Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Question Regarding Passive Fingerprinting

From: Jay Fink <jay.fink () gmail com>
Date: Sun, 23 Aug 2009 14:09:44 -0400
Ron,

Thanks for the pointer - that answers the question precisely. It was
what I was thinking while I was drafting the email :)
that is that nmap isn't really designed for passive fingerprinting -
but there are plenty of other tools that are.

j


On Sun, Aug 23, 2009 at 2:06 PM, Ron<ron () skullsecurity net> wrote:

On 08/23/2009 01:03 PM, Jay Fink wrote:


Hello,

I have a question/suggestion regarding a capability I discussed with a
coworker recently. Essentially I was asked if something like this
sounded feasible:

   Have nmap run as a daemon which reads packets passively then
reports the service based on port/strings/payload/whatever...

Well - that is the short short version; my response was:

   I would think ncat would be where something like that would be
employed or nse; the steps might be instead of trying to do it all
live something more akin to perhaps session recording then post
processing (or processing in transit) the information.

My questions are really two:

 - does the nmap suite do this already?
 - and if not; was I even close to the mark? :)

Thanks,
    Jay


I can't answer your question well, but I can point you to this chapter in
the Nmap book, "Fingerprinting Methods avoided by Nmap". It talks about
fingerprinting methods that Nmap avoids and why, and it includes a section
on passive fingerprinting:

http://nmap.org/book/osdetect-other-methods.html

Ron

--
Ron Bowes
http://www.skullsecurity.org/



_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
Previous By Date Next
Previous By Thread Next

Current thread: