Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Strange Fingerprint

From: Trevor Elliott <trevor () galois com>
Date: Mon, 8 Sep 2014 15:04:10 -0700
Thanks for the reply, David.  I'll continue debugging :)

--trevor

On Sep 8, 2014, at 15:03, David Fifield <david () bamsoftware com> wrote:


On Mon, Sep 08, 2014 at 02:58:48PM -0700, Trevor Elliott wrote:

Hi David,

Are the results (SEQ etc.) different because the network stack was
returning different results for the repeated tests?  I noticed that if
I scan my linux dev machine, I don't see any repeated tests in the
fingerprint, so I was wondering if I had made an error during my
implementation of HaNS :)


Yes, it means there were different results in different tests. It's
fairly common; for instance SEQ.SP is naturally a bit variable.
Sometimes SEQ.CI=RI can be confused with SEQ.CI=RD. I'm not sure why
you're not getting SEQ.II=RI in your first SEQ line. If I had to guess,
I'd guess that the target might be dropping some probes.

http://nmap.org/book/osdetect-methods.html#osdetect-ti

David Fifield

Attachment: smime.p7s
Description: 

_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: