mailing list archives
Re: Nmap 5.61TEST2 IPv6 OS Detection (Cherry Soeprapto)
From: Cherry Soeprapto <cierish () yahoo com>
Date: Wed, 14 Dec 2011 07:11:52 -0800 (PST)
I use an IPv6 router at lab and tunnels at home and it works perfectly.
Now, I'm trying to understand the TCP/IP - fingerprinting's result (through IPv6).
I read about the sample fingerprint and feature vector from the Mr. David Fifield here:
I tried to decode that fingerprinting: ( ? means that I'm not sure)
6 | 00 | 00 000 | 0028 | 06 | 40
version=6 | tc | fl | plen=40 | nh=TCP | hlim=64
src xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx | dest xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx
0035 | cd12
src port? | dest port?
81fe beb5|b254 856e
seq. Nr. | ACK Nr.
1010 | 0000 | 0001 0010
data offset | reserved | CEUA PRSF
TCP window = 32728
0030 | 0000
chksum? | urgptr?
02 | 04 | 3ff8
kind=2 | length=4 | MSS=16376
04 | ...
sack ok? | ... ??
How about the rest of it? (TCP_OPT, _OPTLEN, _Wscale)
I would really appreciate that, if someone could explain it or give the link about that.
A simple explanation about the one-dimensional feature vector and LIBLINEAR would be most acceptable :)
Sent through the nmap-dev mailing list
Archived at http://seclists.org/nmap-dev/