Nmap Development mailing list archives
Re: Host Details from scan suggestion
From: David Fifield <david () bamsoftware com>
Date: Thu, 4 Feb 2016 09:33:25 -0800
On Wed, Feb 03, 2016 at 03:42:51PM -0500, Ben Stine wrote:
Hello, I just ran a scan on an IP. The Host Detail tab shows Operation System: Linux 2.6.32 with Accuracy: 97% I had to let you know the computer is a Windows server. The scan did get the ports 80 and 443 correct for Microsoft IIS version 7.5 So, I am uncertain of the logic the scan uses to determine IIS version coupled with Linux as the operating system. Just a suggestion that when IIS is found to be the web server, the OS should fall in to the Microsoft Windows vendor family.
The application-layer OS detection is separate from the TCP/IP-layer OS detection, and in most cases that's the way you want it, because they can be different. Please see: https://nmap.org/book/osdetect-other-methods.html#osdetect-openports A machine which appears to be running Microsoft IIS might be a Unix firewall simply forwarding port 80 to a Windows machine... By keeping the OS detection results discovered by OS detection and version detection separate, Nmap can gracefully handle a Checkpoint firewall which uses TCP port forwarding to a Windows web server. The stack fingerprinting results should be “Checkpoint Firewall-1” while version detection should suggest that the OS is Windows. You should have separate lines in your scan output: OS details: Linux 2.6.32 Service Info: OS: Windows On the other hand, it's possible that there's an erroneous fingerprint in the database. In any case, we'd like to have the fingerprint for the 97% match so we can see what is causing it not to match 100%. For that, see https://nmap.org/cgi-bin/submit.cgi?corr-service _______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Host Details from scan suggestion Ben Stine (Feb 04)
- Re: Host Details from scan suggestion David Fifield (Feb 04)