Nmap Development mailing list archives
IE.DLI OS detection test
From: David Fifield <david () bamsoftware com>
Date: Thu, 12 Mar 2009 15:33:36 -0600
Hi, Fyodor noticed that every single reference fingerprint in nmap-os-db that had a result of the IE.DLI test had the value S. Documentation for that test is here: http://nmap.org/book/osdetect-methods.html#osdetect-dl The test measures the length of data returned in the replies to the two ICMP echo probes. The documentation says that some implementations truncate the data, but that is not supported by the database. I did a test: hping2 --rand-dest --icmp -d 120 --fast --interface eth0 x.x.x.x and let it run for a while. There were 37461 packets transmitted and 1520 packets received. Of those 1520, 1394 were echo replies. All of them had len=148, corresponding to an ICMP data length of 120. I recommend we just remove the test. David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- IE.DLI OS detection test David Fifield (Mar 12)
- Re: IE.DLI OS detection test Brandon Enright (Mar 12)
- Re: IE.DLI OS detection test ithilgore (Mar 12)
- Other useless OS detection tests? David Fifield (Mar 12)
- RE: Other useless OS detection tests? Thomas Tavaris J (Tavaris) (Mar 13)
- Re: Other useless OS detection tests? Fyodor (Mar 13)
- Re: Other useless OS detection tests? David Fifield (Mar 27)
- RE: Other useless OS detection tests? Thomas Tavaris J (Tavaris) (Mar 13)
- Re: IE.DLI OS detection test Brandon Enright (Mar 12)