Nmap Development mailing list archives
Re: nmap OS detection providing different results
From: David Fifield <david () bamsoftware com>
Date: Sat, 2 Apr 2011 08:23:47 -0700
On Sat, Apr 02, 2011 at 09:33:45AM -0400, Ryan Giobbi wrote:
Hello, When running against non-Windows hosts (AIX), I've noticed that nmap's OS detection (nmap -O) doesn't provide the same results all of the time. About 1/5 scans nmap fails to find the remote hosts when run repeatedly. Is this expected? Would pasting the OS signature that returns when the current ones fail into nmap-os-db and submitting to nmap.org be a reasonable workaround?
Yes, please submit the fingerprint you get, it's the only way for the database to improve. It's not a workaround, it's the way the process is supposed to work. I can explain why this happens sometimes. Some of the fingerprint fields are ranges. When a new fingerprint is added, we start the ranges pretty narrow, so as to avoid overlapping with other fingerprints. A common case is the SEQ.SP test. We might start a fingerprint like this: SEQ(SP=B7-C1%...) If the range is too narrow, the remote host might be within it most of the time, but sometimes produce a value like B5. When you submit the non-matching fingerprint, it causes us to expand the range, like SEQ(SP=B3-C1%...) You can see, though, that we don't know in advance if the range has to grow upwards or downwards, or at all. We rely on user submissions to refine the database. David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- nmap OS detection providing different results Ryan Giobbi (Apr 02)
- Re: nmap OS detection providing different results David Fifield (Apr 02)
- Re: nmap OS detection providing different results Ryan Giobbi (Apr 02)
- Re: nmap OS detection providing different results David Fifield (Apr 02)
- Re: nmap OS detection providing different results Houcem HACHICHA (Apr 02)
- Re: nmap OS detection providing different results Ryan Giobbi (Apr 02)
- Re: nmap OS detection providing different results: --osscan-guess David Fifield (Apr 02)
- Re: nmap OS detection providing different results David Fifield (Apr 02)
- <Possible follow-ups>
- Re: nmap OS detection providing different results ray . middleton (Apr 02)