Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: nmap scan for Dual-OS system

From: magnus () linuxtag org (Nils Magnus)
Date: Fri, 21 Apr 2006 16:15:38 +0200
Re,

On Fri, Apr 21, 2006 at 04:10:33AM -0700, uday kumar kunta wrote:


  When we run nmap scan(OS scan) for a Dual-OS system,it should give only two OS details.But in my case it is showing 
comma separeted list of 3 operating systems.But I know that the system is dual-OS one, with Fedora and SuSe.Why it is 
showing like that?

[...]


Running: Linux 2.4.X|2.5.X|2.6.X
OS details: Linux 2.4.0 - 2.5.20, Linux 2.5.25 - 2.6.3 or Gentoo 1.2 Linux 2.4.19 rc1-rc7), Linux 2.6.3 - 2.6.8


Well, I suggest you read a little background information about how nmap
actually works (no offense implied), so these questions become easier to
answer even by yourself.

As a very short summary: The -O scan sends several probes and tries to
identify based on certain fields in the response packets which operating
system kernel is running (more precise: which TCP/IP stack). One major
approach is to watch for TCP-sequence numbers, which some TCP/IP-stack
assign "more randomly" than others (this is a drastic over-simplification).
There are other tests augmenting the heuristics.

Most TCP/IP-Stacks can be adjusted by the user (e. g. with mangling the
parameters in /proc/sys/net on Linux, with the ndd tools on Solaris and
probably with some occult registry hacking under Windows). If you do so,
you can more or less easily confuse nmap -O. So actually the -O scan
detects certain default settings which are built into specific kernels;
thus the output at "OS details".

As long as SuSE or Red Hat do not set very discriminating flags on their
network stacks (which they usually don't do to a large extend), the
distribution vendor cannot easily detected on this level.

Bannergrabbing might give you much better results in such a case.

In no way nmap or any other other network based tool is able to have a
look to your bootloader to decide if there are some other operating
systems also installed on your hard drive (that's what I usually call a
dual OS system).

HTH,

Regards,

Nils Magnus
Program-Chair LinuxTag 2006 Free Conference Program

LinuxTag 2006: Where .com meets .org - magnus () linuxtag org


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Previous By Date Next
Previous By Thread Next

Current thread: