Nmap Development mailing list archives
Re: OS fingerprint extraction quality when scanning a large number of machines
From: "Giorgio Zoppi" <giorgio.zoppi () gmail com>
Date: Thu, 18 Dec 2008 18:21:53 +0100
2008/12/17 Michael Head <mrhead () us ibm com>:
Greetings, and apologies if the format of my email is imperfect,
I've been using nmap to collect information for internal asset discovery and verification processes. I'm using the OS detection, service scan, and full complement of service probes, and I'm finding that the quality of OS fingerprints achievable diminishes substantially when I scan more than a few hosts (from any of several Windows (XP, 2003) installations). When I scan each host individually with a single call to nmap, those same target systems return much improved fingerprints.
For example, here are two fingerprints of the same target taken from the same machine, the first is taken when nmap was asked to scan the entire subnet, the second was taken when nmap was asked to scan just the host on its own:
You gave me an idea with this mail. Do you think that if there's some machine learning way to relate differents fingerprints? In order to predict fingerprints, Nmap could actively learn from previous scans and give more accurate results to its end users, is that feasible? -- Quiero ser el rayo de sol que cada día te despierta para hacerte respirar y vivir en me. "Favola -Moda". _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Re: OS fingerprint extraction quality when scanning a large number of machines, (continued)
- Re: OS fingerprint extraction quality when scanning a large number of machines Michael Head (Dec 17)
- Re: OS fingerprint extraction quality when scanning a large number of machines David Fifield (Dec 17)
- Re: OS fingerprint extraction quality when scanning a large number of machines Michael Head (Dec 18)
- Re: OS fingerprint extraction quality when scanning a large number of machines Rob Nicholls (Dec 18)
- Re: OS fingerprint extraction quality when scanning a large number of machines David Fifield (Dec 18)
- Re: OS fingerprint extraction quality when scanning a large number of machines Rob Nicholls (Dec 18)
- Re: OS fingerprint extraction quality when scanning a large number of machines Brandon Enright (Dec 18)
- Re: OS fingerprint extraction quality when scanning a large number of machines David Fifield (Dec 18)
- Re: OS fingerprint extraction quality when scanning a large number of machines Brandon Enright (Dec 18)
- Re: OS fingerprint extraction quality when scanning a large number of machines David Fifield (Dec 18)
- Re: OS fingerprint extraction quality when scanning a large number of machines Michael Head (Dec 18)
- Re: OS fingerprint extraction quality when scanning a large number of machines Brandon Enright (Dec 18)
- Re: OS fingerprint extraction quality -- solved in r11437 Rob Nicholls (Dec 19)
- Re: OS fingerprint extraction quality -- solved in r11437 Rob Nicholls (Dec 20)
- Re: OS fingerprint extraction quality -- solved in r11437 Michael Head (Dec 19)