Home page logo
/

nmap-dev logo Nmap Development mailing list archives

Re: Nmap 5.61TEST2 IPv6 OS Detection (Cherry Soeprapto)
From: David Fifield <david () bamsoftware com>
Date: Thu, 15 Dec 2011 19:09:12 -0800

On Wed, Dec 14, 2011 at 07:11:52AM -0800, Cherry Soeprapto wrote:
I use an IPv6 router at lab and tunnels at home and it works perfectly.

Now, I'm trying to understand the TCP/IP - fingerprinting's result (through IPv6).
I read about the sample fingerprint and feature vector from the Mr. David Fifield here:
http://www.bamsoftware.com/talks/seclunch-os6/sample-fp.txt

I tried to decode that fingerprinting: ( ? means that I'm not sure)

The fingerprints aren't meant to be parsed visually. I always use a tool
to do it.

$ svn co https://svn.nmap.org/nmap-exp/luis/ipv6tests
$ cd ipv6tests

Read the README to build the local liblinear. Then copy and paste the
fingerprint into this command:

$ ./nmap26fp.py | ./vectorize.py -s nmap.set

That will print out a list of features, which is the same as Nmap's
internal representation, which also correspond to the columns of the big
table in FPModel.cc.

If you look in vectorize.py, you can see how the packets are loaded and
you can print out different information.

A simple explanation about the one-dimensional feature vector and LIBLINEAR would be most acceptable :)

You should read

http://nmap.org/book/osdetect-ipv6-methods.html
http://nmap.org/book/osdetect-fingerprint-format.html

If you get unidentified or incorrect results, please submit the
fingerprints at http://nmap.org/submit/.

David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]