From 1308928e2913036ebdc2647dc5e16a80c46025c9 Mon Sep 17 00:00:00 2001 From: fyodor Date: Fri, 8 Dec 2006 03:01:08 +0000 Subject: [PATCH] Nmap 4.20, woohoo --- CHANGELOG | 17 ++ FingerPrintResults.cc | 2 +- Makefile.in | 2 +- docs/nmap.1 | 2 +- docs/nmap.usage.txt | 2 +- nmap-os-db | 622 +++++++++++++++++++++--------------------- nmap-os-fingerprints | 2 +- nmap_winconfig.h | 2 +- osscan.cc | 6 +- osscan2.cc | 45 ++- output.cc | 2 +- tcpip.cc | 15 +- 12 files changed, 380 insertions(+), 339 deletions(-) diff --git a/CHANGELOG b/CHANGELOG index 2665c2798..2c220a39a 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,4 +1,21 @@ # Nmap Changelog ($Id$); -*-text-*- +4.20 + +o Fixed a segmentation fault in the new OS detection system + which was reported by Craig Humphrey and Sebastian Garcia. + +o Integrated the latest OS fingerprint submissions. The DB size has + grown to 231 fingerprints. Please keep them coming! New fingerprints + include Mac OS X Server 10.5 pre-release, NetBSD 4.99.4, Windows NT, + and much more. + +o Fixed a TCP sequence prediction difficulty indicator bug. The index + is supposed to go from 0 ("trivial joke") to about 260 (OpenBSD). + But some systems generated ISNs so insecurely, that Nmap went + berserk and reported a negative difficulty index. This generally + only affects some printers, crappy consumer devices, and Microsoft + Windows (old versions). Thanks to Sebastian Garcia for helping me + track down the problem. 4.20RC2 diff --git a/FingerPrintResults.cc b/FingerPrintResults.cc index ba09cdab4..d895c2ac5 100644 --- a/FingerPrintResults.cc +++ b/FingerPrintResults.cc @@ -177,7 +177,7 @@ const char *FingerPrintResults::OmitSubmissionFP() { because this OS doesn't respond to that sort of probe. So we don't print FP if U1 response is lacking AND no UDP scan was performed. */ - return "Didn't receive UDP response. Please try again with -sU"; + return "Didn't receive UDP response. Please try again with -sSU"; } return NULL; diff --git a/Makefile.in b/Makefile.in index e7f681d0c..4d90cfe8c 100644 --- a/Makefile.in +++ b/Makefile.in @@ -1,4 +1,4 @@ -export NMAP_VERSION = 4.20RC2 +export NMAP_VERSION = 4.20 NMAP_NAME= Nmap NMAP_URL= http://insecure.org NMAP_PLATFORM=@host@ diff --git a/docs/nmap.1 b/docs/nmap.1 index 85d996f3c..1f16fec51 100644 --- a/docs/nmap.1 +++ b/docs/nmap.1 @@ -2,7 +2,7 @@ .\" It was generated using the DocBook XSL Stylesheets (version 1.69.1). .\" Instead of manually editing it, you probably should edit the DocBook XML .\" source for it and then use the DocBook XSL Stylesheets to regenerate it. -.TH "NMAP" "1" "12/02/2006" "" "Nmap Reference Guide" +.TH "NMAP" "1" "12/04/2006" "" "Nmap Reference Guide" .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) diff --git a/docs/nmap.usage.txt b/docs/nmap.usage.txt index d22eb89af..d1165af15 100644 --- a/docs/nmap.usage.txt +++ b/docs/nmap.usage.txt @@ -1,4 +1,4 @@ -Nmap 4.20RC2 ( http://insecure.org ) +Nmap 4.20RC3 ( http://insecure.org ) Usage: nmap [Scan Type(s)] [Options] {target specification} TARGET SPECIFICATION: Can pass hostnames, IP addresses, networks, etc. diff --git a/nmap-os-db b/nmap-os-db index 8605e8551..8606c7999 100644 --- a/nmap-os-db +++ b/nmap-os-db @@ -45,6 +45,23 @@ T7(R=80%DF=20%T=15%TG=15%W=25%S=20%A=20%F=30%O=10%RD=20%Q=20) U1(R=50%DF=20%T=15%TG=15%TOS=100%IPL=100%UN=100%RIPL=100%RID=100%RIPCK=100%RUCK=100%RUL=100%RUD=100) IE(R=50%DFI=40%T=15%TG=15%TOSI=100%CD=100%SI=100%DLI=100) +# 2wire wireless Broadband router version 3.5.55 +Fingerprint 2wire wireless broadband router version 3.5.55 +Class 2Wire | embedded || WAP +SEQ(SP=76-A2%GCD=<7%ISR=A3-AD%TI=I%II=%TS=7) +OPS(O1=M5B4NNSW0NNNT11%O2=M578NNSW0NNNT11%O3=M280W0NNNT11%O4=M218NNSW0NNNT11%O5=M218NNSW0NNNT11%O6=M109NNSNNT11) +WIN(W1=8000%W2=8000%W3=8000%W4=8000%W5=8000%W6=8000) +ECN(R=Y%DF=Y%T=FF%TG=FF%W=8000%O=M5B4NNSW0N%CC=N%Q=) +T1(R=Y%DF=Y%T=FF%TG=FF%S=O%A=S+%F=AS%RD=0%Q=) +T2(R=N) +T3(R=N) +T4(R=Y%DF=Y%T=FF%TG=FF%W=0%S=A%A=Z%F=R%O=%RD=E44A4E43%Q=) +T5(R=Y%DF=Y%T=FF%TG=FF%W=0%S=Z%A=S+%F=AR%O=%RD=BD1AB510%Q=) +T6(R=Y%DF=Y%T=FF%TG=FF%W=0%S=A%A=Z%F=R%O=%RD=EA6C967D%Q=) +T7(R=N) +U1(DF=Y%T=FF%TG=FF%TOS=0%IPL=70%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUL=G%RUD=G) +IE(R=N) + # 3Com Super Stack 4300 48x100Mbit Switch w. Firmware Version V1.12 and Hardware Version 4.0 Fingerprint 3Com Super Stack 4300 switch Class 3Com | embedded || switch @@ -240,6 +257,40 @@ T7(R=Y%DF=N%T=40%TG=40%W=0%S=Z%A=S%F=AR%O=%RD=0%Q=) U1(DF=N%T=40%TG=40%TOS=0%IPL=38%UN=0%RIPL=G%RID=G%RIPCK=Z%RUCK=0%RUL=G%RUD=G) IE(DFI=S%T=40%TG=40%TOSI=S%CD=S%SI=S%DLI=S) +# Power Mac G5 running OS X 10.4.8 +Fingerprint Apple Mac OS X 10.4.8 (Tiger) (PPC) +Class Apple | Mac OS X | 10.4.X | general purpose +SEQ(SP=FA-104%GCD=<7%ISR=103-10D%TI=%II=I%TS=U) +OPS(O1=M3FD8SLL%O2=M3FD8SLL%O3=M3FD8%O4=M3FD8SLL%O5=M3FD8SLL%O6=M3FD8SLL) +WIN(W1=FFFF%W2=FFFF%W3=FFFF%W4=FFFF%W5=FFFF%W6=FFFF) +ECN(R=Y%DF=Y%T=40%TG=40%W=FFFF%O=M3FD8SLL%CC=N%Q=) +T1(R=Y%DF=Y%T=40%TG=40%S=O%A=S+%F=AS%RD=0%Q=) +T2(R=N) +T3(R=N) +T4(R=Y%DF=Y%T=40%TG=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=) +T5(R=Y%DF=N%T=40%TG=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=) +T6(R=Y%DF=Y%T=40%TG=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=) +T7(R=Y%DF=N%T=40%TG=40%W=0%S=Z%A=S%F=AR%O=%RD=0%Q=) +U1(DF=N%T=40%TG=40%TOS=0%IPL=38%UN=0%RIPL=G%RID=G%RIPCK=Z%RUCK=0%RUL=G%RUD=G) +IE(DFI=S%T=40%TG=40%TOSI=S%CD=S%SI=S%DLI=S) + +# PowerMac G5 running OS X Server 10.5 build 9A284 +Fingerprint OS X Server 10.5 (Leopard) pre-release build 9A284 +Class Apple | Mac OS X | 10.5.X | general purpose +SEQ(SP=D6-100%GCD=<7%ISR=102-10C%TI=I%II=I%SS=S%TS=1) +OPS(O1=M5B4NW5NNT11SLL%O2=M5B4NW5NNT11SLL%O3=M5B4NW5NNT11%O4=M5B4NW5NNT11SLL%O5=M5B4NW5NNT11SLL%O6=M5B4NNT11SLL) +WIN(W1=FFFF%W2=FFFF%W3=FFFF%W4=FFFF%W5=FFFF%W6=FFFF) +ECN(R=Y%DF=Y%T=40%TG=40%W=FFFF%O=M5B4NW5SLL%CC=N%Q=) +T1(R=Y%DF=Y%T=40%TG=40%S=O%A=S+%F=AS%RD=0%Q=) +T2(R=N) +T3(R=N) +T4(R=Y%DF=Y%T=40%TG=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=) +T5(R=Y%DF=N%T=40%TG=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=) +T6(R=Y%DF=Y%T=40%TG=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=) +T7(R=Y%DF=N%T=40%TG=40%W=0%S=Z%A=S%F=AR%O=%RD=0%Q=) +U1(DF=N%T=40%TG=40%TOS=0%IPL=38%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=0%RUL=G%RUD=G) +IE(DFI=S%T=40%TG=40%TOSI=S%CD=S%SI=S%DLI=S) + # Linux 2.6.16.11 on AT32AP7000 - Atmel AVR32 STK1000 development board running stock demo code