Index
F
file descriptor (FD), 21, 75, 94-95
file pointers, libpcap library and, 20
file transfer protocol (FTP), 222
filtersFirewalk security tool and, 343-344
libnids library and, 90
libpcap library and, 11, 18-19
port scanning and, 218
FIN port scan, 224-225, 239
fingerprinting (see also libsf library), 113-127
Firewalk active reconnaissance security tool, 327-412
address resolution protocol (ARP) and, 347-348
analysis and design in, 329
Berkeley Packet Filter (BPF) and, 343
classification of, 331
code listing for, 373-412
code walkthrough for, 336-372
component layer in, 331
context of, 340, 350control layer in, 331
design and genesis of, 328-331
device initialization in, 341-342
error handling in, 352
Ethernet and, 348
filtering in, 343-344
firewalk function in, 356
flow charts for, 338header templates for, 364-366
init.c for, 383-387
initialization, 337-349, 351, 357, 360, 365, 371Internet control message protocol (ICMP) and, 335, 366, 344
invoking, walk-through of, 331-336
IP addresses and, 347
IP expiry and, 331, 367
IPv4 and, 346, 366-367
libdnet library functions and, 331, 346-347
libdnet library functions in, 331, 364-366
libpcap library functions in, 331, 343, 361-362
link layer headers and, 343-344
looping through ports in, 353-355
MAC addresses and, 346-347
main.c for, 387-391
modular model for, 329-331
packet capture and verification in, 359-372
packet sniffing and, 331, 343
packet template build in, 345
packet verification in, 370
parameter collection used in, 352-353
port scanning process in, 328-329, 331-336, 342-343, 352-353, 356-372
328-329
probes in, ramping phase, 353
protocol ACL scanning in, 328-329
ramping phase in, 348-356, 364, 368
reliability of, 328-329
requirements of, 328
return of control to main module in, 359
routing tables and, 347-348
RST packets in, 369
sanity check for, 366
scanning phase in, 356-372
select in, 361, 364
simplicity of, 328-329
source addresses for, 342
success/failure codes used in, 336
SYN packet scan in, 369
target gateway access in, 333-336, 342, 355
TCP invocation of, 335-336
technique layer in, 329-331
termination of, 355, 359
termination/shutdown in, 372
time to live (TTL) and, 354, 368
timeouts and, 361
transmission control protocol (TCP) and 368-370
tuple information in, 369
UDP invocation of, 332-336
unreachable ICMP code for, 363-364, 367
update of scan probes in, 358
util.c for, 411-412
verbose reporting from, 328, 329
wire injection methods in, 331
firewalk function, 356
firewalking, 232-239, 327-412
firewalls, 5, 130, 132-133, 140-141, 293, 299-302
format strings, 257, 267-272
4 tuple information, 91-92
fragmented IP port scans, 225
framework functions, 41-42, 119-120
FreeBSD, 39, 140
FTP bounce port scan, 222
full-open (TCP connect) port scan, 219-221
Fyodor, 114