Nmap Development mailing list archives
Re: SinFP OS fingerprinting
From: Abuse007 <abuse007 () gmail com>
Date: Sun, 29 May 2011 17:05:38 +1000
This is my understanding of the two tools: SinFP focuses on a single TCP port, whereas (correct me if I'm wrong) nmap OS detection is based on the port scan of the IP address (the response to open and closed ports, TTL values, etc). When only a single port is reachable or when NAT is being used to port forward SinFP can give better results. I like to use a combination of tools and to compare the results. It either gives more confidence about a result or casts some doubt on it. Note: nmap service version detection is per port, so nmap's OS detection may indicate a completely different OS when proxying etc is being used. On 28/05/2011, at 11:32 PM, Brahim Sakka <brahim.sakka () gmail com> wrote:
Hi list, Did anyone have a look at SinFP OS fingerprinter? http://www.gomor.org/bin/view/Sinfp/DocOverview It is claimed to "bypass Nmap limitations" and I don't like reading that about Nmap :) _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- SinFP OS fingerprinting Brahim Sakka (May 28)
- Re: SinFP OS fingerprinting Abuse007 (May 28)
- Re: SinFP OS fingerprinting DePriest, Jason R. (May 31)
- Re: SinFP OS fingerprinting David Fifield (May 31)
- Re: SinFP OS fingerprinting DePriest, Jason R. (May 31)
- Re: SinFP OS fingerprinting Djalal Harouni (May 31)
- Re: SinFP OS fingerprinting David Fifield (May 31)