Everything, Everything

Apologies in advance for the geeky post, but Nping 0.1BETA3 has finally made it into (the SVN version of) Nmap. I decided to give it a spin on Windows, and it seems to work okay. With support for things like IPv6, I think this tool will quickly replace similar tools (such as hping) as the defacto packet crafting application.

Here are a few examples (and some simplified explanations) against a router that has TCP port 80 open.

>nping --tcp -p 80 --flags syn --ttl 2 192.168.1.1

Starting Nping 0.1BETA3 ( http://nmap.org/nping ) at 2010-02-21 17:05 GMT Standard Time
SENT (0.0310s) TCP 192.168.1.16:53734 > 192.168.1.1:80 S ttl=2 id=53648 iplen=40 seq=2700778359 win=1480
RCVD (1.0000s) TCP 192.168.1.1:80 > 192.168.1.16:53734 SA ttl=64 id=0 iplen=44 seq=3178978663 win=5840 <mss 1460>
SENT (1.0630s) TCP 192.168.1.16:53734 > 192.168.1.1:80 S ttl=2 id=45552 iplen=40 seq=2700778359 win=1480

This shows Nping sending a SYN request to the router. The router has port 80 open, so it returns a SYN ACK, to show that it's received our initial SYN and to say it's okay to continue the TCP handshake.

>nping --tcp -p 80 --flags syn,ack --ttl 2 192.168.1.1

Starting Nping 0.1BETA3 ( http://nmap.org/nping ) at 2010-02-21 17:05 GMT Standard Time
SENT (0.0320s) TCP 192.168.1.16:29897 > 192.168.1.1:80 SA ttl=2 id=47721 iplen=40 seq=3973183360 win=1480
RCVD (1.0000s) TCP 192.168.1.1:80 > 192.168.1.16:29897 R ttl=255 id=0 iplen=40 seq=4279075109 win=0
SENT (1.0630s) TCP 192.168.1.16:29897 > 192.168.1.1:80 SA ttl=2 id=53693 iplen=40 seq=3973183360 win=1480

This shows Nping sending a SYN ACK to the router, except this time the router never saw an initial SYN and doesn't expect the traffic for this open port. So it send a RST to reset the connection. Some firewalls in the past have been configured to silently drop SYN packets so you're not sure if there's anything there; but if you send a SYN ACK you can sometimes get the firewall to return a RST, giving away the fact there's something there.

>nping --tcp -p 80 --flags syn,ack,rst --ttl 2 192.168.1.1

Starting Nping 0.1BETA3 ( http://nmap.org/nping ) at 2010-02-21 17:05 GMT Standard Time
SENT (0.0470s) TCP 192.168.1.16:3950 > 192.168.1.1:80 SRA ttl=2 id=54975 iplen=40 seq=3973559584 win=1480
SENT (1.0620s) TCP 192.168.1.16:3950 > 192.168.1.1:80 SRA ttl=2 id=54655 iplen=40 seq=3973559584 win=1480
SENT (2.0620s) TCP 192.168.1.16:3950 > 192.168.1.1:80 SRA ttl=2 id=47824 iplen=40 seq=3973559584 win=1480
SENT (3.0620s) TCP 192.168.1.16:3950 > 192.168.1.1:80 SRA ttl=2 id=61647 iplen=40 seq=3973559584 win=1480

This shows Nping sending a really dodgy looking packet. You normally have flags such as RST or SYN and sometimes things like SYN ACK. You should never see a real packet with the SYN ACK and RST flags all set (the SYN says you want to establish the connection; the RST says you want to break the connection). Because the packet is so messed up, the router doesn't even bother sending a reply, it simply drops the malformed packet.

Anyway, that's a quick guide to creating packets with Nping. Most importantly to me, it seems to work okay on Windows 7. If anyone wants to use it, you'll have to download the code from SVN and compile it; but hopefully a new stable release will be out in a little while (with some interesting new scripts, and a few bugfixes).

