Nmap Development mailing list archives
Re: Clarification about OS detection
From: David Fifield <david () bamsoftware com>
Date: Wed, 30 Nov 2016 16:02:51 -0800
On Wed, Nov 30, 2016 at 09:47:13PM +0000, Ricardo Vaz Monteiro wrote:
When the result is : "Running (Just Guessing): Linux 3.x (85%)", Is it means that you have 85% assurance about the Linux Version? but in this case are you 100% sure that is Linux? On the other hand: "Running (Just Guessing): Linux 3.x (85%)", Do you confirm with 100% certainty that it IS NOTMicroSoft? As a suggestion, maybe the interface could be a litle more clear.
For IPv4, every test result is worth a certain number of points. The percentage is just the number of points matched divided by the maximum total number of points. The number of points each test is worth is defined in the MatchPoints structure at the top of nmap-os-db. https://nmap.org/book/osdetect-guess.html#osdetect-guess-ipv4 For IPv6, the percentage is harder to interpret intuitively. The underlying classifier returns a number between −∞ and +∞, which then gets turned into a percentage using the formula 100/(1+e^−x). For example, a score of −2 gets mapped to 11.9%, 0 gets mapped to 50%, and +3 gets mapped to 88.1%. https://nmap.org/book/osdetect-guess.html#osdetect-guess-ipv6 To answer your question, if you get an 85% match for Linux, that doesn't mean for sure that it is not some other operating system. Just from experience, I know that 85% is not a very close match at all, so I wouldn't say for sure that it is Linux. If it's over 95% you can usually be pretty sure. _______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Clarification about OS detection Ricardo Vaz Monteiro (Nov 30)
- Re: Clarification about OS detection Robin Wood (Nov 30)
- Re: Clarification about OS detection David Fifield (Nov 30)
- Re: Clarification about OS detection Ricardo Vaz Monteiro (Nov 30)
- Re: Clarification about OS detection David Fifield (Nov 30)
- Re: Clarification about OS detection Ricardo Vaz Monteiro (Nov 30)