Home page logo

nmap-dev logo Nmap Development mailing list archives

Re: OS fingerprints and virtualization
From: Fyodor <fyodor () insecure org>
Date: Thu, 15 Nov 2007 14:53:26 -0800

On Thu, Nov 15, 2007 at 09:30:40AM -0600, Thomas Buchanan wrote:
I've been doing some testing with 4.23RC1, specifically against guest
systems inside VMWare Workstation.  I've been prompted a couple of times
about submitting OS fingerprints, but I wondered if the virtualization
could have an impact on the fingerprinting process.  Could the VMWare
network driver alter the network packets such that the OS fingerprint is
changed?  What about virtual system under qemu, connected via tun/tap
drivers?  Has anybody compared OS network signatures from virtualized
systems to bare metal installations?  

Sorry about all the questions, but I'd rather not submit these
fingerprints if they don't accurately reflect the true OS network stack.

Hi Thomas.  Good question--it is important not to submit bogus
fingerprints.  But submitting targets running as a VMWare guest is
generally OK.  Qemu is probably OK too.  In both cases, please not the
situation in the comment box and be clear that the virtualized system
is the target.  If the source machine (the OS you are running Nmap on)
is a VMware guest or similar, that is worth noting too.


Sent through the nmap-dev mailing list
Archived at http://SecLists.Org

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]