 | 0:00:38 1–0–0 | 0:09:05 197–747–9842 | 0:09:12 195–732–9465 | 0:00:02 196–0–0 |
These tests are with nmap-token r15976, which doesn't really use tokens anymore. This test is just to see that the additional TCP matching tests don't affect accuracy, which they don't. The -g tests are with a source port set. the scanme-A test is an ACK scan of scanme. The tables don't show the filtered and unfiltered ports, because those are built into the analysis programs, but they were all accurate, finding 6 unfiltered and 65529 filtered ports.
> tapply(x$up, list(x$scan, x$variant), mean)
nmap nmap-token
down-ping 1.00 1.00
down-ping-g 1.00 1.00
random-F 202.00 201.75
random-F-g 201.75 202.00
scanme 1.00 1.00
scanme-A 1.00 1.00
up-F 197.00 197.00
up-F-g 196.75 196.75
up-ping 196.75 197.00
up-ping-g 196.75 197.00
> tapply(x$open, list(x$scan, x$variant), mean)
nmap nmap-token
down-ping 0.00 0.00
down-ping-g 0.00 0.00
random-F 1041.00 1041.75
random-F-g 1037.00 1037.75
scanme 2.00 2.00
scanme-A 0.00 0.00
up-F 1002.75 1013.25
up-F-g 1007.25 1008.00
up-ping 0.00 0.00
up-ping-g 0.00 0.00
> tapply(x$closed, list(x$scan, x$variant), mean)
nmap nmap-token
down-ping 0.00 0.00
down-ping-g 0.00 0.00
random-F 10239.00 10234.25
random-F-g 10184.50 10184.00
scanme 4.00 3.75
scanme-A 0.00 0.00
up-F 9854.25 9858.25
up-F-g 9801.25 9801.00
up-ping 0.00 0.00
up-ping-g 0.00 0.00
> tapply(x$time, list(x$scan, x$variant), mean)
nmap nmap-token
down-ping 63.75 79.75
down-ping-g 94.00 78.75
random-F 254.75 466.00
random-F-g 286.75 324.50
scanme 362.75 389.25
scanme-A 378.25 397.00
up-F 363.25 427.00
up-F-g 211.00 236.00
up-ping 5.25 2.00
up-ping-g 2.00 2.25
| scanme | down-ping | up-ping | random-F | up-F | down-ping-g | random-F-g | scanme-A | up-F-g | up-ping-g | |
| nmap-1 | 0:05:01 1–2–4 | 0:01:12 1–0–0 | 0:00:02 197–0–0 | 0:03:55 202–1039–10243 | 0:03:29 197–1014–9860 | 0:00:36 1–0–0 | 0:06:07 201–1036–10184 | 0:06:42 1–0–0 | 0:03:45 197–1008–9801 | 0:00:02 197–0–0 |
| nmap-2 | 0:07:06 1–2–4 | 0:01:41 1–0–0 | 0:00:03 196–0–0 | 0:04:28 202–1044–10268 | 0:03:34 197–1015–9856 | 0:00:40 1–0–0 | 0:04:48 202–1037–10185 | 0:06:11 1–0–0 | 0:03:06 197–1007–9802 | 0:00:02 197–0–0 |
| nmap-3 | 0:05:52 1–2–4 | 0:01:00 1–0–0 | 0:00:02 197–0–0 | 0:03:44 202–1042–10221 | 0:06:34 197–969–9854 | 0:03:15 1–0–0 | 0:04:01 202–1038–10184 | 0:06:29 1–0–0 | 0:02:33 197–1009–9801 | 0:00:02 197–0–0 |
| nmap-4 | 0:06:12 1–2–4 | 0:00:22 1–0–0 | 0:00:14 197–0–0 | 0:04:52 202–1039–10224 | 0:10:36 197–1013–9847 | 0:01:45 1–0–0 | 0:04:11 202–1037–10185 | 0:05:51 1–0–0 | 0:04:40 196–1005–9801 | 0:00:02 196–0–0 |
| nmap-token-1 | 0:05:42 1–2–4 | 0:00:59 1–0–0 | 0:00:02 197–0–0 | 0:04:34 202–1044–10229 | 0:03:37 197–1011–9845 | 0:00:54 1–0–0 | 0:03:39 202–1039–10184 | 0:06:59 1–0–0 | 0:02:45 197–1010–9801 | 0:00:02 197–0–0 |
| nmap-token-2 | 0:06:40 1–2–4 | 0:01:14 1–0–0 | 0:00:02 197–0–0 | 0:04:38 202–1044–10271 | 0:03:50 197–1012–9884 | 0:01:11 1–0–0 | 0:06:31 202–1038–10184 | 0:05:35 1–0–0 | 0:02:59 197–1009–9801 | 0:00:02 197–0–0 |
