Re: forcing nmap to show the OS signature

[David Fifield <david () bamsoftware com>]

On Thu, Nov 01, 2007 at 01:29:19PM -0600, DePriest, Jason R. wrote:
> I am trying to dig up some of the systems with gen1 fingerprints but not gen2.
>
> I don't see a good way to force nmap to print out the fingerprint in a
> way that I can cut and past in to the submission form.

Nmap will print out the fingerprint with -vv or -d. But if it's not a
good fingerprint ("test conditions non-ideal") it won't be printed in
the condensed form accepted by the submitter.

> I get something like this
> (running nmap -sSU -O2 -T4 -vv <hostip>)
> Device type: WAP
> Running (JUST GUESSING) : D-Link embedded (86%), TRENDnet embedded (86%)
> OS fingerprint not ideal because: Missing a closed TCP port so results
> incomplete
> Aggressive OS guesses: D-Link DWL-624+ or TRENDnet TEW-432BRP wireless
> broadband router (86%)
> No exact OS matches for host (test conditions non-ideal).
> TCP/IP fingerprint by osscan system #2:
> SCAN(V=4.22SOC8%D=11/1%OT=22%CT=%CU=%PV=Y%G=N%TM=472A2712%P=i686-pc-linux-gnu)
> SEQ(SP=106%GCD=1%ISR=107%TI=I%II=I%SS=S%TS=U)
> SEQ(SP=105%GCD=1%ISR=107%TI=I%II=I%SS=S%TS=U)
> OPS(O1=M564%O2=M564%O3=M564%O4=M564%O5=M564%O6=M564)
> WIN(W1=1000%W2=1000%W3=1000%W4=1000%W5=1000%W6=1000)
> ECN(R=Y%DF=N%TG=40%W=1000%O=M564%CC=N%Q=)
> T1(R=Y%DF=N%TG=40%S=O%A=S+%F=AS%RD=0%Q=)
> T2(R=N)
> T3(R=N)
> T4(R=N)
> U1(R=N)
> IE(R=Y%DFI=N%TG=40%TOSI=Z%CD=S%SI=S%DLI=S)

Here no closed TCP port was found so you're discouraged from submitting
the fingerprint.

David Fifield

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org