Nmap Development mailing list archives
Re: More intelligent OS fingerprint merging
From: David Fifield <david () bamsoftware com>
Date: Thu, 5 Jul 2007 15:02:28 -0600
On Fri, Jun 29, 2007 at 03:09:48PM -0600, David Fifield wrote:
Nmap can perform OS detection several times against a host, resulting in serveral fingerprints. When Nmap displays these fingerprints, it merges them into one and tries to remove lines that are duplicated between the fingerprints, reducing the overall length of the fingerprint string. If some lines from a fingerprint were missing or out of order, the duplicate-line elimination code would get confused and leave in duplicate lines. The duplicate lines make the fingerprint unnecessarily long and make it harder to read. r5046 in /nmap-exp/soc07/nmap fixes this. It puts all the lines in a list and sorts it before removing duplicates, ensuring that they are all removed and that they are displayed strictly in the correct order.
I discovered a bug in this new code, which is that it sometimes doesn't work for merging first-generation OS fingerprints: # nmap -O1 -d localhost ... FingerTest_lessthan received two unknown test lines "PU" and "TSeq". QUITTING! I fixed this by merging the first-generation test names into the array that defines the test order. They can simply be removed when the rest of the first-generation system is. David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Re: More intelligent OS fingerprint merging David Fifield (Jul 05)