Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: SinFP OS fingerprinting

From: Abuse007 <abuse007 () gmail com>
Date: Sun, 29 May 2011 17:05:38 +1000
This is my understanding of the two tools: SinFP focuses on a single TCP port, whereas (correct me if I'm wrong) nmap 
OS detection is based on the port scan of the IP address (the response to open and closed ports, TTL values, etc).

When only a single port is reachable or when NAT is being used to port forward SinFP can give better results. I like to 
use a combination of tools and to compare the results. It either gives more confidence about a result or casts some 
doubt on it.

Note: nmap service version detection is per port, so nmap's OS detection may indicate a completely different OS when 
proxying etc is being used.



On 28/05/2011, at 11:32 PM, Brahim Sakka <brahim.sakka () gmail com> wrote:


Hi list,

Did anyone have a look at SinFP OS fingerprinter?
http://www.gomor.org/bin/view/Sinfp/DocOverview
It is claimed to "bypass Nmap limitations" and I don't like reading that
about Nmap :)
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: