Nmap Development mailing list archives

Re: Edit nmap database for os detection

From: Daniel Miller <bonsaiviking () gmail com>
Date: Sun, 26 Jul 2015 06:57:37 -0500

Tien,

The crash is a result of having duplicate CI and TS tests in the SEQ line.
The section of the Nmap Network Scanning book at [1] describes how to
combine test values in the database. The online documentation is sufficient
to understand the database format if you must add your own fingerprints,
but I highly encourage you to submit your new fingerprints so that we can
properly integrate them. We will be doing another integration run before
the next release, so you should not have long to wait.

Regarding "some of my devices can't be public for security reason," please
understand that disclosure of a device or OS's TCP/IP fingerprint is not a
security issue: there is nothing in the fingerprint that discloses
sensitive information about your installation or configuration, since it is
just a recording of the publicly observable aspects of the network stack's
behavior. None of this information will be traceable back to you as a
submitter.

Dan

[1]
https://nmap.org/book/osdetect-fingerprint-format.html#osdetect-test-expressions

On Sun, Jul 26, 2015 at 12:25 AM, Tien To Tran <totrantien () gmail com> wrote:

Hi,
After append the signature at the end of the database file, I have the
following error:

nmap: osscan.cc:500: double compare_fingerprints(const FingerPrint*, const
FingerPrint*, const FingerPrint*, int): Assertion `strcmp(prev_ref->name,
current_ref->name) < 0' failed.

Aborted (core dumped)

Rgs
Tien


On Sun, Jul 26, 2015 at 4:33 AM, Jacek Wielemborek <d33tah () gmail com>
wrote:

W dniu 25.07.2015 o 22:29, Tien To Tran pisze:

Hi all :)

I try to discover a network topology by using nmap. Part of the job is
detect device type.

I want to add my device information into the nmap database (which is not
available before). Of course, I know we can submit and wait an update

from

the developers, but that costs much time, and some of my devices can't

be

public for security reason.

This is the fingerprint I got:

OS:SCAN(V=6.49BETA4%E=4%D=7/25%OT=21%CT=1%CU=37287%PV=Y%DS=1%DC=D%G=Y%M=002

OS:3CD%TM=55B3910D%P=i686-pc-linux-gnu)SEQ(TI=I%CI=I%TS=U)SEQ(CI=I%TS=U)OPS

OS:(O1=M578%O2=M578%O3=M578%O4=%O5=%O6=)WIN(W1=AF0%W2=AF0%W3=AF0%W4=0%W5=0%

OS:W6=0)ECN(R=Y%DF=N%T=FE%W=0%O=%CC=Y%Q=)T1(R=Y%DF=N%T=FE%S=O%A=S+%F=AS%RD=

OS:0%Q=)T2(R=Y%DF=N%T=FE%W=0%S=Z%A=S%F=AR%O=%RD=0%Q=)T3(R=Y%DF=N%T=FE%W=0%S

OS:=Z%A=S+%F=AR%O=%RD=0%Q=)T4(R=Y%DF=N%T=FE%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)T5(R

OS:=Y%DF=N%T=FE%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)T6(R=Y%DF=N%T=FE%W=0%S=A%A=Z%F

OS:=R%O=%RD=0%Q=)T7(R=Y%DF=N%T=FE%W=0%S=Z%A=S%F=AR%O=%RD=0%Q=)U1(R=Y%DF=N%T

OS:=FE%IPL=38%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUD=G)IE(R=Y%DFI=N%T=FE%CD=S

OS:)

I reformat it:

# router TPLINK TD-8817 -O ip_addr
Fingerprint TPLINK TD-8817 ADSL modem
Class TPLINK | embedded || broadband router
CPE cpe:/h:tplink:td8817
SEQ(CI=I%TS=U%CI=RD%II=I%TS=U)
OPS(O1=M578%O2=%O3=%O4=%O5=%O6=)
WIN(W1=AF0%W2=0%W3=0%W4=0%W5=0%W6=0)
ECN(R=Y%DF=N%T=FE%W=0%O=%CC=Y%Q=)
T1(R=Y%DF=N%T=FE%S=O%A=S+%F=AS%RD=0%Q=)
T2(R=Y%DF=N%T=FE%W=0%S=Z%A=S%F=AR%O=%RD=0%Q=)
T3(R=Y%DF=N%T=FE%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)
T4(R=Y%DF=N%T=FE%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)
T5(R=Y%DF=N%T=FE%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)
T6(R=Y%DF=N%T=FE%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)
T7(R=Y%DF=N%T=FE%W=0%S=Z%A=S%F=AR%O=%RD=0%Q=)
U1(R=Y%DF=N%T=FE%IPL=38%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUD=G)
IE(R=Y%DFI=N%T=FE%CD=S)

However, it makes nmap -O ip_addr crashed. Are there any reliable way to
update the database ourselves?



_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/


Hello,

This is documented here:

https://nmap.org/book/osdetect.html

What is the crash you are getting?

Cheers,
d33tah


_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/

_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/

Current thread:

Edit nmap database for os detection Tien To Tran (Jul 25)
- Re: Edit nmap database for os detection Jacek Wielemborek (Jul 25)
  - Re: Edit nmap database for os detection Tien To Tran (Jul 25)
    - Re: Edit nmap database for os detection Daniel Miller (Jul 26)