IPID Sequence Scanner

This module will probe hosts' IPID sequences and classify them using the same method Nmap uses when it's performing its IPID Idle Scan (-sI) and OS Detection (-O). Nmap's probes are SYN/ACKs while this module's are SYNs. While this does not change the underlying functionality, it does change the chance of whether or not the probe will be stopped by a firewall. Nmap's Idle Scan can use hosts whose IPID sequences are classified as "Incremental" or "Broken little-endian incremental".

Search Other Modules

Rank

Normal

Authors

kris katterjohn < katterjohn [at] gmail.com >

Development

Similar Modules

Usage Information

$ msfconsole

                ##                          ###           ##    ##
##  ##  #### ###### ####  #####   #####    ##    ####        ######
####### ##  ##  ##  ##         ## ##  ##    ##   ##  ##   ###   ##
####### ######  ##  #####   ####  ##  ##    ##   ##  ##   ##    ##
## # ##     ##  ##  ##  ## ##      #####    ##   ##  ##   ##    ##
##   ##  #### ###   #####   #####     ##   ####   ####   #### ###
                                      ##

msf > use auxiliary/scanner/ip/ipidseq
msf auxiliary(ipidseq) > set RHOSTS [TARGET HOST RANGE]
msf auxiliary(ipidseq) > run

Module Options

INTERFACE	The name of the interface
RHOSTS	The target address range or CIDR identifier
RPORT	The target port (default: 80)
SNAPLEN	The number of bytes to capture (default: 65535)
THREADS	The number of concurrent threads (default: 1)
TIMEOUT	The reply read timeout in milliseconds (default: 500)
GATEWAY	The gateway IP address. This will be used rather than a random remote address for the UDP probe, if set.
NETMASK	The local network mask. This is used to decide if an address is in the local network.
SAMPLES	The IPID sample size
ShowProgress	Display progress messages during a scan
ShowProgressPercent	The interval in percent that progress should be shown
UDP_SECRET	The 32-bit cookie for UDP probe requests.
VERBOSE	Enable detailed status messages
WORKSPACE	Specify the workspace for this module