Nmap Development mailing list archives
Re: Edit nmap database for os detection
From: Daniel Miller <bonsaiviking () gmail com>
Date: Sun, 26 Jul 2015 06:57:37 -0500
Tien, The crash is a result of having duplicate CI and TS tests in the SEQ line. The section of the Nmap Network Scanning book at [1] describes how to combine test values in the database. The online documentation is sufficient to understand the database format if you must add your own fingerprints, but I highly encourage you to submit your new fingerprints so that we can properly integrate them. We will be doing another integration run before the next release, so you should not have long to wait. Regarding "some of my devices can't be public for security reason," please understand that disclosure of a device or OS's TCP/IP fingerprint is not a security issue: there is nothing in the fingerprint that discloses sensitive information about your installation or configuration, since it is just a recording of the publicly observable aspects of the network stack's behavior. None of this information will be traceable back to you as a submitter. Dan [1] https://nmap.org/book/osdetect-fingerprint-format.html#osdetect-test-expressions On Sun, Jul 26, 2015 at 12:25 AM, Tien To Tran <totrantien () gmail com> wrote:
Hi, After append the signature at the end of the database file, I have the following error: nmap: osscan.cc:500: double compare_fingerprints(const FingerPrint*, const FingerPrint*, const FingerPrint*, int): Assertion `strcmp(prev_ref->name, current_ref->name) < 0' failed. Aborted (core dumped) Rgs Tien On Sun, Jul 26, 2015 at 4:33 AM, Jacek Wielemborek <d33tah () gmail com> wrote:W dniu 25.07.2015 o 22:29, Tien To Tran pisze:Hi all :) I try to discover a network topology by using nmap. Part of the job is detect device type. I want to add my device information into the nmap database (which is not available before). Of course, I know we can submit and wait an updatefromthe developers, but that costs much time, and some of my devices can'tbepublic for security reason. This is the fingerprint I got:OS:SCAN(V=6.49BETA4%E=4%D=7/25%OT=21%CT=1%CU=37287%PV=Y%DS=1%DC=D%G=Y%M=002OS:3CD%TM=55B3910D%P=i686-pc-linux-gnu)SEQ(TI=I%CI=I%TS=U)SEQ(CI=I%TS=U)OPSOS:(O1=M578%O2=M578%O3=M578%O4=%O5=%O6=)WIN(W1=AF0%W2=AF0%W3=AF0%W4=0%W5=0%OS:W6=0)ECN(R=Y%DF=N%T=FE%W=0%O=%CC=Y%Q=)T1(R=Y%DF=N%T=FE%S=O%A=S+%F=AS%RD=OS:0%Q=)T2(R=Y%DF=N%T=FE%W=0%S=Z%A=S%F=AR%O=%RD=0%Q=)T3(R=Y%DF=N%T=FE%W=0%SOS:=Z%A=S+%F=AR%O=%RD=0%Q=)T4(R=Y%DF=N%T=FE%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)T5(ROS:=Y%DF=N%T=FE%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)T6(R=Y%DF=N%T=FE%W=0%S=A%A=Z%FOS:=R%O=%RD=0%Q=)T7(R=Y%DF=N%T=FE%W=0%S=Z%A=S%F=AR%O=%RD=0%Q=)U1(R=Y%DF=N%TOS:=FE%IPL=38%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUD=G)IE(R=Y%DFI=N%T=FE%CD=SOS:) I reformat it: # router TPLINK TD-8817 -O ip_addr Fingerprint TPLINK TD-8817 ADSL modem Class TPLINK | embedded || broadband router CPE cpe:/h:tplink:td8817 SEQ(CI=I%TS=U%CI=RD%II=I%TS=U) OPS(O1=M578%O2=%O3=%O4=%O5=%O6=) WIN(W1=AF0%W2=0%W3=0%W4=0%W5=0%W6=0) ECN(R=Y%DF=N%T=FE%W=0%O=%CC=Y%Q=) T1(R=Y%DF=N%T=FE%S=O%A=S+%F=AS%RD=0%Q=) T2(R=Y%DF=N%T=FE%W=0%S=Z%A=S%F=AR%O=%RD=0%Q=) T3(R=Y%DF=N%T=FE%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=) T4(R=Y%DF=N%T=FE%W=0%S=A%A=Z%F=R%O=%RD=0%Q=) T5(R=Y%DF=N%T=FE%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=) T6(R=Y%DF=N%T=FE%W=0%S=A%A=Z%F=R%O=%RD=0%Q=) T7(R=Y%DF=N%T=FE%W=0%S=Z%A=S%F=AR%O=%RD=0%Q=) U1(R=Y%DF=N%T=FE%IPL=38%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUD=G) IE(R=Y%DFI=N%T=FE%CD=S) However, it makes nmap -O ip_addr crashed. Are there any reliable way to update the database ourselves? _______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/Hello, This is documented here: https://nmap.org/book/osdetect.html What is the crash you are getting? Cheers, d33tah_______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
_______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Edit nmap database for os detection Tien To Tran (Jul 25)
- Re: Edit nmap database for os detection Jacek Wielemborek (Jul 25)
- Re: Edit nmap database for os detection Tien To Tran (Jul 25)
- Re: Edit nmap database for os detection Daniel Miller (Jul 26)
- Re: Edit nmap database for os detection Tien To Tran (Jul 25)
- Re: Edit nmap database for os detection Jacek Wielemborek (Jul 25)