Nmap Development mailing list archives
Fwd: nmap-os-db question
From: <ludeksubrt () email cz>
Date: Mon, 28 Jan 2019 13:26:57 +0100 (CET)
" Hello nmap gurus, I am a fan of nmap and especially OS detection. But one thing is still unclear. In the nmap-os-db the value T= is usually range. For example T1(R= Y%DF=Y%T=3B-45%TG=40%S=O%A=S+%F=AS%RD=0%Q=) where T is in range 3B(59)-45 (69) which is exactly 5 away form expected value 0x40(64). When I am performing some test scans in lab environment (all in the same LAN) the scan output looks like T1(R=Y%DF=Y%T=40%S=O%A=S+%F=AS%RD=0%Q=) and there the T equals the expected OS value 64. I would theoretically understand if in the db is 3B-40, but why 45? I have tried some calculation and play with endianity, but I wasn't able to figure out or even create a hypothesis when the initial TTL for the OS could be 0x 45 or in range between 0x40-0x45. Can you help me to understand this last piece of nmap os fingerprinting for which I have trouble sleeping :-) Thank you very much Ludek "
_______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Fwd: nmap-os-db question ludeksubrt (Jan 31)
- Re: Fwd: nmap-os-db question David Fifield (Jan 31)