Strange Fingerprint

[Trevor Elliott <trevor () galois com>]

Hi Everyone,

I'm scanning a custom-built network stack[1], and am getting some strange results in the fingerprint.  It ends up with 
multiple results for the SEQ tests as well as a few others, which I wasn't sure how to interpret:

TCP/IP fingerprint:
OS:SCAN(V=6.45%E=4%D=9/8%OT=9001%CT=1%CU=40625%PV=Y%DS=1%DC=D%G=Y%M=525400%
OS:TM=540DE55C%P=x86_64-redhat-linux-gnu)SEQ(SP=107%GCD=1%ISR=10A%TI=RD%CI=
OS:RI%TS=22)SEQ(CI=RI%II=RI)SEQ(CI=RD)OPS(O1=M5B4NNSNW3NNT11%O2=M5B4NNSNW3N
OS:NT11%O3=M5B4NW3NNT11%O4=M5B4NNSNW3NNT11%O5=M5B4NNSNW3NNT11%O6=M5B4NNSNNT
OS:11)WIN(W1=4000%W2=4000%W3=4000%W4=4000%W5=4000%W6=4000)ECN(R=Y%DF=Y%T=44
OS:%W=4000%O=M5B4NNSNW3NNLL%CC=N%Q=)ECN(R=N)T1(R=Y%DF=Y%T=44%S=O%A=S+%F=AS%
OS:RD=0%Q=)T1(R=N)T2(R=N)T3(R=Y%DF=Y%T=44%W=4000%S=O%A=S+%F=AS%O=M5B4NNSNW3
OS:NNT11%RD=0%Q=)T3(R=N)T4(R=Y%DF=Y%T=3B%W=0%S=A%A=S%F=AR%O=%RD=0%Q=)T5(R=Y
OS:%DF=Y%T=44%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)T6(R=Y%DF=Y%T=44%W=0%S=A%A=S%F=A
OS:R%O=%RD=0%Q=)T7(R=Y%DF=Y%T=44%W=3908%S=O%A=S+%F=AR%O=%RD=0%Q=)U1(R=Y%DF=
OS:N%T=FC%IPL=38%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUD=G)IE(R=Y%DFI=S%T=FF%C
OS:D=S)

I've also posted a pcap capture, and the output of running nmap with -d9 [2,3].

Thanks for any insight! :)

--trevor

[1] https://github.com/galoisinc/hans
[2] http://www.galois.com/~trevor/scan.out
[3] http://www.galois.com/~trevor/scan.pcap

Attachment: smime.p7s
Description:

_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/