Nmap Development mailing list archives
OS Fingerprinting Problem
From: "net2004eng () yahoo com" <net2004eng () yahoo com>
Date: Tue, 2 Sep 2008 12:48:29 -0700 (PDT)
Hello Everyone, Recently a number of co-workers and I were in the process of attempting to identify a "Linksys BEFSR41 Firmware Version: 1.46.02, Aug 03 2004" device using 2 different versions of nmap. I was using nmap version: Nmap 4.62 while a co-worker was using Nmap 4.20. The device was properly identified by running 4.20, but was unable to be identified while running 4.62. After performing a diff on both files, I noticed the following difference: Scan ran: "nmap -vA x.x.x.x" 4.20: SEQ(SP=F-16%GCD=A|14|1E|28|32|3C%ISR=4F-51%TI=I%II=I%SS=S%TS=U) 4.62: SEQ(SP=F-16%GCD=A|14|1E|28|32|3C%ISR=4D-51%TI=I%II=I%SS=S%TS=U) The only difference here is for "%ISR=4F-51" to "%ISR=4D-51" I understand that the ISR accounts for the average rate of increase for the returned TCP initial sequence number. I wanted to know what can be done to get this included into the next update to nmap. The device that was scanned is accurately detected as the Linksys BEFSR41 Firmware Version: 1.46.02, Aug 03 2003 device. I plan on researching this more later, and will post any findings. If a packet trace is desired, I can post a scrubbed trace for that as well. Comments, input, and questions are welcome. Thanks, Matt _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- OS Fingerprinting Problem net2004eng () yahoo com (Sep 02)
- Re: OS Fingerprinting Problem Fyodor (Sep 02)
- RE: OS Fingerprinting Problem Aaron Leininger (Sep 04)
- Re: OS Fingerprinting Problem Michael Pattrick (Sep 02)
- Re: OS Fingerprinting Problem Fyodor (Sep 02)