| nmap-token-3 | 0:06:26 1–2–4 | 0:01:10 1–0–0 | 0:00:02 197–0–0 | 0:09:03 201–1040–10231 | 0:15:46 197–1015–9867 | 0:01:27 1–0–0 | 0:07:00 202–1036–10184 | 0:06:16 1–0–0 | 0:04:31 196–1006–9801 | 0:00:03 197–0–0 |
| nmap-token-4 | 0:07:09 1–2–3 | 0:01:56 1–0–0 | 0:00:02 197–0–0 | 0:12:49 202–1039–10206 | 0:05:15 197–1015–9837 | 0:01:43 1–0–0 | 0:04:28 202–1038–10184 | 0:07:38 1–0–0 | 0:05:29 197–1007–9801 | 0:00:02 197–0–0 |
> tapply(x$up, list(x$scan, x$variant), mean)
nmap nmap-token
down-ping 1.00 1.00
down-ping-g 1.00 1.00
random-F 199.25 199.75
random-F-g 196.75 196.00
up-F 194.25 193.75
up-F-g 191.25 194.50
up-ping 195.00 195.00
up-ping-g 193.75 191.50
> tapply(x$open, list(x$scan, x$variant), mean)
nmap nmap-token
down-ping 0.00 0.00
down-ping-g 0.00 0.00
random-F 1033.75 1030.50
random-F-g 969.50 970.25
up-F 1001.75 1001.25
up-F-g 933.25 954.00
up-ping 0.00 0.00
up-ping-g 0.00 0.00
> tapply(x$closed, list(x$scan, x$variant), mean)
nmap nmap-token
down-ping 0.00 0.00
down-ping-g 0.00 0.00
random-F 10088.75 10084.50
random-F-g 10006.25 10019.75
up-F 9696.25 9725.25
up-F-g 9698.25 9698.75
up-ping 0.00 0.00
up-ping-g 0.00 0.00
> tapply(x$time, list(x$scan, x$variant), mean)
nmap nmap-token
down-ping 48.00 52.75
down-ping-g 54.25 34.50
random-F 499.75 511.00
random-F-g 612.50 586.75
up-F 442.25 452.25
up-F-g 556.00 591.00
up-ping 4.75 2.25
up-ping-g 2.50 3.00
| scanme | down-ping | up-ping | random-F | up-F | down-ping-g | random-F-g | up-F-g | up-ping-g | |
| nmap-1 | 0:00:49 1–0–0 | 0:00:03 195–0–0 | 0:08:23 200–1036–10126 | 0:07:24 195–1011–9735 | 0:00:39 1–0–0 | 0:10:31 198–976–10083 | 0:10:06 194–970–9702 | 0:00:02 195–0–0 | |
| nmap-2 | 0:00:35 1–0–0 | 0:00:11 195–0–0 | 0:08:34 200–1038–10109 | 0:07:33 194–997–9619 | 0:00:35 1–0–0 | 0:09:29 198–969–9986 | 0:09:11 190–907–9702 | 0:00:02 194–0–0 | |
| nmap-3 | 0:00:43 1–0–0 | 0:00:02 195–0–0 | 0:08:02 198–1027–10019 | 0:07:20 193–996–9754 | 0:00:41 1–0–0 | 0:10:23 198–988–9985 | 0:08:21 190–919–9699 | 0:00:03 195–0–0 | |
| nmap-4 | 0:01:05 1–0–0 | 0:00:03 195–0–0 | 0:08:20 199–1034–10101 | 0:07:12 195–1003–9677 | 0:01:42 1–0–0 | 0:10:27 193–945–9971 | 0:09:26 191–937–9690 | 0:00:03 191–0–0 | |
| nmap-token-1 | 0:01:16 1–0–0 | 0:00:02 195–0–0 | 0:08:13 200–1034–10100 | 0:08:13 195–998–9743 | 0:00:48 1–0–0 | 0:10:00 195–964–10044 | 0:09:39 194–948–9697 | 0:00:03 192–0–0 | |
| nmap-token-2 | 0:00:07 1–0–0 | 0:00:02 195–0–0 | 0:08:59 200–1031–10077 | 0:06:53 191–998–9708 | 0:01:00 1–0–0 | 0:09:26 197–970–10078 | 0:10:14 194–956–9697 | 0:00:03 195–0–0 | |
| nmap-token-3 | 0:00:49 1–0–0 | 0:00:03 195–0–0 | 0:08:34 200–1025–10060 | 0:07:18 194–1003–9729 | 0:00:18 1–0–0 | 0:10:22 196–965–9974 | 0:10:07 195–939–9698 | 0:00:03 190–0–0 | |
| nmap-token-4 | 0:01:19 1–0–0 | 0:00:02 195–0–0 | 0:08:18 199–1032–10101 | 0:07:45 195–1006–9721 | 0:00:12 1–0–0 | 0:09:19 196–982–9983 | 0:09:24 195–973–9703 | 0:00:03 189–0–0 |