Nmap Development mailing list archives
Fwd: Help needed: hunting down OS fingerprints
From: Jacek Wielemborek <wielemborekj1 () gmail com>
Date: Wed, 6 Nov 2013 21:56:21 +0100
Hi guys, For the last three weeks so far I have been doing research on Internet Census 2012 TCP/IP fingerprints data set. While my report is not yet ready, I decided to share one of my findings with you earlier. Today I grepped the data set looking for G=Y fingerprints. I noticed that out of 80 million of fingerprints, only about 50 000 were suitable for submission. I tried to match them against nmap-os-db from r32431 and found that 32663 of them had no perfect matches and 11 had none. Since they could be potentially useful for the Nmap Project, I decided to share them with you. I attach a link with the excerpts from original Internet Census 2012 data set. The first two columns are real IP addresses and timestamps - I kept them in case they proved useful. The third column is a comma-separated list of top three matches in format "LLL[AAA]", where LLL is the line number in nmap-os-db r32431 (could be off by one) and AAA is the accuracy percentage. Perhaps we could improve the database by using alternative methods of OS detection? One could for example try scanning the ports of the targets or contacting the owners. It would be great to help in Nmap development. Yours, Jacek Wielemborek PS. The original attachment was too big (300kb), so I put the uncompressed version online: http://pastebin.com/d8hZtr1i http://pastebin.com/A56rWk4v http://pastebin.com/kSY95Wcx http://pastebin.com/zW4M2cUY _______________________________________________ Sent through the dev mailing list http://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Fwd: Help needed: hunting down OS fingerprints Jacek Wielemborek (Nov 06)
- Re: Fwd: Help needed: hunting down OS fingerprints Daniel Miller (Nov 07)