Home page logo
/

nmap-dev logo Nmap Development mailing list archives

Re: SinFP OS fingerprinting
From: David Fifield <david () bamsoftware com>
Date: Tue, 31 May 2011 10:13:27 -0700

On Tue, May 31, 2011 at 10:42:07AM -0500, DePriest, Jason R. wrote:
On Sat, May 28, 2011 at 8:32 AM, Brahim Sakka <> wrote:
Hi list,

Did anyone have a look at SinFP OS fingerprinter?
http://www.gomor.org/bin/view/Sinfp/DocOverview
It is claimed to "bypass Nmap limitations" and I don't like reading that
about Nmap :)

I'd love to test it out but I've been trying to get all of the
prerequisites installed via CPAN for about an hour now and I've come
up to one that won't install.

I am extremely curious to see how well it can ID an OS with just a
single three-way handshake.

It's actually three, not just one, TCP probes. They all go to the same
open port. The author has a point that this reduces the chance of
getting a mixed-up fingerprint when different ports for the same IP
address are handled by different machines. On the other hand, it loses
some discriminating power.

http://www.gomor.org/files/sinfp-jcv.pdf

When I tested it a little bit, its results were accurate but less
precise than Nmap's. For example, "2.6" is often all the information
available for a Linux version.

3|OSS|Linux|2.4.x|2.4.x|
4|OSS|Linux|2.6.x|2.6.x|
27|OSS|FreeBSD|6.1|6.x|BSD
61|Cisco|IOS|12.0|12.x|Router
125|HP|JetDirect|unknown|unknown|Printer

David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault