problem with nmap

i've got suse 8.0 with the kernel 2.4.18 and nmap 3.28 (the problem
happens also with 3.27) . every time i use nmap with
-O i get os which are including my kernel. although the message is
different by nearly each box, it's every time including my os. even if
i know there's another os on that box.
i hope you can help me

On Thu, 26 Jun 2003 10:34:10 -0700, rene wrote:

> i've got suse 8.0 with the kernel 2.4.18 and nmap 3.28 (the problem
> happens also with 3.27) . every time i use nmap with
> -O i get os which are including my kernel. although the message is
> different by nearly each box, it's every time including my os. even if
> i know there's another os on that box.
> i hope you can help me

Could you restate this question? I apologize, but I am unable to make any
sense out of it.

In comp.os.linux.networking Eirik Seim <eirik@mi.uib.no> wrote:

> Strangely enough, I think I did.. If Nmap finds an OS fingerprint it does
> not recognize, it reacts with something like this:

> No exact OS matches for host (test conditions non-ideal).
> TCP/IP fingerprint:
> SInfo(V=3.00%P=i586-suse-linux%D=6/27%Time=3EFC1C88%O=22%C=-1)
> TSeq(Class=TR%IPID=RD%TS=2HZ)
[...]

It also states an email address to send the info to if one knows the OS of the target system. IMHO it's a good idea to do so, as it increases the usefulness of the nmap product.


tony




-----= Posted via Newsfeeds.Com, Uncensored Usenet News =-----
http://www.newsfeeds.com - The #1 Newsgroup Service in the World!
-----== Over 80,000 Newsgroups - 16 Different Servers! =-----

Paul Ehrenreich <madmanx@interniq.org> wrote in message news:<WiJKa.18566$Jw6.7563263@news1.news.adelphia. net>...
> rene wrote:
> > i've got suse 8.0 with the kernel 2.4.18 and nmap 3.28 (the problem
> > happens also with 3.27) . every time i use nmap with
> > -O i get os which are including my kernel. although the message is
> > different by nearly each box, it's every time including my os. even if
> > i know there's another os on that box.
> > i hope you can help me
>
> what is the exact command you are typing into the command line?

The exact command doesn't matter. while I use the os detection it's always the same

Eirik Seim <eirik@mi.uib.no> wrote in message news:<slrnbfo7kq.f9t.eirik@kain.mi.uib.no>...
> On Thu, 26 Jun 2003 13:55:32 -0500, Circuit Burnout wrote:
> > On Thu, 26 Jun 2003 10:34:10 -0700, rene wrote:
> >
> > > i've got suse 8.0 with the kernel 2.4.18 and nmap 3.28 (the problem
> > > happens also with 3.27) . every time i use nmap with
> > > -O i get os which are including my kernel. although the message is
> > > different by nearly each box, it's every time including my os. even if
> > > i know there's another os on that box.
> > > i hope you can help me
> >
> > Could you restate this question? I apologize, but I am unable to make any
> > sense out of it.
>
> Strangely enough, I think I did.. If Nmap finds an OS fingerprint it does
> not recognize, it reacts with something like this:
>
> No exact OS matches for host (test conditions non-ideal).
> TCP/IP fingerprint:
> SInfo(V=3.00%P=i586-suse-linux%D=6/27%Time=3EFC1C88%O=22%C=-1)
> TSeq(Class=TR%IPID=RD%TS=2HZ)
> T1(Resp=N)
> T1(Resp=Y%DF=Y%W=403D%ACK=S++%Flags=AS%Ops=MNWNNT)
> T2(Resp=N)
> T2(Resp=N)
> T3(Resp=N)
> T3(Resp=N)
> T4(Resp=Y%DF=Y%W=4000%ACK=O%Flags=R%Ops=)
> T4(Resp=Y%DF=Y%W=4000%ACK=O%Flags=R%Ops=)
> T5(Resp=N)
> T5(Resp=N)
> T6(Resp=N)
> T6(Resp=N)
> T7(Resp=N)
> T7(Resp=N)
> PU(Resp=Y%DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPC K=E%UCK=E%ULEN=134%DAT=E)
> PU(Resp=Y%DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPC K=E%UCK=E%ULEN=134%DAT=E)
>
> The SInfo line contains information about your _local_ system, and is
> supposed to do just that. Scanning from my OpenBSD box, I'd see this:
>
> SInfo(V=3.00%P=i386-unknown-openbsd3.3%D=6/27%Time=3EFC1D06%O=22%C=-1)
>
> and from FreeBSD, its
>
> SInfo(V=3.00%P=i386-portbld-freebsd4.7%D=6/27%Time=3EFC1EA1%O=22%C=-1)
>
> This is perfectly normal.
>
>
> - Eirik

yeah, but my output looks like this:

Remote operating system guess: Linux kernel 2.4.18 - 2.4.20 (X86)
(!!!)
OS Fingerprint:
TSeq(Class=RI%gcd=1%SI=169B5A%IPID=Z%TS=100HZ)
T1(Resp=Y%DF=Y%W=16A0%ACK=S++%Flags=AS%Ops=MNNTNW)
T2(Resp=Y%DF=Y%W=0%ACK=S%Flags=AR%Ops=)
T3(Resp=Y%DF=Y%W=16A0%ACK=S++%Flags=AS%Ops=MNNTNW)
T4(Resp=Y%DF=Y%W=0%ACK=O%Flags=R%Ops=)
T5(Resp=Y%DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
T6(Resp=Y%DF=Y%W=0%ACK=O%Flags=R%Ops=)
T7(Resp=Y%DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
PU(Resp=Y%DF=N%TOS=C0%IPLEN=164%RIPTL=148%RID=E%RI PCK=E%UCK=E%ULEN=134%DAT=E)

but on another box i've used the cammand line nmap for windows (the
same version as on my box) and this box give the exact output( for the
box, above mentioned).

and I realized that there are many boxes, i gon't get the os, but on
that windows box i get the os. when this happens, nearly the same
output as you mentioned appears.