Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Nmap 5.61TEST2 IPv6 OS Detection (Cherry Soeprapto)

From: Cherry Soeprapto <cierish () yahoo com>
Date: Wed, 14 Dec 2011 07:11:52 -0800 (PST)
Hello,


I use an IPv6 router at lab and tunnels at home and it works perfectly.

Now, I'm trying to understand the TCP/IP - fingerprinting's result (through IPv6).
I read about the sample fingerprint and feature vector from the Mr. David Fifield here:
http://www.bamsoftware.com/talks/seclunch-os6/sample-fp.txt

I tried to decode that fingerprinting: ( ? means that I'm not sure)

S1(

***IPv6***

P=6000{4}280640
6 | 00 | 00 000 | 0028 | 06 | 40
version=6 | tc | fl | plen=40 | nh=TCP | hlim=64

XX{32}
src xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx | dest xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx 

***TCP***

0035cd12
0035 | cd12
src port? | dest port?

81febeb5b254856e
81fe beb5|b254 856e
seq. Nr. | ACK Nr. 

a012
1010 | 0000 | 0001 0010
data offset | reserved | CEUA PRSF 

7fd8
TCP window = 32728

00300000
0030 | 0000
chksum? | urgptr?

02043ff8
02 | 04 | 3ff8
kind=2 | length=4 | MSS=16376

0402080a02f5064bff{4}01030307
04 | ...
sack ok? | ... ??

%ST=0.040822
send time

%RT=0.040851)
received time

How about the rest of it? (TCP_OPT, _OPTLEN, _Wscale) 
I would really appreciate that, if someone could explain it or give the link about that.

A simple explanation about the one-dimensional feature vector and LIBLINEAR would be most acceptable :)


Thanks!

Cherry
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: