Nmap Development mailing list archives

Possible bug in nmap-os-fingerprints

From: Olivier Laurent <olilau.list.1 () gmail com>
Date: Wed, 14 Sep 2005 20:40:02 +0200

I'm using scapy [1], an interactive packet manipulation tool. It can do
OS fingerprinting based on nmap-os-fingerprints file. But it seems there
is a bug on the T4 field from the "Compex CGX3224 Switch". There is a
double equal sign instead of just one. Don't know if it's a bug so I'm
reporting it to you. Here is the complete class description. See the T4
field (double = sign after the W letter):

# Compex CGX3224 Switch, Firmware version CGX1.53
Fingerprint Compex CGX3224 Switch
Class Compex | embedded || switch
TSeq(Class=64K%IPID=I%TS=U)
T1(DF=N%W=2000%ACK=S++%Flags=AS%Ops=MNW)
T2(Resp=Y%DF=N%W=400|800|C00|1000%ACK=S%Flags=AR%Ops=)
T3(Resp=Y%DF=N%W=2000%ACK=O%Flags=A%Ops=)
T4(DF=N%W==400|800|C00|1000%ACK=S%Flags=AR%Ops=)
T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=)
T6(DF=N%W=400|800|C00|1000%ACK=S%Flags=AR%Ops=)
T7(DF=N%W=400|800|C00|1000%ACK=S++%Flags=AR%Ops=)
PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=F%RIPCK=0%UCK=0%ULEN=134%DAT=E)

[1] http://www.secdev.org/projects/scapy/

-- 
Olivier Laurent.
http://www.descasoft.com


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev

Current thread:

Possible bug in nmap-os-fingerprints Olivier Laurent (Sep 14)
- Re: Possible bug in nmap-os-fingerprints Fyodor (Sep 14)
- Re: Possible bug in nmap-os-fingerprints 赵雷 (Sep 14)