Nmap Development mailing list archives
Re: Clarification about OS detection
From: Ricardo Vaz Monteiro <rvm.iphone () gmail com>
Date: Thu, 01 Dec 2016 00:45:59 +0000
David, thank-you. Hum interesting. Does the OS assurance changes when we look at the whole message? The full results are: Running (just guessing): Linux 3.X (85%) OS CPE: cpe:/o:linux:kernel:3 Aggressive OS matches for hosdt (test conditions non-ideal) In this case Linux:kernel:3 defines that is Linux with 100% assurance? And 100% assurance is not Microsoft? Thank you On Wed, 30 Nov 2016 at 22:03 David Fifield <david () bamsoftware com> wrote:
On Wed, Nov 30, 2016 at 09:47:13PM +0000, Ricardo Vaz Monteiro wrote:When the result is : "Running (Just Guessing): Linux 3.x (85%)", Is itmeansthat you have 85% assurance about the Linux Version? but in this caseare you100% sure that is Linux? On the other hand: "Running (Just Guessing): Linux 3.x (85%)", Do youconfirmwith 100% certainty that it IS NOTMicroSoft? As a suggestion, maybe the interface could be a litle more clear.For IPv4, every test result is worth a certain number of points. The percentage is just the number of points matched divided by the maximum total number of points. The number of points each test is worth is defined in the MatchPoints structure at the top of nmap-os-db. https://nmap.org/book/osdetect-guess.html#osdetect-guess-ipv4 For IPv6, the percentage is harder to interpret intuitively. The underlying classifier returns a number between −∞ and +∞, which then gets turned into a percentage using the formula 100/(1+e^−x). For example, a score of −2 gets mapped to 11.9%, 0 gets mapped to 50%, and +3 gets mapped to 88.1%. https://nmap.org/book/osdetect-guess.html#osdetect-guess-ipv6 To answer your question, if you get an 85% match for Linux, that doesn't mean for sure that it is not some other operating system. Just from experience, I know that 85% is not a very close match at all, so I wouldn't say for sure that it is Linux. If it's over 95% you can usually be pretty sure.
_______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Clarification about OS detection Ricardo Vaz Monteiro (Nov 30)
- Re: Clarification about OS detection Robin Wood (Nov 30)
- Re: Clarification about OS detection David Fifield (Nov 30)
- Re: Clarification about OS detection Ricardo Vaz Monteiro (Nov 30)
- Re: Clarification about OS detection David Fifield (Nov 30)
- Re: Clarification about OS detection Ricardo Vaz Monteiro (Nov 30)