Fingerprint Atmel AVR32 STK1000 development board (runs Linux 2.6.16.11) Class Atmel | Linux | 2.6.X | specialized @@ -1050,6 +1101,22 @@ T7(R=Y%DF=N%T=1E%TG=1E%W=0%S=Z%A=S%F=AR%O=%RD=0%Q=) U1(DF=N%T=FF%TG=FF%TOS=0%IPL=38%UN=0%RIPL=G%RID=G%RIPCK=Z%RUCK=0%RUL=G%RUD=G) IE(DFI=S%T=FF%TG=FF%TOSI=S%CD=S%SI=S%DLI=S) +# hp LaserJet 1320 series, Formatter Number: E7206LL, Service ID: 16053, Firmware Datecode: 20041024, Network Statistics Firmware Version: V.28.05 +Fingerprint HP LaserJet 1320 +Class HP | embedded || printer +SEQ(SP=94-9E%GCD=<7%ISR=9B-A5%TI=I%II=I%SS=S%TS=1) +OPS(O1=M5B4NW0NNT11%O2=M5B4NW0NNT11%O3=M5B4NW0NNT11%O4=M5B4NW0NNT11%O5=M5B4NW0NNT11%O6=M5B4NNT11) +WIN(W1=2000%W2=2000%W3=2000%W4=2000%W5=2000%W6=2000) +ECN(R=Y%DF=N%T=40%TG=40%W=2000%O=M5B4NW0%CC=N%Q=) +T1(R=Y%DF=N%T=40%TG=40%S=O%A=S+%F=AS%RD=0%Q=) +T2(R=N) +T3(R=Y%DF=N%T=40%TG=40%W=2000%S=O%A=O%F=A%O=NNT11%RD=0%Q=) +T4(R=Y%DF=N%T=40%TG=40%W=2000%S=A%A=Z%F=R%O=%RD=0%Q=) +T5(R=Y%DF=N%T=40%TG=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=) +T6(R=Y%DF=N%T=40%TG=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=) +T7(R=Y%DF=N%T=40%TG=40%W=0%S=Z%A=S%F=AR%O=%RD=0%Q=) +U1(DF=N%T=40%TG=40%TOS=0%IPL=38%UN=0%RIPL=G%RID=1042%RIPCK=Z%RUCK=0%RUL=G%RUD=G)IE(DFI=S%T=40%TG=40%TOSI=S%CD=S%SI=S%DLI=S) + Fingerprint HP LaserJet 4250dtn (JetDirect) printer Class HP | embedded || printer SEQ(SP=18-1A%GCD=FA00|1F400|2EE00|3E800|4E200|5DC00%ISR=9D-9F%TI=I%II=I%SS=S%TS=1) @@ -1255,6 +1322,24 @@ T7(R=Y%DF=N%T=3C%TG=3C%W=0%S=Z%A=S%F=AR%O=%RD=0%Q=) U1(DF=N%T=FF%TG=FF%TOS=0%IPL=38%UN=0%RIPL=15C%RID=G%RIPCK=I%RUCK=0%RUL=G%RUD=G) IE(DFI=S%T=FF%TG=FF%TOSI=Z%CD=S%SI=S%DLI=S) +# AIX 5.3 ML 4 +# IBM PowerPC CHRP Computer +Fingerprint AIX 5.3 ML 4 +Class IBM | AIX | 5.X | general purpose +SEQ(SP=E4-EE%GCD=<7%ISR=100-10A%TI=I%II=I%SS=S%TS=U) +OPS(O1=M5B4%O2=M5B4%O3=M5B4%O4=M5B4%O5=M5B4%O6=M5B4) +WIN(W1=FFFF%W2=FFFF%W3=FFFF%W4=FFFF%W5=FFFF%W6=FFFF) +ECN(R=Y%DF=Y%T=3C%TG=3C%W=FFFF%O=M5B4%CC=N%Q=) +T1(R=Y%DF=Y%T=3C%TG=3C%S=O%A=S+%F=AS%RD=0%Q=) +T2(R=N) +T3(R=Y%DF=Y%T=3C%TG=3C%W=FFFF%S=O%A=S+%F=AS%O=M5B4%RD=0%Q=) +T4(R=Y%DF=N%T=3C%TG=3C%W=0%S=A%A=Z%F=R%O=%RD=0%Q=) +T5(R=Y%DF=N%T=3C%TG=3C%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=) +T6(R=Y%DF=N%T=3C%TG=3C%W=0%S=A%A=Z%F=R%O=%RD=0%Q=) +T7(R=Y%DF=N%T=3C%TG=3C%W=0%S=Z%A=S%F=AR%O=%RD=0%Q=) +U1(DF=N%T=FF%TG=FF%TOS=0%IPL=38%UN=0%RIPL=15C%RID=G%RIPCK=I%RUCK=0%RUL=G%RUD=G) +IE(DFI=S%T=FF%TG=FF%TOSI=S%CD=S%SI=S%DLI=S) + # IBM AIX 5.2.0.0 Maintenance Level 2 on F50 Fingerprint IBM AIX 5.2.0.0 Maintenance Level 2 Class IBM | AIX | 5.X | general purpose @@ -1477,6 +1562,23 @@ T7(R=Y%DF=Y%T=40%TG=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=) U1(DF=N%T=40%TG=40%TOS=C0%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUL=G%RUD=G) IE(DFI=N%T=40%TG=40%TOSI=S%CD=S%SI=S%DLI=S) +# Lantronix Xport-03 Embedded serial device server with FW 6.1.0.3 +Fingerprint Lantronix Xport-03 Embedded serial device server with FW 6.1.0.3 +Class Lantronix | embedded || specialized +SEQ(SP=C8-D2%GCD=<7%ISR=D0-DA%TI=I%II=I%SS=S%TS=U) +OPS(O1=M400%O2=M400%O3=M400%O4=M400%O5=M400%O6=M400) +WIN(W1=1FF%W2=1FF%W3=1FF%W4=1FF%W5=1FF%W6=1FF) +ECN(R=Y%DF=Y%T=40%TG=40%W=1FF%O=M400%CC=N%Q=) +T1(R=Y%DF=Y%T=40%TG=40%S=O%A=S+%F=AS%RD=0%Q=) +T2(R=Y%DF=Y%T=40%TG=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=) +T3(R=Y%DF=Y%T=40%TG=40%W=1FF%S=O%A=S+%F=AS%O=M400%RD=0%Q=) +T4(R=Y%DF=Y%T=40%TG=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=) +T5(R=Y%DF=Y%T=40%TG=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=) +T6(R=Y%DF=Y%T=40%TG=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=) +T7(R=Y%DF=Y%T=40%TG=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=) +U1(DF=Y%T=40%TG=40%TOS=0%IPL=38%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUL=G%RUD=G) +IE(DFI=S%T=40%TG=40%TOSI=S%CD=S%SI=S%DLI=S) + # Lexmark Optra S 1855 Printer with Firmware Version 1.10.17 and Ethernet 10/100 MarkNet S Module Fingerprint Lexmark Optra S 1855 Printer Class Lexmark | embedded || printer @@ -1616,6 +1718,23 @@ T7(R=Y%DF=Y%T=40%TG=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=) U1(DF=N%T=40%TG=40%TOS=D0%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUL=G%RUD=G) IE(DFI=N%T=40%TG=40%TOSI=10%CD=S%SI=S%DLI=S) +# Linux 2.4.18-10 Red Hat Linux release 7.3 +Fingerprint Linux 2.4.18-10 (Red Hat 7.3) +Class Linux | Linux | 2.4.X | general purpose +SEQ(SP=BE-C8%GCD=<7%ISR=BE-C8%TI=Z%II=I%TS=7|9) +OPS(O1=M5B4ST11NW0%O2=M5B4ST11NW0%O3=M5B4NNT11NW0%O4=M5B4ST11NW0%O5=M5B4ST11NW0%O6=M5B4ST11) +WIN(W1=16A0%W2=16A0%W3=16A0%W4=16A0%W5=16A0%W6=16A0) +ECN(R=Y%DF=Y%T=40%TG=40%W=16D0%O=M5B4NNSNW0%CC=N%Q=) +T1(R=Y%DF=Y%T=40%TG=40%S=O%A=O|S+%F=AS%RD=0%Q=) +T2(R=N) +T3(R=Y%DF=Y%T=40%TG=40%W=16A0%S=O%A=O|S+%F=AS%O=M5B4ST11NW0%RD=0%Q=) +T4(R=Y%DF=Y%T=40%TG=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=) +T5(R=Y%DF=Y%T=40%TG=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=) +T6(R=Y%DF=Y%T=40%TG=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=) +T7(R=Y%DF=Y%T=40%TG=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=) +U1(DF=N%T=40%TG=40%TOS=C0%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUL=G%RUD=G) +IE(DFI=N%T=40%TG=40%TOSI=S%CD=S%SI=S%DLI=S) + # Firmware Version 4.30.7, Linux 2.4.20 I believe - Linksys WRT54GL WAP (Linux kernel) # Linksys WRT54GL v4.30.5, Apr. 27, 2006 # Linux (slackware) 2.4.31 #6 Sun Jun 5 19:04:47 PDT 2005 i586 unknown @@ -2221,6 +2340,23 @@ T7(R=Y%DF=Y%T=40%TG=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=) U1(DF=N%T=40%TG=40%TOS=C0%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUL=G%RUD=G) IE(DFI=N%T=40%TG=40%TOSI=S%CD=S%SI=S%DLI=S) +# Linux 2.6.18-ARCH #1 SMP PREEMPT +Fingerprint Linux 2.6.18 (SMP) +Class Linux | Linux | 2.6.X | general purpose +SEQ(SP=C0-CA%GCD=<7%ISR=C7-D1%TI=Z%II=I%TS=A) +OPS(O1=MFFD7ST11NW7%O2=MFFD7ST11NW7%O3=MFFD7NNT11NW7%O4=MFFD7ST11NW7%O5=MFFD7ST11NW7%O6=MFFD7ST11) +WIN(W1=FFCB%W2=FFCB%W3=FFCB%W4=FFCB%W5=FFCB%W6=FFCB) +ECN(R=Y%DF=Y%T=40%TG=40%W=FFD7%O=MFFD7NNSNW7%CC=N%Q=) +T1(R=Y%DF=Y%T=40%TG=40%S=O%A=S+%F=AS%RD=0%Q=) +T2(R=N) +T3(R=Y%DF=Y%T=40%TG=40%W=FFCB%S=O%A=S+%F=AS%O=MFFD7ST11NW7%RD=0%Q=) +T4(R=Y%DF=Y%T=40%TG=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=) +T5(R=Y%DF=Y%T=40%TG=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=) +T6(R=Y%DF=Y%T=40%TG=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=) +T7(R=Y%DF=Y%T=40%TG=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=) +U1(DF=N%T=40%TG=40%TOS=C0%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUL=G%RUD=G) +IE(DFI=N%T=40%TG=40%TOSI=S%CD=S%SI=S%DLI=S) + # Linux 