Home page logo
/

nmap-dev logo Nmap Development mailing list archives

Re: Why does OS fingerprinting happen before Application Fingerprinting
From: Fyodor <fyodor () insecure org>
Date: Fri, 5 Mar 2004 21:08:07 -0800

On Sun, Feb 15, 2004 at 09:27:06PM -0800, alan donald wrote:
I just ran a few scans with the OS probe and Version
probe check boxes checked. It appeared that the OS
detection is being done before the Version  detection.
Why is this so?  Is it some performance issue or is it
using this information in some way.

Or is this just random and the 2 types (OS vs Version)
of probes can be sent one before the other or vice
versa.

Neither of those scan types are dependant on the other, so the order
shouldn't matter.  But OS detection actually comes _after_ service
scan.  You can see the order with the -v option:

# nmap -v -A localhost

Starting nmap 3.50 ( http://www.insecure.org/nmap/ ) at 2004-03-05 21:05 PST
Host felix (127.0.0.1) appears to be up ... good.
Initiating SYN Stealth Scan against felix (127.0.0.1) at 21:05
[...]
The SYN Stealth Scan took 3 seconds to scan 1659 ports.
Initiating service scan against 8 services on 1 host at 21:05
The service scan took 5 seconds to scan 8 services on 1 host.
Initiating RPCGrind Scan against felix (127.0.0.1) at 21:05
The RPCGrind Scan took 0 seconds to scan 1 ports.
For OSScan assuming that port 22 is open and port 1 is closed and neither are firewalled

Cheers,
-Fyodor

---------------------------------------------------------------------
For help using this (nmap-dev) mailing list, send a blank email to 
nmap-dev-help () insecure org . List archive: http://seclists.org



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]