Nmap Development mailing list archives
Re: Question about nmap OS detective
From: Daniel Miller <bonsaiviking () gmail com>
Date: Thu, 1 Dec 2016 21:33:09 -0600
Sandy, Thanks for the question. The fingerprints you've listed have a few things in common, so it seems likely they are all from one or two devices. A couple of them (Nintendo Wii, GoPro HERO3) do not have responses for some of the open-port probes, so those are actually more likely to match an unusual observation, though with a low score. Otherwise, I see similarities in TCP options, initial TTL, and a few other things. But there is also enough variation that I think you may be misinterpreting the output. Does Nmap report these as confident matches, or does it say things like "JUST GUESSING" or "conditions not ideal"? Are you using the --osscan-guess option? It's possible you have a device that we have not classified yet. I'd guess probably something running VxWorks, since most of these fingerprints are from that OS, but I can't be sure. Alternatively, you have an unreliable connection or something is interfering with packets in such a way as to make classification difficult. If you provide output from Nmap itself, we could possibly give a more accurate idea of what is going on. Dan On Mon, Nov 28, 2016 at 9:19 PM, <sandy.ys.lu () foxconn com> wrote:
Hi, I have a question about nmap OS detective. I checked the same ip serveral times, but the result changes at different time. Do you know the reason? Example: Usage: nmap -O 10.172.100.101 ( 10.172.100.101 is use for HP iLO4. ) Best Regards, Sandy Lu ------------------------------------------------------------ ----------------- Information Technology Department integrated Digital Product Business Group (iDPBG) Hon Hai/Foxconn Precision Ind. Co., Ltd GL Office : +86-755-3381-0299 ext. 568 <+86%20755%203381%200299>-82295 (I'm here) ZZ Office : +86-371-6628-2888 ext. 579 <+86%20371%206628%202888>-83615 Location: 4F, C33, GL China Cell Phone: +86-188-2028-4279 <+86%20188%202028%204279> Email: sandy.ys.lu () mail foxconn com ------------------------------------------------------------ ----------------- ------------------------------ ⌘本電子郵件及附件所載信息均為保密信息,受合同保護或依法不得洩漏。其內容僅供指定收件人按限定範圍或特殊目的使用。未經授權者收到此信息均無權閱讀、 使用、 複製、洩漏或散佈。若您因為誤傳而收到本郵件或者非本郵件之指定收件人,請即刻回覆郵件或致電Super Notes郵件客服熱線 560-104,並永久刪除此郵件及其附件和銷毀所有複印件。謝謝您的合作! This e-mail message together with any attachments thereto (if any) is confidential, protected under an enforceable non-disclosure agreement, intended only for the use of the named recipient(s) above and may contain information that is privileged, belonging to professional work products or exempt from disclosure under applicable laws.Any unauthorized review, use, copying, disclosure, or distribution of any information contained in or attached to this transmission is STRICTLY PROHIBITED and may be against the laws. If you have received this message in error, or are not the named recipient(s), please immediately notify the sender by e-mail or telephone at Super Notes support hotline 560-104 and delete this e-mail message and any attached documentation from your computer. Receipt by anyone other than the intended recipient(s) is not a waiver of any attorney-client or work product privilege. Thank you!⌘ ------------------------------ mail from ip-->10.172.117.58 mail from pc-->GL-F1195896SVA Version: Super Notes 1.6.9.8B _______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
_______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Question about nmap OS detective sandy . ys . lu (Dec 01)
- Re: Question about nmap OS detective Daniel Miller (Dec 01)