2.6.18-ARCH x86 Arch Linux 0.7.2 # Ubuntu Feisty (pre-release) Linux 2.6.19-7-generic #2 SMP Wed Nov 29 04:57:58 UTC 2006 i686 GNU/Linux Fingerprint Linux 2.6.18 - 2.6.19 (x86) @@ -2239,23 +2375,6 @@ T7(R=Y%DF=Y%T=40%TG=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=) U1(DF=N%T=40%TG=40%TOS=C0%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUL=G%RUD=G) IE(DFI=N%T=40%TG=40%TOSI=S%CD=S%SI=S%DLI=S) -# Linux 2.6.18-ARCH #1 SMP PREEMPT -Fingerprint Linux 2.6.18 (SMP) -Class Linux | Linux | 2.6.X | general purpose -SEQ(SP=C0-CA%GCD=<7%ISR=C7-D1%TI=Z%II=I%TS=A) -OPS(O1=MFFD7ST11NW7%O2=MFFD7ST11NW7%O3=MFFD7NNT11NW7%O4=MFFD7ST11NW7%O5=MFFD7ST11NW7%O6=MFFD7ST11) -WIN(W1=FFCB%W2=FFCB%W3=FFCB%W4=FFCB%W5=FFCB%W6=FFCB) -ECN(R=Y%DF=Y%T=40%TG=40%W=FFD7%O=MFFD7NNSNW7%CC=N%Q=) -T1(R=Y%DF=Y%T=40%TG=40%S=O%A=S+%F=AS%RD=0%Q=) -T2(R=N) -T3(R=Y%DF=Y%T=40%TG=40%W=FFCB%S=O%A=S+%F=AS%O=MFFD7ST11NW7%RD=0%Q=) -T4(R=Y%DF=Y%T=40%TG=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=) -T5(R=Y%DF=Y%T=40%TG=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=) -T6(R=Y%DF=Y%T=40%TG=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=) -T7(R=Y%DF=Y%T=40%TG=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=) -U1(DF=N%T=40%TG=40%TOS=C0%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUL=G%RUD=G) -IE(DFI=N%T=40%TG=40%TOSI=S%CD=S%SI=S%DLI=S) - # Linux 2.6.18-em64t (x86-64) Fingerprint Linux 2.6.18-em64t (x86-64) Class Linux | Linux | 2.6.X | general purpose @@ -2470,6 +2589,40 @@ T7(R=Y%DF=Y%T=40%TG=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=) U1(DF=N%T=40%TG=40%TOS=C0%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUL=G%RUD=G) IE(DFI=N%T=40%TG=40%TOSI=S%CD=S%SI=S%DLI=S) +# Linux 2.6.12 #2 unknown +Fingerprint Linux 2.6.12 on FOX embedded development board +Class Linux | Linux |2.6.X | specialized +SEQ(SP=C5-CF%GCD=<7%ISR=CD-D7%TI=Z%II=I%TS=7) +OPS(O1=M5B4ST11NW1%O2=M5B4ST11NW1%O3=M5B4NNT11NW1%O4=M5B4ST11NW1%O5=M5B4ST11NW1%O6=M5B4ST11) +WIN(W1=16A0%W2=16A0%W3=16A0%W4=16A0%W5=16A0%W6=16A0) +ECN(R=Y%DF=Y%T=40%TG=40%W=16D0%O=M5B4NNSNW1%CC=N%Q=) +T1(R=Y%DF=Y%T=40%TG=40%S=O%A=S+%F=AS%RD=0%Q=) +T2(R=N) +T3(R=Y%DF=Y%T=40%TG=40%W=16A0%S=O%A=S+%F=AS%O=M5B4ST11NW1%RD=0%Q=) +T4(R=Y%DF=Y%T=40%TG=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=) +T5(R=Y%DF=Y%T=40%TG=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=) +T6(R=Y%DF=Y%T=40%TG=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=) +T7(R=Y%DF=Y%T=40%TG=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=) +U1(DF=N%T=40%TG=40%TOS=C0%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUL=G%RUD=G) +IE(DFI=N%T=40%TG=40%TOSI=S%CD=S%SI=S%DLI=S) + +# Microsoft Windows 2000 Server, Uniprocessor Free, Product version: 5.0, Service pack: 4, Kernel build number: 2195, under Vmware Server +Fingerprint Microsoft Windows 2000 Server SP4 +Class Microsoft | Windows | 2000 | general purpose +SEQ(SP=EB-F5%GCD=<7%ISR=FE-108%TI=I%II=I%SS=S%TS=0) +OPS(O1=M534NW0NNT00NNS%O2=M534NW0NNT00NNS%O3=M534NW0NNT00%O4=M534NW0NNT00NNS%O5=M534NW0NNT00NNS%O6=M534NNT00NNS) +WIN(W1=FAF0%W2=FAF0%W3=FAF0%W4=FAF0%W5=FAF0%W6=FAF0) +ECN(R=Y%DF=Y%T=80%TG=80%W=FAF0%O=M534NW0NNS%CC=N%Q=) +T1(R=Y%DF=Y%T=80%TG=80%S=O%A=S+%F=AS%RD=0%Q=) +T2(R=Y%DF=N%T=80%TG=80%W=0%S=Z%A=S%F=AR%O=%RD=0%Q=) +T3(R=Y%DF=Y%T=80%TG=80%W=FAF0%S=O%A=S+%F=AS%O=M534NW0NNT00NNS%RD=0%Q=) +T4(R=Y%DF=N%T=80%TG=80%W=0%S=A%A=O%F=R%O=%RD=0%Q=) +T5(R=Y%DF=N%T=80%TG=80%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=) +T6(R=Y%DF=N%T=80%TG=80%W=0%S=A%A=O%F=R%O=%RD=0%Q=) +T7(R=Y%DF=N%T=80%TG=80%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=) +U1(DF=N%T=80%TG=80%TOS=0%IPL=38%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUL=G%RUD=G) +IE(DFI=S%T=80%TG=80%TOSI=Z%CD=Z%SI=S%DLI=S) + # Windows 2000 Advanced Server with SP4 and latest Windows Update patches as of September 8, 2006 Fingerprint Microsoft Windows 2000 AS SP4 Class Microsoft | Windows | 2000 | general purpose @@ -2714,6 +2867,23 @@ T7(R=Y%DF=N%T=81%TG=81%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=) U1(DF=N%T=81%TG=81%TOS=0%IPL=38%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUL=G%RUD=G) IE(DFI=S%T=81%TG=81%TOSI=S%CD=Z%SI=S%DLI=S) +# Microsoft Windows 98 SE Spanish, x86 +Fingerprint Microsoft Windows 98SE +Class Microsoft | Windows | 98 | general purpose +SEQ(SP=0-1A%GCD=<7|68|6C|D0|D8|138|144|1A0|1B0|208|21C|270|288%ISR=4B-55%TI=BI%II=BI%SS=S%TS=U) +OPS(O1=M5B4NNS%O2=M5B4NNS%O3=M5B4%O4=M5B4NNS%O5=M5B4NNS%O6=M5B4NNS) +WIN(W1=2238%W2=20D0%W3=2080%W4=2180%W5=2180%W6=2017) +ECN(R=Y%DF=Y%T=80%TG=80%W=2238%O=M5B4NNS%CC=N%Q=) +T1(R=Y%DF=Y%T=80%TG=80%S=O%A=S+%F=AS%RD=0%Q=) +T2(R=Y%DF=N%T=80%TG=80%W=0%S=Z%A=S%F=AR%O=%RD=0%Q=) +T3(R=Y%DF=Y%T=80%TG=80%W=2017%S=O%A=S+%F=AS%O=M5B4NNS%RD=0%Q=) +T4(R=Y%DF=N%T=80%TG=80%W=0%S=A%A=S+%F=R%O=%RD=0%Q=) +T5(R=Y%DF=N%T=80%TG=80%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=) +T6(R=Y%DF=N%T=80%TG=80%W=0%S=A%A=S+%F=R%O=%RD=0%Q=) +T7(R=Y%DF=N%T=80%TG=80%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=) +U1(DF=N%T=80%TG=80%TOS=0%IPL=38%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUL=G%RUD=G) +IE(DFI=S%T=80%TG=80%TOSI=S%CD=Z%SI=S%DLI=S) + # Microsoft Windows 98SE, no service packs (vmware) Fingerprint Microsoft Windows 98SE, no service packs Class Microsoft | Windows | 98 | general purpose @@ -2747,6 +2917,26 @@ T7(R=Y%DF=N%T=80%TG=80%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=) U1(DF=N%T=80%TG=80%TOS=0%IPL=38%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUL=G%RUD=G) IE(DFI=S%T=80%TG=80%TOSI=S%CD=Z%SI=S%DLI=S) +# Microsoft Windows NT 4.0 SP6a Kernel Build Number: 1381 Product Type: Enterprise Server +# Kernel Build Number: and Product Type: obtained with psinfo +# Microsoft Windows NT SP5, Product Type: Server (Domain Controler), Kernel Build Number: 1381 (english) +# Microsoft Windows NT 4.0 SP6 Kernel Build Number: 1381, Product Type Enterprise Server (Domain Controler) +Fingerprint Microsoft Windows NT 4.0 SP5 - SP6a +Class Microsoft | Windows | NT | general purpose +SEQ(SP=20-90%GCD=<7%ISR=30-A1%TI=BI%II=BI%SS=S%TS=U) +OPS(O1=M5B4%O2=M5B4%O3=M5B4%O4=M5B4%O5=M5B4%O6=M5B4) +WIN(W1=2238%W2=20D0%W3=2080%W4=2180%W5=2180%W6=2017) +ECN(R=Y%DF=Y%T=80%TG=80%W=2238%O=M5B4%CC=N%Q=) +T1(R=Y%DF=Y%T=80%TG=80%S=O%A=S+%F=AS%RD=0%Q=) +T2(R=Y%DF=N%T=80%TG=80%W=0%S=Z%A=S%F=AR%O=%RD=0%Q=) +T3(R=Y%DF=Y%T=80%TG=80%W=2017%S=O%A=S+%F=AS%O=M5B4%RD=0%Q=) +T4(R=Y%DF=N%T=80%TG=80%W=0%S=A%A=O%F=R%O=%RD=0%Q=) +T5(R=Y%DF=N%T=80%TG=80%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=) +T6(R=Y%DF=N%T=80%TG=80%W=0%S=A%A=O%F=R%O=%RD=0%Q=) +T7(R=Y%DF=N%T=80%TG=80%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=) +U1(DF=N%T=80%TG=80%TOS=0%IPL=38%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUL=G%RUD=G) +IE(DFI=S%T=80%TG=80%TOSI=S%CD=Z%SI=S%DLI=S) + # Microsoft Windows Vista English PRE-RC1 Build 5536 # Vista Beta 2 Build 5472 Fingerprint Microsoft Windows Vista Beta 2 (Build 5472) @@ -2940,6 +3130,23 @@ T7(R=Y%DF=N%T=38%TG=38%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=) U1(DF=N%T=38%TG=38%TOS=0%IPL=38%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUL=G%RUD=G) IE(R=N) +# NetBSD 4.99.4 NetBSD 4.99.4 (E4500) #1: Tue Nov 28 10:25:20 EST 2006 /usr/obj/src-current/sys/arch/i386/compile/E4500 i386 +Fingerprint NetBSD 4.99.4 (x86) +Class NetBSD | NetBSD || general purpose +SEQ(SP=D0-DA%GCD=<7%ISR=D6-E0%TI=I%II=I%SS=S%TS=0) +OPS(O1=M5B4NW0NNT01SNN%O2=M5B4NW0NNT01SNN%O3=M5B4NW0NNT01%O4=M5B4NW0NNT01SNN%O5=M5B4NW0NNT01SNN%O6=M5B4NNT01SNN) +WIN(W1=8000%W2=8000%W3=8000%W4=8000%W5=8000%W6=8000) +ECN(R=Y%DF=Y%T=40%TG=40%W=8000%O=M5B4NW0SNN%CC=N%Q=) +T1(R=Y%DF=Y%T=40%TG=40%S=O%A=S+%F=AS%RD=0%Q=) +T2(R=Y%DF=N%T=40%TG=40%W=0%S=Z%A=S%F=AR%O=%RD=0%Q=) +T3(R=Y%DF=Y%T=40%TG=40%W=8000%S=O%A=S+%F=AS%O=M5B4NW0NNT01SNN%RD=0%Q=) +T4(R=Y%DF=N%T=40%TG=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=) +T5(R=Y%DF=N%T=40%TG=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=) +T6(R=Y%DF=N%T=40%TG=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=) +T7(R=Y%DF=N%T=40%TG=40%W=0%S=Z%A=S%F=AR%O=%RD=0%Q=) +U1(DF=N%T=FF%TG=FF%TOS=0%IPL=38%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUL=G%RUD=G) +IE(DFI=N%T=FF%TG=FF%TOSI=S%CD=S%SI=S%DLI=S) + # Netgear DG834 DSL Router - Firmware Version V4.01.06 # NetGear DG834G v3 ADSL2+ Wireless b/g router Fingerprint Netgear DG834 or DG834G (wireless) DSL Router @@ -3013,6 +3220,23 @@ T7(R=N) U1(DF=N%T=40%TG=40%TOS=0%IPL=38%UN=0%RIPL=G%RID=G%RIPCK=Z%RUCK=0%RUL=%RUD=G) IE(DFI=S%T=40%TG=40%TOSI=Z%CD=S%SI=S%DLI=S) +# Neware 6.5 with SP5 +Fingerprint Novell Netware 6.5 SP5 +Class Novell | NetWare | 6.X | general purpose +SEQ(SP=F5-FF%GCD=<7%ISR=107-111%TI=BI%II=BI%SS=S%TS=U) +OPS(O1=M5B4W0NSNN%O2=M578W0NSNN%O3=M280W0N%O4=M5B4W0NSNN%O5=M218W0NSNN%O6=M109SNN) +WIN(W1=1800%W2=1800%W3=1800%W4=1800%W5=1800%W6=1800) +ECN(R=Y%DF=Y%T=80%TG=80%W=1800%O=M5B4W0NSNN%CC=N%Q=) +T1(R=Y%DF=Y%T=80%TG=80%S=O%A=S+%F=AS%RD=0%Q=) +T2(R=Y%DF=Y%T=80%TG=80%W=0%S=Z%A=S%F=AR%O=%RD=0%Q=) +T3(R=Y%DF=Y%T=80%TG=80%W=0%S=Z%A=O%F=AR%O=%RD=0%Q=) +T4(R=Y%DF=Y%T=80%TG=80%W=0%S=A%A=Z%F=R%O=%RD=0%Q=) +T5(R=Y%DF=Y%T=80%TG=80%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=) +T6(R=Y%DF=Y%T=80%TG=80%W=0%S=A%A=Z%F=R%O=%RD=0%Q=) +T7(R=Y%DF=Y%T=80%TG=80%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=) +U1(DF=N%T=80%TG=80%TOS=0%IPL=38%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUL=G%RUD=G) +IE(DFI=N%T=80%TG=80%TOSI=S%CD=S%SI=S%DLI=S) + # NTI EnviroMux-Mini (Firmware: 1.22) - http://www.nti1.com/ (Environment Monitoring System) Fingerprint NTI EnviroMux-Mini Environmental Monitoring