Nmap Development mailing list archives
Re: OS Fingerprinting Problem
From: Fyodor <fyodor () insecure org>
Date: Tue, 2 Sep 2008 13:00:19 -0700
On Tue, Sep 02, 2008 at 12:48:29PM -0700, net2004eng () yahoo com wrote:
The only difference here is for "%ISR=4F-51" to "%ISR=4D-51" I understand that the ISR accounts for the average rate of increase for the returned TCP initial sequence number. I wanted to know what can be done to get this included into the next update to nmap. The device that was scanned is accurately detected as the Linksys BEFSR41 Firmware Version: 1.46.02, Aug 03 2003 device.
Hi Matt. The ISR change did not prevent the match. The change from "4F-51" to "4D-51" makes the matching more broad (those are hex number ranges). So anything which matched the first one, should match the 2nd. The difference is probably that Nmap 4.20 still had the 1st generation system to fall back on, while newer versions don't. We may need to improve our 2nd generation fingerprint for this device. And yes, you CAN help get this system recognized in future versions of Nmap! Scan it with "nmap -v -sUT -O -T4" and see if it gives you a fingerprint and submission URL. If so, please submit the sucker! If not, you may need to scan from a machine on the same network as the AP. Nmap is rather picky about when it considers a fingerprint suitable for submission. Cheers, -F _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- OS Fingerprinting Problem net2004eng () yahoo com (Sep 02)
- Re: OS Fingerprinting Problem Fyodor (Sep 02)
- RE: OS Fingerprinting Problem Aaron Leininger (Sep 04)
- Re: OS Fingerprinting Problem Michael Pattrick (Sep 02)
- Re: OS Fingerprinting Problem Fyodor (Sep 02)