Nmap Announce mailing list archives
Shiva fingerprint
From: "Sten Kalenda" <sten () rf roccadefinance nl>
Date: Wed, 16 Dec 1998 22:50:07 +0100
Responding to Fyodor's request here comes the Shiva AccessPort fingerprint
I'll incorporate these into nmap-os-fingerprints and when I get enough of them I'll release a new version (of nmap, or possibly just send the fingerprints file to the list). Considering that there is already 300 people on this list, we should collectively have access to virtually every mainstream type of machine out there. Cheers, Fyodor
Shiva SoHo router version: AccessPort: system version Product name : Shiva AccessPort Bridge/Router Serial number : SAP121348 Software version : 2.1.0 (1MB) (10 Apr 1998) MC68360 CPU rev. : C ISDN variant : S/T-ISDN Time running : 21d 21h 54m 25s Interfaces : eth1 isdn2 Protocols : bridge ip ipx ISDN Software Version: SpiderISDN V4.00.00[0A], ETS 300 102 (EuroISDN) fingerprint: [root@stuiver /root]# nmap -sS -O -d 192.168.1.254 Starting nmap V. 2.00 by Fyodor (fyodor () dhp com, www.insecure.org/nmap/) The first host is 192, and the last one is 192 The first host is 168, and the last one is 168 The first host is 1, and the last one is 1 The first host is 254, and the last one is 254 Packet capture filter: (icmp and dst host 192.168.1.1) or (tcp and dst host 192. 168.1.1 and ( dst port 62283 or dst port 62284 or dst port 62285 or dst port 622 86 or dst port 62287)) We got a ping packet back from 192.168.1.254: id = 51200 seq = 0 checksum = 1433 5 Hostupdate called for machne 192.168.1.254 state UNKNOWN/COMBO -> HOST_UP (trynu m 0, dotimeadj: yes time: 3473) Finished block: srtt: 563 rttvar: 1126 timeout: 75000 block_tries: 1 up_this_blo ck: 1 down_this_block: 0 group_sz: 1 massping done: num_hosts: 1 num_responses: 1 Host fw.kalenda.nl (192.168.1.254) appears to be up ... good. Starting pos_scan Packet capture filter: (icmp and dst host 192.168.1.1) or (tcp and src host 192. 168.1.254 and dst host 192.168.1.1) Initiating SYN half-open stealth scan against fw.kalenda.nl (192.168.1.254) Adding TCP port 23 (state Open). Adding TCP port 80 (state Open). Done with round 0 The SYN scan took 3 seconds to scan 1035 ports. Wait time is 200 Packet capture filter: (icmp and dst host 192.168.1.1) or (tcp and src host 192. 168.1.254 and dst host 192.168.1.1) For OSScan assuming that port 23 is open and port 43257 is closed and neither ar e firewalled WARNING: RST from port 23 -- is this port really open? WARNING: RST from port 23 -- is this port really open? WARNING: RST from port 23 -- is this port really open? WARNING: RST from port 23 -- is this port really open? WARNING: RST from port 23 -- is this port really open? WARNING: RST from port 23 -- is this port really open? Insufficient responses for TCP sequencing (0), OS detection will be MUCH less re liable Wait time is 200 Packet capture filter: (icmp and dst host 192.168.1.1) or (tcp and src host 192. 168.1.254 and dst host 192.168.1.1) For OSScan assuming that port 23 is open and port 37124 is closed and neither ar e firewalled WARNING: RST from port 23 -- is this port really open? WARNING: RST from port 23 -- is this port really open? WARNING: RST from port 23 -- is this port really open? WARNING: RST from port 23 -- is this port really open? WARNING: RST from port 23 -- is this port really open? WARNING: RST from port 23 -- is this port really open? Insufficient responses for TCP sequencing (0), OS detection will be MUCH less re liable Wait time is 200 Packet capture filter: (icmp and dst host 192.168.1.1) or (tcp and src host 192. 168.1.254 and dst host 192.168.1.1) For OSScan assuming that port 23 is open and port 34347 is closed and neither ar e firewalled WARNING: RST from port 23 -- is this port really open? WARNING: RST from port 23 -- is this port really open? WARNING: RST from port 23 -- is this port really open? WARNING: RST from port 23 -- is this port really open? WARNING: RST from port 23 -- is this port really open? WARNING: RST from port 23 -- is this port really open? Insufficient responses for TCP sequencing (0), OS detection will be MUCH less re liable Interesting ports on fw.kalenda.nl (192.168.1.254): Port State Protocol Service 23 open tcp telnet 80 open tcp http No OS matches for this host. TCP fingerprints: T1(Resp=Y%DF=N%W=244%ACK=S++%Flags=AS%Ops=M) T2(Resp=Y%DF=N%W=0%ACK=S%Flags=AR%Ops=) T3(Resp=N) T4(Resp=Y%DF=N%W=0%ACK=S%Flags=AR%Ops=) T5(Resp=Y%DF=N%W=0%ACK=S++%Flags=AR%Ops=) T6(Resp=Y%DF=N%W=0%ACK=S%Flags=AR%Ops=) T7(Resp=Y%DF=N%W=0%ACK=S%Flags=AR%Ops=) PU(Resp=Y%DF=N%TOS=0%IPLEN=164%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E) Final times for host: srtt: 32724 rttvar: 11413 to: 78376 Nmap run completed -- 1 IP address (1 host up) scanned in 10 seconds [root@stuiver /root]# Groe10, s10 Speaking for myself, of course PGP Key ID 0D121CD9, created 1994/06/17
Current thread:
- Shiva fingerprint Sten Kalenda (Dec 16)