Nmap Development mailing list archives
Re: ICMPV6_TYPE and ICMPV6_CODE features for IPv6 OS detection
From: Alexandru Geana <alex () alegen net>
Date: Thu, 20 Aug 2015 21:10:12 +0200
Hello David and list, After some additional testing and discussion on IRC, it was decided to add these features to the classification engine. Attached I am sending patches for the required code in nmap to make use of the features during fingerprinting. Best regards, Alexandru Geana alegen.net On 06/12, David Fifield wrote:
Here's a patch that adds support for ICMPV6_TYPE and ICMPV6_CODE features (only in the Python-based training programs, not yet in FPEngine.cc). At the end of this message is a summary of the values of the features in our current OS database. -- means there was no response. You can see some interesting trends. For one, all OSes that reply to IE1 do so with a type of 129 (echo reply), but some reflect the probes code of 9 and some always send a code of 0. Everyone dislikes the IE2 probe and replies with a type of 4 (parameter problem), but some send a code of 0 (erroneous header field), some send 1 (unrecognized Next Header type), and two versions of OpenBSD send 2 (unrecognized IPv6 option). Many OSes respond to the NI probe with type 140 (NI reply), but many versions of Windows send back a type 4 (parameter problem). The responses to NS are uniformly type 136 (neighbor advertisement) with code 0. I tried training with and without these features and they seem to have no effect on accuracy. I'm guessing it's because our existing features are already
Attachment:
FPEngine.cc.diff
Description:
Attachment:
signature.asc
Description: Digital signature
_______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Re: ICMPV6_TYPE and ICMPV6_CODE features for IPv6 OS detection Alexandru Geana (Aug 20)