Nmap Development mailing list archives
Re: Need help on Wrong OS detection by Nmap 5.0
From: Jaisankar <jsankr () gmail com>
Date: Thu, 24 Dec 2009 21:35:55 +0530
thanks for the replies, I used WiFi network and scanned the base OS (Vista) from the VMware OS (Win 2k3) with firewall enabled and firewall disabled on Base OS. I used the same debugging flag in the nmap scan. nmap -T4 -A -d -v -PE -PS22,25,80 -PA21,23,80,3389 192.168.1.2 Still i receive the same OS detection as APPLE Mac OS X Note: for security purpose, i changed my MAC address, domain name, machine names into XX:XX, MyDomain, MachineName respectively. regards, Jaisankar.R : ) Smile Always On Thu, Dec 24, 2009 at 9:21 PM, David Fifield <david () bamsoftware com>wrote:
On Thu, Dec 24, 2009 at 07:36:53AM +0530, Jaisankar wrote:This is my first email to you. I am new to Nmap tool, started learning from your book "Nmap Network Scanning". Thanks for the greatopensource tool. I have Windows Vista as base OS and installed VM ware 7.0 on it.Iinstalled Windows 2003 on VMware and bridged the network. On windows 2003VMOS, i installed the newly downloaded Nmap 5.0 GUI version for windows. I only set my IP address (192.168.1.2 - my base Vista OS) in the Target IPandleft the default intense scan in the Profile. I got this strage OS detection result which i have attached in this mail. I am afraid, if Nmap couldnt find my local Base OS from its VM ware OS. Instead of Vista OS, it is guessing the OS as Apple OS X 10.5.5 Leopard,I am the one who handles the OS database. I seem to remember recently that there was one fingerprint that someone had submitted as Windows Vista and someone else had submitted as Mac OS X, and it wasn't close enough to other fingerprints for me to make the call. So it is possible there is an error in the database. What you must do, is run your scan again, this time adding the "-d" option to the Command box. In other words, nmap -T4 -A -v -PE -PS22,25,80 -PA21,23,80,3389 192.168.1.2 -d That will print out a fingerprint that looks something like this: TCP/IP fingerprint: OS:SCAN(V=5.10BETA1%D=12/24%OT=22%CT=80%CU=%PV=N%G=N%TM=4B338D83%P=i686-pc- OS:linux-gnu)SEQ(SP=C1%GCD=1%ISR=C7%TI=Z%II=I%TS=A)OPS(O1=M5B4ST11NW7%O2=M5 OS:B4ST11NW7%O3=M5B4NNT11NW7%O4=M5B4ST11NW7%O5=M5B4ST11NW7%O6=M5B4ST11)WIN( OS:W1=16A0%W2=16A0%W3=16A0%W4=16A0%W5=16A0%W6=16A0)ECN(R=Y%DF=Y%TG=40%W=16D OS:0%O=M5B4NNSNW7%CC=N%Q=)T1(R=Y%DF=Y%TG=40%S=O%A=S+%F=AS%RD=0%Q=)T2(R=N)T3 OS:(R=N)T4(R=N)T5(R=Y%DF=Y%TG=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)T6(R=N)T7(R=N OS:)U1(R=N)IE(R=Y%DFI=N%TG=40%CD=S) Cut and paste the scan output into this web page, and follow the directions to make a correction. http://insecure.org/cgi-bin/submit.cgi?corr-os There's some more information on OS detection in chapter 8 of the book. This section deals with wrong OS guesses: http://nmap.org/book/osdetect-unidentified.html David Fifield
Attachment:
with WiFi - Firweall enabled- Nmap Scan results.txt
Description:
Attachment:
with WiFi- Firwall disabled - Nmap Scan results.txt
Description:
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Need help on Wrong OS detection by Nmap 5.0 Jaisankar (Dec 24)
- RE: Need help on Wrong OS detection by Nmap 5.0 Rob Nicholls (Dec 24)
- Re: Need help on Wrong OS detection by Nmap 5.0 David Fifield (Dec 24)
- Re: Need help on Wrong OS detection by Nmap 5.0 Jaisankar (Dec 24)
- Re: Need help on Wrong OS detection by Nmap 5.0 Jaisankar (Dec 29)
- Re: Need help on Wrong OS detection by Nmap 5.0 Jaisankar (Dec 24)