Re: Need help on Wrong OS detection by Nmap 5.0

[Jaisankar <jsankr () gmail com>]

thanks for the replies,

         I used WiFi network and scanned the base OS (Vista) from the VMware
OS (Win 2k3) with firewall enabled and firewall disabled on Base OS.

      I used the same debugging flag in the nmap scan.
nmap -T4 -A -d -v -PE -PS22,25,80 -PA21,23,80,3389 192.168.1.2


  Still i receive the same OS detection as APPLE Mac OS X

Note: for security purpose, i changed my MAC address, domain name, machine
names into XX:XX, MyDomain, MachineName respectively.


regards,
Jaisankar.R  : )
Smile Always


On Thu, Dec 24, 2009 at 9:21 PM, David Fifield <david () bamsoftware com>wrote:

> On Thu, Dec 24, 2009 at 07:36:53AM +0530, Jaisankar wrote:
> >        This is my first email to you. I am new to Nmap tool, started
> > learning from your book "Nmap Network Scanning". Thanks for the great
> open
> > source tool.
> >          I have Windows Vista as base OS and installed VM ware 7.0 on it.
> I
> > installed Windows 2003 on VMware and bridged the network. On windows 2003
> VM
> > OS, i installed the newly downloaded Nmap 5.0 GUI version for windows. I
> > only set my IP address (192.168.1.2 - my base Vista OS) in the Target IP
> and
> > left the default intense  scan in the Profile. I got this strage OS
> > detection result which i have attached in this mail.
> >
> >            I am afraid, if Nmap couldnt find my local Base OS from its VM
> > ware OS. Instead of Vista OS, it is guessing the OS as Apple OS X 10.5.5
> > Leopard,
>
> I am the one who handles the OS database. I seem to remember recently
> that there was one fingerprint that someone had submitted as Windows
> Vista and someone else had submitted as Mac OS X, and it wasn't close
> enough to other fingerprints for me to make the call. So it is possible
> there is an error in the database.
>
> What you must do, is run your scan again, this time adding the "-d"
> option to the Command box. In other words,
>
> nmap -T4 -A -v -PE -PS22,25,80 -PA21,23,80,3389 192.168.1.2 -d
>
> That will print out a fingerprint that looks something like this:
>
> TCP/IP fingerprint:
> OS:SCAN(V=5.10BETA1%D=12/24%OT=22%CT=80%CU=%PV=N%G=N%TM=4B338D83%P=i686-pc-
> OS:linux-gnu)SEQ(SP=C1%GCD=1%ISR=C7%TI=Z%II=I%TS=A)OPS(O1=M5B4ST11NW7%O2=M5
> OS:B4ST11NW7%O3=M5B4NNT11NW7%O4=M5B4ST11NW7%O5=M5B4ST11NW7%O6=M5B4ST11)WIN(
> OS:W1=16A0%W2=16A0%W3=16A0%W4=16A0%W5=16A0%W6=16A0)ECN(R=Y%DF=Y%TG=40%W=16D
> OS:0%O=M5B4NNSNW7%CC=N%Q=)T1(R=Y%DF=Y%TG=40%S=O%A=S+%F=AS%RD=0%Q=)T2(R=N)T3
> OS:(R=N)T4(R=N)T5(R=Y%DF=Y%TG=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)T6(R=N)T7(R=N
> OS:)U1(R=N)IE(R=Y%DFI=N%TG=40%CD=S)
>
> Cut and paste the scan output into this web page, and follow the
> directions to make a correction.
>
> http://insecure.org/cgi-bin/submit.cgi?corr-os
>
> There's some more information on OS detection in chapter 8 of the book.
> This section deals with wrong OS guesses:
>
> http://nmap.org/book/osdetect-unidentified.html
>
> David Fifield

Attachment: with WiFi - Firweall enabled- Nmap Scan results.txt
Description:

Attachment: with WiFi- Firwall disabled - Nmap Scan results.txt
Description:

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/