[Nottingham] Solaris 9 Ping Question
Teh Gooroo
tehgooroo at gmail.com
Wed May 4 13:43:06 BST 2005
Im not sure if this has changed, but nmap actually uses p0f to do its
fingerprinting... For your application it might just be easier to use
it directly - it is Passive-0f
J
On 5/4/05, Michael Quaintance <penfoldq at penfoldq.co.uk> wrote:
>
> Well if it is passive OS fingerprinting you are after, pf in OpenBSD and
> nmap from insecure.org use various techniques and fallbacks to determine
> the OS and if possible, the uptime, load balancing, etc without any active
> packets.
>
> nmap is easier to use for one-off testing and pf better for long-term
> logging IMHO.
>
> nmap can also be used for active OS fingerprinting using more reliable
> means which also seem useful for what you are attempting.
>
> It's a bit of a Black Hat tool but survives for its White Hat uses (like
> yours).
>
> -Penfold.
>
> Roger Light said:
> > On 5/4/05, Moses O'Hara <cczmoses at unix.ccc.nottingham.ac.uk> wrote:
> >
> >> My cunning plan works on the basis that the TCP/IP in Win98, WinNT and
> >> Linux by default
> >> each set a diffrent value for the TTL in the packet header (Win98 sets
> >> 64, WinNT set 128,
> >> Linux stuff 255 usually).
> >
> > This shows ttls:
> >
> > traceroute -l host
> >
> > Any use?
> >
> > Cheers,
> >
> > Roger
> >
> > _______________________________________________
> > Nottingham mailing list
> > Nottingham at mailman.lug.org.uk
> > http://mailman.lug.org.uk/mailman/listinfo/nottingham
> >
>
> _______________________________________________
> Nottingham mailing list
> Nottingham at mailman.lug.org.uk
> http://mailman.lug.org.uk/mailman/listinfo/nottingham
>
--
Brain(s): 0.0% user, 1.3% system, 0.1% nice, 98.6% idle
More information about the Nottingham
mailing list