Re: Clarification about OS detection

[David Fifield <david () bamsoftware com>]

On Thu, Dec 01, 2016 at 12:45:59AM +0000, Ricardo Vaz Monteiro wrote:
> David, thank-you. Hum interesting. Does the OS assurance changes when we look
> at the whole message?
>
> The full results are:
>
> Running (just guessing): Linux 3.X (85%)
> OS CPE: cpe:/o:linux:kernel:3
> Aggressive OS matches for hosdt (test conditions non-ideal)
>
> In this case Linux:kernel:3 defines that is Linux with 100% assurance?

The "OS CPE" line is derived from the "Running" line, so it has the same
85%.

You have "test conditions non-ideal" so you should not expect strong
assurance. You are probably missing an open port or a closed port, which
makes OS identification difficult.

> And 100% assurance is not Microsoft?

No, as I said, 85% is not a close match, so this system could possibly
be Microsoft or something else. It might also be a completely new OS
that is not yet present in Nmap's OS database, which would explain the
poor match.
_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/