Nmap Development mailing list archives
Re: Nmap 5.61TEST2 IPv6 OS Detection (Cherry Soeprapto)
From: Cherry Soeprapto <cierish () yahoo com>
Date: Thu, 22 Dec 2011 08:16:10 -0800 (PST)
Arghh, I got it, I could use the tool for *.6fp too and the results should be the same with the *.nmap aren't they? I will try to understand the 16th-154th tests for ipv6 in ipv6fp.py and might ask you about them again in the future. Thank you, Cherry ________________________________ From: David Fifield <david () bamsoftware com> To: Cherry Soeprapto <cierish () yahoo com> Cc: nmap-dev () insecure org Sent: Friday, December 16, 2011 4:09 AM Subject: Re: Nmap 5.61TEST2 IPv6 OS Detection (Cherry Soeprapto) On Wed, Dec 14, 2011 at 07:11:52AM -0800, Cherry Soeprapto wrote:
I use an IPv6 router at lab and tunnels at home and it works perfectly. Now, I'm trying to understand the TCP/IP - fingerprinting's result (through IPv6). I read about the sample fingerprint and feature vector from the Mr. David Fifield here: http://www.bamsoftware.com/talks/seclunch-os6/sample-fp.txt I tried to decode that fingerprinting: ( ? means that I'm not sure)
The fingerprints aren't meant to be parsed visually. I always use a tool to do it. $ svn co https://svn.nmap.org/nmap-exp/luis/ipv6tests $ cd ipv6tests Read the README to build the local liblinear. Then copy and paste the fingerprint into this command: $ ./nmap26fp.py | ./vectorize.py -s nmap.set That will print out a list of features, which is the same as Nmap's internal representation, which also correspond to the columns of the big table in FPModel.cc. If you look in vectorize.py, you can see how the packets are loaded and you can print out different information.
A simple explanation about the one-dimensional feature vector and LIBLINEAR would be most acceptable :)
You should read http://nmap.org/book/osdetect-ipv6-methods.html http://nmap.org/book/osdetect-fingerprint-format.html If you get unidentified or incorrect results, please submit the fingerprints at http://nmap.org/submit/. David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Re: Nmap 5.61TEST2 IPv6 OS Detection (Cherry Soeprapto) Cherry Soeprapto (Dec 04)
- Re: Nmap 5.61TEST2 IPv6 OS Detection (Cherry Soeprapto) Patrik Karlsson (Dec 04)
- Re: Nmap 5.61TEST2 IPv6 OS Detection (Cherry Soeprapto) Cherry Soeprapto (Dec 04)
- Re: Nmap 5.61TEST2 IPv6 OS Detection (Cherry Soeprapto) Patrik Karlsson (Dec 04)
- Re: Nmap 5.61TEST2 IPv6 OS Detection (Cherry Soeprapto) Cherry Soeprapto (Dec 14)
- Re: Nmap 5.61TEST2 IPv6 OS Detection (Cherry Soeprapto) David Fifield (Dec 15)
- Re: Nmap 5.61TEST2 IPv6 OS Detection (Cherry Soeprapto) Cherry Soeprapto (Dec 22)
- Re: Nmap 5.61TEST2 IPv6 OS Detection (Cherry Soeprapto) Cherry Soeprapto (Dec 22)
- Re: Nmap 5.61TEST2 IPv6 OS Detection (Cherry Soeprapto) David Fifield (Dec 22)
- Re: Nmap 5.61TEST2 IPv6 OS Detection (Cherry Soeprapto) Cherry Soeprapto (Dec 04)
- Re: Nmap 5.61TEST2 IPv6 OS Detection (Cherry Soeprapto) Patrik Karlsson (Dec 04)