Nmap Development mailing list archives
Re: SinFP OS fingerprinting
From: David Fifield <david () bamsoftware com>
Date: Tue, 31 May 2011 10:13:27 -0700
On Tue, May 31, 2011 at 10:42:07AM -0500, DePriest, Jason R. wrote:
On Sat, May 28, 2011 at 8:32 AM, Brahim Sakka <> wrote:Hi list, Did anyone have a look at SinFP OS fingerprinter? http://www.gomor.org/bin/view/Sinfp/DocOverview It is claimed to "bypass Nmap limitations" and I don't like reading that about Nmap :)I'd love to test it out but I've been trying to get all of the prerequisites installed via CPAN for about an hour now and I've come up to one that won't install. I am extremely curious to see how well it can ID an OS with just a single three-way handshake.
It's actually three, not just one, TCP probes. They all go to the same open port. The author has a point that this reduces the chance of getting a mixed-up fingerprint when different ports for the same IP address are handled by different machines. On the other hand, it loses some discriminating power. http://www.gomor.org/files/sinfp-jcv.pdf When I tested it a little bit, its results were accurate but less precise than Nmap's. For example, "2.6" is often all the information available for a Linux version. 3|OSS|Linux|2.4.x|2.4.x| 4|OSS|Linux|2.6.x|2.6.x| 27|OSS|FreeBSD|6.1|6.x|BSD 61|Cisco|IOS|12.0|12.x|Router 125|HP|JetDirect|unknown|unknown|Printer David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- SinFP OS fingerprinting Brahim Sakka (May 28)
- Re: SinFP OS fingerprinting Abuse007 (May 28)
- Re: SinFP OS fingerprinting DePriest, Jason R. (May 31)
- Re: SinFP OS fingerprinting David Fifield (May 31)
- Re: SinFP OS fingerprinting DePriest, Jason R. (May 31)
- Re: SinFP OS fingerprinting Djalal Harouni (May 31)
- Re: SinFP OS fingerprinting David Fifield (May 31)