I tried starting Outlook and was surprised to see this rather annoying error message (to be fair, after using it for 3 years, it's the first time I've seen it):

Cannot start Microsoft Office Outlook. Cannot open the Outlook window.

It turns out there's an easy way to potentially fix this issue. Simply run the following command:

C:\Program Files (x86)\Microsoft Office\Office12>Outlook.exe /resetnavpane

Thank you Google. It's a shame the error message doesn't suggest where to look for help, or suggest any actions to fix the issue. Maybe Office 2010 will be better.

I finally got around to watching Avatar over the weekend at my local cinema. Before the film began, there were two anti-piracy warnings, one of which was telling us how poor quality the movies were compared to watching it at the cinema. According to certain naughty websites, there are several DVD Screeners of Avatar making the rounds that are meant to be pretty good quality. Sure, I won't get the interesting 3D effect (unlike other 3D movies, Avatar is definitely worth it) that I experienced over the weekend, but I could save myself a tenner and not have to leave the house.

However, I'm considering illegally downloading an episode of 8 Out of 10 Cats. I missed it on Channel 4 (and haven't sorted out a cable for the new TV card yet), so I decided to try the 4oD website. However, they've badly encoded the episode so it starts flickering after a few seconds of the intro sequence. Jumping further ahead doesn't solve it either. I decided to try it again tonight - on another PC - to see if it's been fixed, but it's still broken. The episode is free to download, so I could argue that obtaining it from another (less legal) site won't result in a loss of money. The latest episodes do contain adverts (some of the previous ones don't, by the look of things), that people would otherwise miss; but seeing as I've sat through the adverts about 4 times now without actually getting to see this episode, I don't feel like anyone's losing out except perhaps myself. Plus, if I download the torrent from The Pirate Bay then Channel 4 won't have to pay bandwidth costs for the episode as other internet users will be footing the bill.

Not for the first time, the pirates are able to provide a better service than the legal services. What could save (or postpone the inevitable death of) the movie industry is the use of 3D as you can't get it at home - although it won't be long until it does. You also get larger screens than you tend to have at home. But for TV shows, your computer screen might not be much smaller than your TV, and that's assuming you don't hook your PC up to the TV (most laptops have VGA or HDMI outputs, or you can build your own HTPC). The quality of 4oD and iPlayer tends to be lower than that of the illegal downloads (Scene rules are of a pretty high standard), although the BBC's HD streams offer a pretty good alternative. Torrents don't tend to last long, but nor do episodes on iPlayer or 4oD. If you want people to use legal services, you have to offer something that's significantly better and/or easier to access. Until our TVs support 3D, or we have 1080p screens that are 100" and affordable, the cinema can (just about) justify the price tag. The only real advantage of iPlayer and 4oD (when they work properly) is that you can stream the episode; torrents tends to require the entire episode to be downloaded before you can start watching it.

So I really am struggling to think of a reason not to download this episode at TPB when this one at 4oD doesn't work. Damn you Channel 4. Sort out your episodes.

You've probably seen or heard about the guy that tried to pay Blockbuster with a drawing of a spider. I've been reading the other content on his site for a while, and he recently posted a competition! The Where's Chris? competiton encourages people to use a not-very-flattering photo of a guy called Christopher Gould and insert it into photos that "prove" that Chris leaves the house.

I submitted the following entry, but I haven't seen it on his site (although some other new photos have gone up):



It's possible he ruled it out because his own competition is based on the idea of Crasher Squirrel, but I'd like to think that he recently watched the film Up In The Air (that I quite enjoyed, although I'm not sure it deserves an 8.0 on IMDb), where George Clooney's asked to take picures of a cardboard cutout of his sister and her fiancé Jim in different places because they didn't have the money for a honeymoon. Of course, I'm probably wrong, and it's based on Crasher Squirrel and I look rather stupid. Anyway, feel free to enter your own, and I hope you liked mine.