* Giovanni Bechis <[email protected]> [2009-08-11 12:19]: > Pawlowski Marcin Piotr wrote: >> Hi, >> there is an malfunction with nmap on amd64 and it's not only 5.00 but >> also 4.76. I'm trying to investigate it but it might take a while cause >> I don't have amd64 machine. Currently I'm trying to merge some upstream >> sctp changes but I don't think that will help... >> >> Any thoughts? >> > I tried with nmap-5.00 with my amd64 and this is the result: > $ sudo pfctl -d > $ `sudo nmap -O $host` works > > $ sudo pfctl -e > $ `sudo pfctl -O --packet-trace $host` has the behaviour you described.
if memory serves nmap -O uses some weird combos of flags / mostly unused ip header fields etc to do the OS fingerprinting, and pf sanitizes that a bit. rightly so. no bug nowhere but expected behaviour.
