Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Uptime estimates and TCP timestamp offsets

From: David Fifield <david () bamsoftware com>
Date: Mon, 18 Aug 2008 20:37:20 -0600
On Mon, Aug 18, 2008 at 08:30:52PM -0600, David Fifield wrote:

On Mon, Aug 18, 2008 at 09:44:33PM -0400, Dario Ciccarone (dciccaro) wrote:

Fyodor asked me to look into why Nmap's estimate of uptime is 
way off on
some operating systems. For instance he told me that 
scanme.nmap.org has
been up for 147 days but Nmap reports its uptime as 47 days. 
Apart from
being inaccurate the uptime otherwise increases normally, i.e., it
increases by one day each day. This has been observed on Linux and Mac
OS X.


That's funny - this interested me, so I scanned it too - and I'm getting
6.613 days as uptime. How did you test? What was your host OS? Was your
host directly connected to the Internet or going thru a NAT/PAT device? 


Fyodor and I got the same numbers for scanme. I'm scanning through a
little NAT DSL modem. However, now that you mention it, I tried scanning
from a host that is directly connected with an Internet-routable IP, and
I get the same

      Uptime: 47.570 days (since Wed Jul  2 06:47:25 2008)


Sorry, I realized I didn't answer your other questions. The OS is Linux
2.6.20.1. I tested with "nmap -O -d target". You need the -d to get Nmap
to print the presumed uptime if it would otherwise omit it for being too
big.

David Fifield

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
Previous By Date Next
Previous By Thread Next

Current thread: