Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: More intelligent OS fingerprint merging

From: David Fifield <david () bamsoftware com>
Date: Thu, 5 Jul 2007 15:02:28 -0600
On Fri, Jun 29, 2007 at 03:09:48PM -0600, David Fifield wrote:

Nmap can perform OS detection several times against a host, resulting in
serveral fingerprints. When Nmap displays these fingerprints, it merges
them into one and tries to remove lines that are duplicated between the
fingerprints, reducing the overall length of the fingerprint string.

If some lines from a fingerprint were missing or out of order, the
duplicate-line elimination code would get confused and leave in
duplicate lines. The duplicate lines make the fingerprint unnecessarily
long and make it harder to read.

r5046 in /nmap-exp/soc07/nmap fixes this. It puts all the lines in a
list and sorts it before removing duplicates, ensuring that they are all
removed and that they are displayed strictly in the correct order.


I discovered a bug in this new code, which is that it sometimes doesn't
work for merging first-generation OS fingerprints:

        # nmap -O1 -d localhost
        ...
        FingerTest_lessthan received two unknown test lines "PU" and "TSeq".
        
        QUITTING!

I fixed this by merging the first-generation test names into the array
that defines the test order. They can simply be removed when the rest of
the first-generation system is.

David Fifield

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
Previous By Date Next
Previous By Thread Next

Current thread: