Re: Protocol scan with nmap

[Fyodor <fyodor () insecure org>]

On Sun, 28 May 2000, Gerhard Rieger - privat wrote:

> of the IP portocol field, as used for selecting ICMP, TCP, UDP etc. For a year
> now I had a perl "proof of concept" implementation; recently I decided to build
> this feature into nmap. The result is now finished; I am sending the patch to
> Fyodor in the hope that he will accept it for nmap.

That sounds like an extremely cool patch!  I probably will add it to Nmap.  
When you send it to me, CC the list so they can look it over and try it
out.  Hopefully they will send any problems or suggestions to you and I.

> which is obviously wrong; Fyodor, nmap does not seem to recognize both
> OS fingerprints :-(

It does for me:

amy~#nmap -O -sS 216.218.218.233
[ . . . ]
Remote operating system guess: Solaris 2.6 - 2.7

amy~#nmap -O -sS 207.69.138.68
[ . . . ]
Remote operating system guess: FreeBSD 2.2.1 - 4.0

You aren't scanning through a some sort of NAT or IP masquerading device,
are you?  Those can corrupt the fingerprints.  If you have a real IP
address with no strange network obstructions between you and the
www.insecure.org machines, run nmap with -d and send me the fingerprints
it produces.

Cheers,
Fyodor



--
Fyodor                            'finger pgp () pgp insecure org | pgp -fka'
Frustrated by firewalls?          Try nmap: http://www.insecure.org/nmap/
"The percentage of users running Windows NT Workstation 4.0 whose PCs
 stopped working more than once a month was less than half that of Windows 
 95 users."-- microsoft.com/ntworkstation/overview/Reliability/Highest.asp