|
Nmap Development
mailing list archives
OS Fingerprinting Problem
From: "net2004eng () yahoo com" <net2004eng () yahoo com>
Date: Tue, 2 Sep 2008 12:48:29 -0700 (PDT)
Hello Everyone,
Recently a number of co-workers and I were in the process of attempting to identify a "Linksys BEFSR41 Firmware
Version: 1.46.02, Aug 03 2004" device using 2 different versions of nmap. I was using nmap version: Nmap 4.62 while a
co-worker was using Nmap 4.20. The device was properly identified by running 4.20, but was unable to be identified
while running 4.62. After performing a diff on both files, I noticed the following difference:
Scan ran: "nmap -vA x.x.x.x"
4.20:
SEQ(SP=F-16%GCD=A|14|1E|28|32|3C%ISR=4F-51%TI=I%II=I%SS=S%TS=U)
4.62:
SEQ(SP=F-16%GCD=A|14|1E|28|32|3C%ISR=4D-51%TI=I%II=I%SS=S%TS=U)
The only difference here is for "%ISR=4F-51" to "%ISR=4D-51"
I understand that the ISR accounts for the average rate of increase for the returned TCP initial sequence number. I
wanted to know what can be done to get this included into the next update to nmap. The device that was scanned is
accurately detected as the Linksys BEFSR41 Firmware Version: 1.46.02, Aug 03 2003 device.
I plan on researching this more later, and will post any findings. If a packet trace is desired, I can post a scrubbed
trace for that as well.
Comments, input, and questions are welcome.
Thanks,
Matt
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
 By Date 
By Thread
Current thread:
- OS Fingerprinting Problem net2004eng () yahoo com (Sep 02)
|
Intro
