Nmap Development mailing list archives
Re: nmap OS detection providing different results: --osscan-guess
From: David Fifield <david () bamsoftware com>
Date: Sat, 2 Apr 2011 09:23:07 -0700
On Sat, Apr 02, 2011 at 08:23:47AM -0700, David Fifield wrote:
On Sat, Apr 02, 2011 at 09:33:45AM -0400, Ryan Giobbi wrote:Hello, When running against non-Windows hosts (AIX), I've noticed that nmap's OS detection (nmap -O) doesn't provide the same results all of the time. About 1/5 scans nmap fails to find the remote hosts when run repeatedly. Is this expected? Would pasting the OS signature that returns when the current ones fail into nmap-os-db and submitting to nmap.org be a reasonable workaround?Yes, please submit the fingerprint you get, it's the only way for the database to improve. It's not a workaround, it's the way the process is supposed to work. I can explain why this happens sometimes. Some of the fingerprint fields are ranges. When a new fingerprint is added, we start the ranges pretty narrow, so as to avoid overlapping with other fingerprints.
Another thing I should mention is that if you just want results, you should use the --osscan-guess option. When a match fails for a reason like this, it is still usually a 98% or 99% match. --osscan-guess will show you the match instead of a fingerprint. Why doesn't Nmap just show you both (the closest match and the fingerprint)? Thew reason is that we fear that people will read the closest match and just paste it into the submit form. Then an incorrect fingerprint will just get reinforced. The downside of using --osscan-guess is that it doesn't help grow the database. (And potentially make --osscan-guess unnecessary for that target in the future.) David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- nmap OS detection providing different results Ryan Giobbi (Apr 02)
- Re: nmap OS detection providing different results David Fifield (Apr 02)
- Re: nmap OS detection providing different results Ryan Giobbi (Apr 02)
- Re: nmap OS detection providing different results David Fifield (Apr 02)
- Re: nmap OS detection providing different results Houcem HACHICHA (Apr 02)
- Re: nmap OS detection providing different results Ryan Giobbi (Apr 02)
- Re: nmap OS detection providing different results: --osscan-guess David Fifield (Apr 02)
- Re: nmap OS detection providing different results David Fifield (Apr 02)
- <Possible follow-ups>
- Re: nmap OS detection providing different results ray . middleton (Apr 02)