Nmap Development mailing list archives
Re: Why does OS fingerprinting happen before Application Fingerprinting
From: Fyodor <fyodor () insecure org>
Date: Fri, 5 Mar 2004 21:08:07 -0800
On Sun, Feb 15, 2004 at 09:27:06PM -0800, alan donald wrote:
I just ran a few scans with the OS probe and Version probe check boxes checked. It appeared that the OS detection is being done before the Version detection. Why is this so? Is it some performance issue or is it using this information in some way. Or is this just random and the 2 types (OS vs Version) of probes can be sent one before the other or vice versa.
Neither of those scan types are dependant on the other, so the order shouldn't matter. But OS detection actually comes _after_ service scan. You can see the order with the -v option: # nmap -v -A localhost Starting nmap 3.50 ( http://www.insecure.org/nmap/ ) at 2004-03-05 21:05 PST Host felix (127.0.0.1) appears to be up ... good. Initiating SYN Stealth Scan against felix (127.0.0.1) at 21:05 [...] The SYN Stealth Scan took 3 seconds to scan 1659 ports. Initiating service scan against 8 services on 1 host at 21:05 The service scan took 5 seconds to scan 8 services on 1 host. Initiating RPCGrind Scan against felix (127.0.0.1) at 21:05 The RPCGrind Scan took 0 seconds to scan 1 ports. For OSScan assuming that port 22 is open and port 1 is closed and neither are firewalled Cheers, -Fyodor --------------------------------------------------------------------- For help using this (nmap-dev) mailing list, send a blank email to nmap-dev-help () insecure org . List archive: http://seclists.org
Current thread:
- Why does OS fingerprinting happen before Application Fingerprinting alan donald (Feb 15)
- Re: Why does OS fingerprinting happen before Application Fingerprinting Cullen Newsom (Feb 16)
- Re: Why does OS fingerprinting happen before Application Fingerprinting Fyodor (Mar 05)