Re: HPUX fingerprint

[Max Vision <vision () whitehats com>]

On Wed, 16 Dec 1998, Fyodor wrote:
> On Tue, 15 Dec 1998, Jonathan Scott Duff wrote:
> > Here's a TCP fingerprint for HPUX 9.05.  What's the official way to
> > get this added?
> That is an excellent question.  If anyone finds machines that have at
> least one port open for which nmap reports 'no OS matches for this host',
> it would be great if you could mail me the fingerprint nmap gives you.  
> Please send the operating system name and version number along with it.
> And be sure you are correct about what OS it is running.

Fyodor,

Here is a valid fingerprint for OpenStep 4.1

FingerPrint OpenStep 4.1
TSeq(Class=64K)
T1(Resp=Y%DF=N%W=F87%ACK=S++%Flags=AS%Ops=M)
T2(Resp=N)
T3(Resp=Y%DF=N%W=F87%ACK=O%Flags=A%Ops=)
T4(Resp=Y%DF=N%W=1000%ACK=O%Flags=R%Ops=)
T5(Resp=Y%DF=N%W=0%ACK=S++%Flags=AR%Ops=)
T6(Resp=Y%DF=N%W=0%ACK=O%Flags=R%Ops=)
T7(Resp=Y%DF=N%W=0%ACK=S%Flags=AR%Ops=)
PU(Resp=Y%DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=0%UCK=0%ULEN=134%DAT=E)

I've been using nmap (and queso and tcpseq juarez and ....) since it was
public and I was very excited to see you now support os detection and seq
prediction.  Your coding efforts have saved me countless hours of patching
together less powerful software to get the same job done.

THANKS!:)
Max