mailing list archives
Re: SinFP OS fingerprinting
From: David Fifield <david () bamsoftware com>
Date: Tue, 31 May 2011 10:13:27 -0700
On Tue, May 31, 2011 at 10:42:07AM -0500, DePriest, Jason R. wrote:
On Sat, May 28, 2011 at 8:32 AM, Brahim Sakka <> wrote:
Did anyone have a look at SinFP OS fingerprinter?
It is claimed to "bypass Nmap limitations" and I don't like reading that
about Nmap :)
I'd love to test it out but I've been trying to get all of the
prerequisites installed via CPAN for about an hour now and I've come
up to one that won't install.
I am extremely curious to see how well it can ID an OS with just a
single three-way handshake.
It's actually three, not just one, TCP probes. They all go to the same
open port. The author has a point that this reduces the chance of
getting a mixed-up fingerprint when different ports for the same IP
address are handled by different machines. On the other hand, it loses
some discriminating power.
When I tested it a little bit, its results were accurate but less
precise than Nmap's. For example, "2.6" is often all the information
available for a Linux version.
Sent through the nmap-dev mailing list
Archived at http://seclists.org/nmap-dev/