[Nottingham] Solaris 9 Ping Question
Michael Quaintance
penfoldq at penfoldq.co.uk
Wed May 4 13:37:04 BST 2005
Well if it is passive OS fingerprinting you are after, pf in OpenBSD and
nmap from insecure.org use various techniques and fallbacks to determine
the OS and if possible, the uptime, load balancing, etc without any active
packets.
nmap is easier to use for one-off testing and pf better for long-term
logging IMHO.
nmap can also be used for active OS fingerprinting using more reliable
means which also seem useful for what you are attempting.
It's a bit of a Black Hat tool but survives for its White Hat uses (like
yours).
-Penfold.
Roger Light said:
> On 5/4/05, Moses O'Hara <cczmoses at unix.ccc.nottingham.ac.uk> wrote:
>
>> My cunning plan works on the basis that the TCP/IP in Win98, WinNT and
>> Linux by default
>> each set a diffrent value for the TTL in the packet header (Win98 sets
>> 64, WinNT set 128,
>> Linux stuff 255 usually).
>
> This shows ttls:
>
> traceroute -l host
>
> Any use?
>
> Cheers,
>
> Roger
>
> _______________________________________________
> Nottingham mailing list
> Nottingham at mailman.lug.org.uk
> http://mailman.lug.org.uk/mailman/listinfo/nottingham
>
More information about the Nottingham
mailing list