Snort mailing list archives
Re: What machine is that... Anyway?
From: Chris Adams <chris () improbable org>
Date: Mon, 3 Sep 2001 01:22:50 -0700
On Monday, September 3, 2001, at 12:33 AM, Niek Jongerius wrote:
Well, it would seem to me that if it has an unknown address on your network, you've already spotted it. You would really need something like nmap to make a stab at what type of OS is running on it.There is another tool for fingerprinting, that often does a better job than nmap. Check out http://www.sys-security.com/html/projects/X.html. Impressive stack analysis!
xprobe has better depth than nmap on the Microsoft stacks but doesn't have anything like the breadth of coverage for different operating systems. It might be interesting to write a script which uses several of the available tools to double-check any guesses.
Chris _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Re: Promiscuouls Mode Question, (continued)
- Re: Promiscuouls Mode Question Jim Kipp (Sep 02)
- Alert_unixsock Anupam Bansal (Sep 02)
- Re: Alert_unixsock Fyodor (Sep 03)
- Message not available
- Re: Alert_unixsock Fyodor (Sep 04)
- Re: Alert_unixsock Fyodor (Sep 04)
- Data structures in rules.h Anupam Bansal (Sep 25)
- -A alert option Anupam Bansal (Sep 02)
- Re: Promiscuouls Mode Question Fyodor (Sep 03)
- Re: Promiscuouls Mode Question Jim Kipp (Sep 03)
- Re: What machine is that... Anyway? Chris Adams (Sep 03)
- Re: What machine is that... Anyway? Fyodor (Sep 03)