Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Nmap Hackers: Finger Prints

Finger Prints

From: Michael Dodwell <mdodwell_at_vic.bigpond.net.au>
Date: Thu, 17 Dec 1998 12:00:41 -0800

Cisco 5300 terminal server:

TSeq(Class=RI%gcd=1%SI=3F0E)
TSeq(Class=RI%gcd=1%SI=2912)
TSeq(Class=RI%gcd=1%SI=15B6)
T1(Resp=Y%DF=N%W=1020%ACK=S++%Flags=AS%Ops=M)
T2(Resp=Y%DF=N%W=0%ACK=S%Flags=AR%Ops=)
T3(Resp=Y%DF=N%W=1020%ACK=S++%Flags=AS%Ops=M)
T4(Resp=Y%DF=N%W=0%ACK=O%Flags=R%Ops=)
T5(Resp=Y%DF=N%W=0%ACK=S++%Flags=AR%Ops=)
T6(Resp=Y%DF=N%W=0%ACK=O%Flags=R%Ops=)
T7(Resp=Y%DF=N%W=0%ACK=S%Flags=AR%Ops=)
PU(Resp=Y%DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)

Cisco 5260 terminal server:

TSeq(Class=RI%gcd=1%SI=1AB0)
TSeq(Class=RI%gcd=1%SI=267A)
TSeq(Class=RI%gcd=1%SI=5617)
T1(Resp=Y%DF=N%W=1020%ACK=S++%Flags=AS%Ops=M)
T2(Resp=Y%DF=N%W=0%ACK=S%Flags=AR%Ops=)
T3(Resp=Y%DF=N%W=1020%ACK=S++%Flags=AS%Ops=M)
T4(Resp=Y%DF=N%W=0%ACK=O%Flags=R%Ops=)
T5(Resp=Y%DF=N%W=0%ACK=S++%Flags=AR%Ops=)
T6(Resp=Y%DF=N%W=0%ACK=O%Flags=R%Ops=)
T7(Resp=Y%DF=N%W=0%ACK=S%Flags=AR%Ops=)
PU(Resp=Y%DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)

Remote Annex 4000 terminal server by Xylogics (tested on 2 different servers):

TSeq(Class=64K)
T1(Resp=Y%DF=N%W=1000%ACK=S++%Flags=AS%Ops=)
T2(Resp=N)
T3(Resp=Y%DF=N%W=1000%ACK=O%Flags=A%Ops=)
T4(Resp=Y%DF=N%W=1000%ACK=O%Flags=R%Ops=)
T5(Resp=Y%DF=N%W=0%ACK=S++%Flags=AR%Ops=)
T6(Resp=Y%DF=N%W=0%ACK=O%Flags=R%Ops=)
T7(Resp=Y%DF=N%W=0%ACK=S%Flags=AR%Ops=)
PU(Resp=Y%DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=F%RIPCK=0%UCK=0%ULEN=134%DAT=E)

AS5200:

TSeq(Class=RI%gcd=1%SI=5CCA)
TSeq(Class=RI%gcd=1%SI=308B)
TSeq(Class=RI%gcd=1%SI=4AD0)
T1(Resp=Y%DF=N%W=1020%ACK=S++%Flags=AS%Ops=M)
T2(Resp=Y%DF=N%W=0%ACK=S%Flags=AR%Ops=)
T3(Resp=Y%DF=N%W=1020%ACK=S++%Flags=AS%Ops=M)
T4(Resp=Y%DF=N%W=0%ACK=O%Flags=R%Ops=)
T5(Resp=Y%DF=N%W=0%ACK=S++%Flags=AR%Ops=)
T6(Resp=Y%DF=N%W=0%ACK=O%Flags=R%Ops=)
T7(Resp=Y%DF=N%W=0%ACK=S%Flags=AR%Ops=)
PU(Resp=Y%DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)

Also a "Cisco IOS 12.0(2)" is detected as a "Cisco IOS 11.3" (might want to
make it "Cisco IOS 11.3+") AND a catalyst 2924 switch is detected as a
"Cisco 25XX Router (IOS 11.2(5.1) or 11.2(13))".

Cheers,

Michael
Received on Dec 17 1998

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos