Nmap Announce mailing list archives

Re: Linux 2.0.36 detected as 2.0.35

From: Evan Brewer <dmessiah () silcon com>
Date: Wed, 16 Dec 1998 13:40:23 -0800

On Wed, Dec 16, 1998 at 02:29:20PM -0600, Mario Camou wrote:

Just to say, Linux running kernel 2.0.36 is erroneously detected as 2.0.35,
here's the fingerprint for 2.0.36:


Well theres a good explanation for this.  Not every release of the linux kernel
has a modification such that the fingerprint would be different each time.  If
you scan a number of different hosts which run linux, with varying kernel
releases, you will notice that nmap only picks up ranges, or specific kernels
which have very noticable changes to its network tree.

They look the same! What to do then?


Don't strictly rely on nmap.  Nmap is a great tool, however there are times
when its usefulness is limited.

Current thread:

HPUX fingerprint Jonathan Scott Duff (Dec 15)
- Re: HPUX fingerprint Evan Brewer (Dec 16)
- Re: HPUX fingerprint Fyodor (Dec 16)
  - Re: HPUX fingerprint Max Vision (Dec 16)
  - Linux 2.0.36 detected as 2.0.35 Mario Camou (Dec 16)
    - Re: Linux 2.0.36 detected as 2.0.35 Lucid Dream (Dec 16)
    - Re: Linux 2.0.36 detected as 2.0.35 Mario Camou (Dec 16)
    - Re: Linux 2.0.36 detected as 2.0.35 Peter van Dijk (Dec 16)
    - Re: Linux 2.0.36 detected as 2.0.35 Fyodor (Dec 19)
    - Re: Linux 2.0.36 detected as 2.0.35 Evan Brewer (Dec 16)
- Re: HPUX fingerprint Jesse Brown (Dec 16)
- <Possible follow-ups>
- Re: HPUX fingerprint Evan Brewer (Dec 16)