Nmap Development mailing list archives
Re: Clarification about OS detection
From: David Fifield <david () bamsoftware com>
Date: Wed, 30 Nov 2016 18:44:40 -0800
On Thu, Dec 01, 2016 at 12:45:59AM +0000, Ricardo Vaz Monteiro wrote:
David, thank-you. Hum interesting. Does the OS assurance changes when we look at the whole message? The full results are: Running (just guessing): Linux 3.X (85%) OS CPE: cpe:/o:linux:kernel:3 Aggressive OS matches for hosdt (test conditions non-ideal) In this case Linux:kernel:3 defines that is Linux with 100% assurance?
The "OS CPE" line is derived from the "Running" line, so it has the same 85%. You have "test conditions non-ideal" so you should not expect strong assurance. You are probably missing an open port or a closed port, which makes OS identification difficult.
And 100% assurance is not Microsoft?
No, as I said, 85% is not a close match, so this system could possibly be Microsoft or something else. It might also be a completely new OS that is not yet present in Nmap's OS database, which would explain the poor match. _______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Clarification about OS detection Ricardo Vaz Monteiro (Nov 30)
- Re: Clarification about OS detection Robin Wood (Nov 30)
- Re: Clarification about OS detection David Fifield (Nov 30)
- Re: Clarification about OS detection Ricardo Vaz Monteiro (Nov 30)
- Re: Clarification about OS detection David Fifield (Nov 30)
- Re: Clarification about OS detection Ricardo Vaz Monteiro (Nov 30)