Nmap Development mailing list archives
Re: Question Regarding Passive Fingerprinting
From: Ron <ron () skullsecurity net>
Date: Sun, 23 Aug 2009 13:06:29 -0500
On 08/23/2009 01:03 PM, Jay Fink wrote:
Hello,
I have a question/suggestion regarding a capability I discussed with a
coworker recently. Essentially I was asked if something like this
sounded feasible:
Have nmap run as a daemon which reads packets passively then
reports the service based on port/strings/payload/whatever...
Well - that is the short short version; my response was:
I would think ncat would be where something like that would be
employed or nse; the steps might be instead of trying to do it all
live something more akin to perhaps session recording then post
processing (or processing in transit) the information.
My questions are really two:
- does the nmap suite do this already?
- and if not; was I even close to the mark? :)
Thanks,
Jay
I can't answer your question well, but I can point you to this chapter in the Nmap book, "Fingerprinting Methods avoided by Nmap". It talks about fingerprinting methods that Nmap avoids and why, and it includes a section on passive fingerprinting:
http://nmap.org/book/osdetect-other-methods.html Ron -- Ron Bowes http://www.skullsecurity.org/ _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Question Regarding Passive Fingerprinting Jay Fink (Aug 23)
- Re: Question Regarding Passive Fingerprinting Ron (Aug 23)
- Re: Question Regarding Passive Fingerprinting Jay Fink (Aug 23)
- Re: Question Regarding Passive Fingerprinting DePriest, Jason R. (Aug 24)
- Re: Question Regarding Passive Fingerprinting Jay Fink (Aug 23)
- Re: Question Regarding Passive Fingerprinting Ron (Aug 23)