Nmap Development mailing list archives
Re: Question Regarding Passive Fingerprinting
From: "DePriest, Jason R." <jrdepriest () gmail com>
Date: Tue, 25 Aug 2009 00:49:01 -0500
Bill Stearns' passer.py tool does passive fingerprinting (http://www.stearns.org/passer/) on top of scapy. Among other things, it uses nmap's service fingerprint database. I believe it relies on p0f for OS detection. It also uses some files from arp-scan, wireshark, and ettercap. -Jason On Sun, Aug 23, 2009 at 1:09 PM, Jay Fink<> wrote:
Ron, Thanks for the pointer - that answers the question precisely. It was what I was thinking while I was drafting the email :) that is that nmap isn't really designed for passive fingerprinting - but there are plenty of other tools that are. j On Sun, Aug 23, 2009 at 2:06 PM, Ron<> wrote:On 08/23/2009 01:03 PM, Jay Fink wrote:Hello, I have a question/suggestion regarding a capability I discussed with a coworker recently. Essentially I was asked if something like this sounded feasible: Have nmap run as a daemon which reads packets passively then reports the service based on port/strings/payload/whatever... Well - that is the short short version; my response was: I would think ncat would be where something like that would be employed or nse; the steps might be instead of trying to do it all live something more akin to perhaps session recording then post processing (or processing in transit) the information. My questions are really two: - does the nmap suite do this already? - and if not; was I even close to the mark? :) Thanks, JayI can't answer your question well, but I can point you to this chapter in the Nmap book, "Fingerprinting Methods avoided by Nmap". It talks about fingerprinting methods that Nmap avoids and why, and it includes a section on passive fingerprinting: http://nmap.org/book/osdetect-other-methods.html Ron -- Ron Bowes http://www.skullsecurity.org/
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Question Regarding Passive Fingerprinting Jay Fink (Aug 23)
- Re: Question Regarding Passive Fingerprinting Ron (Aug 23)
- Re: Question Regarding Passive Fingerprinting Jay Fink (Aug 23)
- Re: Question Regarding Passive Fingerprinting DePriest, Jason R. (Aug 24)
- Re: Question Regarding Passive Fingerprinting Jay Fink (Aug 23)
- Re: Question Regarding Passive Fingerprinting Ron (Aug 23)