Nmap Development mailing list archives
Re: nmap scan for Dual-OS system
From: magnus () linuxtag org (Nils Magnus)
Date: Fri, 21 Apr 2006 16:15:38 +0200
Re, On Fri, Apr 21, 2006 at 04:10:33AM -0700, uday kumar kunta wrote:
When we run nmap scan(OS scan) for a Dual-OS system,it should give only two OS details.But in my case it is showing comma separeted list of 3 operating systems.But I know that the system is dual-OS one, with Fedora and SuSe.Why it is showing like that?
[...]
Running: Linux 2.4.X|2.5.X|2.6.X OS details: Linux 2.4.0 - 2.5.20, Linux 2.5.25 - 2.6.3 or Gentoo 1.2 Linux 2.4.19 rc1-rc7), Linux 2.6.3 - 2.6.8
Well, I suggest you read a little background information about how nmap actually works (no offense implied), so these questions become easier to answer even by yourself. As a very short summary: The -O scan sends several probes and tries to identify based on certain fields in the response packets which operating system kernel is running (more precise: which TCP/IP stack). One major approach is to watch for TCP-sequence numbers, which some TCP/IP-stack assign "more randomly" than others (this is a drastic over-simplification). There are other tests augmenting the heuristics. Most TCP/IP-Stacks can be adjusted by the user (e. g. with mangling the parameters in /proc/sys/net on Linux, with the ndd tools on Solaris and probably with some occult registry hacking under Windows). If you do so, you can more or less easily confuse nmap -O. So actually the -O scan detects certain default settings which are built into specific kernels; thus the output at "OS details". As long as SuSE or Red Hat do not set very discriminating flags on their network stacks (which they usually don't do to a large extend), the distribution vendor cannot easily detected on this level. Bannergrabbing might give you much better results in such a case. In no way nmap or any other other network based tool is able to have a look to your bootloader to decide if there are some other operating systems also installed on your hard drive (that's what I usually call a dual OS system). HTH, Regards, Nils Magnus Program-Chair LinuxTag 2006 Free Conference Program LinuxTag 2006: Where .com meets .org - magnus () linuxtag org _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev
Current thread:
- nmap scan for Dual-OS system uday kumar kunta (Apr 21)
- Re: nmap scan for Dual-OS system Nils Magnus (Apr 21)