Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Make fingerprint integration tools match the same way Nmap does #83

Open
dmiller-nmap opened this issue Mar 19, 2015 · 0 comments
Open

Make fingerprint integration tools match the same way Nmap does #83

dmiller-nmap opened this issue Mar 19, 2015 · 0 comments
Labels
enhancement Nmap

Comments

@dmiller-nmap
Copy link

The fingerprint integration tools in nmap-private-dev are used to match and compare user-submitted fingerprints to the reference prints in nmap-os-db. However, there are slight differences in how fingermatch handles duplicate tests and how Nmap would handle it, which cause unnecessary work for the reviewer.

For example, sometimes Nmap will do multiple OS detection attempts. When it does this and the results are different, it will print the output of the different attempts as duplicate probe lines. Duplicate SEQ lines are common. When such a fingerprint is handled by fingermatch, it only looks at the first such test. If that test is an anomaly, then fingermatch will not show a match, even if subsequent lines would exactly match an existing print.

Questions to be answered before attempting a fix:

  1. Under what conditions does Nmap do multiple OS detection attempts?
  2. How exactly does Nmap perform a match in that case?
  3. How can fingermatch best replicate this behavior?
  4. Will we lose valuable information about variance by doing this?
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement Nmap
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@dmiller-nmap