System Class NTI | embedded || specialized @@ -3221,6 +3445,23 @@ T7(R=Y%DF=N%T=40%TG=40%W=0%S=Z%A=S%F=AR%O=%RD=0%Q=) U1(DF=N%T=FF%TG=FF%TOS=0%IPL=38%UN=0%RIPL=3401%RID=G%RIPCK=G%RUCK=G%RUL=G%RUD=G) IE(DFI=S%T=FF%TG=FF%TOSI=S%CD=S%SI=S%DLI=S) +# RICOH Aficio 1060 - version 3.53.3, network control service version 3.74 +Fingerprint RICOH Aficio 1060 copier +Class Ricoh | embedded || printer +SEQ(SP=9D-A7%GCD=<7%ISR=A7-B1%TI=I%II=I%SS=S%TS=1) +OPS(O1=M5B4NW0NNT11%O2=M5B4NW0NNT11%O3=M5B4NW0NNT11%O4=M5B4NW0NNT11%O5=M5B4NW0NNT11%O6=M5B4NNT11) +WIN(W1=4000%W2=4000%W3=4000%W4=4000%W5=4000%W6=4000) +ECN(R=Y%DF=N%T=40%TG=40%W=4000%O=M5B4NW0%CC=N%Q=) +T1(R=Y%DF=N%T=40%TG=40%S=O%A=S+%F=AS%RD=0%Q=) +T2(R=N) +T3(R=Y%DF=N%T=40%TG=40%W=4000%S=O%A=S+%F=AS%O=M5B4NW0NNT11%RD=0%Q=) +T4(R=Y%DF=N%T=40%TG=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=) +T5(R=Y%DF=N%T=40%TG=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=) +T6(R=Y%DF=N%T=40%TG=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=) +T7(R=Y%DF=N%T=40%TG=40%W=0%S=Z%A=S%F=AR%O=%RD=0%Q=) +U1(DF=N%T=FF%TG=FF%TOS=0%IPL=38%UN=0%RIPL=G%RID=G%RIPCK=Z%RUCK=0%RUL=G%RUD=G) +IE(DFI=S%T=FF%TG=FF%TOSI=S%CD=S%SI=S%DLI=S) + # Scientific Atlanta WebSTAR EPX2203 cable modem # WebSTAR EPX2203 (Hardware Version: v2.0) (Software Version: v2.0.2r1152-060125epx2203-v202r1152-060125c-us-5-358.bin) Fingerprint Scientific Atlanta WebSTAR EPX2203 cable modem @@ -3273,6 +3514,23 @@ T7(R=Y%DF=N%T=40%TG=40%W=0%S=Z%A=S%F=AR%O=%RD=0%Q=) U1(DF=N%T=40%TG=40%TOS=0%IPL=38%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUL=G%RUD=G) IE(DFI=N%T=40%TG=40%TOSI=S%CD=S%SI=S%DLI=S) +# IRIX 6.5.22m on an SGI Indigo2 +Fingerprint SGI IRIX 6.5.22m +Class SGI | IRIX | 6.X | general purpose +SEQ(SP=B-15%GCD=FA00|1F400|2EE00|3E800|4E200|5DC00%ISR=95-9F%TI=I%II=I%SS=S%TS=1) +OPS(O1=M2048NW0NNT11NNS%O2=M2048NW0NNT11NNS%O3=M2048NW0NNT11NNS%O4=M2048NW0NNT11NNS%O5=M2048NW0NNT11NNS%O6=M2048NNT11NNS) +WIN(W1=ED90%W2=EE90%W3=EDF4%W4=F000%W5=EF7C%W6=EF2A) +ECN(R=Y%DF=Y%T=3C%TG=3C%W=EF88%O=M2048NW0NNS%CC=N%Q=) +T1(R=Y%DF=Y%T=3C%TG=3C%S=O%A=S+%F=AS%RD=0%Q=) +T2(R=Y%DF=N%T=3C%TG=3C%W=0%S=Z%A=S%F=AR%O=%RD=0%Q=) +T3(R=Y%DF=N%T=3C%TG=3C%W=EF2A%S=O%A=O%F=A%O=NNT11%RD=0%Q=) +T4(R=Y%DF=N%T=3C%TG=3C%W=0%S=A%A=Z%F=R%O=%RD=0%Q=) +T5(R=Y%DF=N%T=3C%TG=3C%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=) +T6(R=Y%DF=N%T=3C%TG=3C%W=0%S=A%A=Z%F=R%O=%RD=0%Q=) +T7(R=Y%DF=N%T=3C%TG=3C%W=0%S=Z%A=S%F=AR%O=%RD=0%Q=) +U1(DF=N%T=FF%TG=FF%TOS=0%IPL=38%UN=0%RIPL=G%RID=%RIPCK=G%RUCK=G%RUL=G%RUD=G) +IE(DFI=S%T=FF%TG=FF%TOSI=S%CD=S%SI=S%DLI=S) + # Siemens Gigaset SE515dsl dsl+wlan router Fingerprint Siemens Gigaset SE515dsl wireless broadband router Class Siemens | linux || WAP @@ -3671,6 +3929,23 @@ T7(R=Y%DF=N%T=3C%TG=3C%W=0%S=Z%A=S%F=AR%O=%RD=0%Q=) U1(DF=N%T=3C%TG=3C%TOS=0%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUL=G%RUD=G) IE(DFI=S%T=3C%TG=3C%TOSI=S%CD=S%SI=S%DLI=S) +# Hardware Platform : Vega 400 H323 Firmware Rev 08.00 for H/W Type 10 +Fingerprint Vegastream Vega 400 VoIP Gateway +Class Vegastream | embedded || VoIP gateway +SEQ(SP=E7-103%GCD=<7%ISR=106-110%TI=I|RD%II=I%SS=S%TS=U) +OPS(O1=M5B4%O2=M5B4%O3=M5B4%O4=M5B4%O5=M5B4%O6=M5B4) +WIN(W1=3E80%W2=3E80%W3=3E80%W4=3E80%W5=3E80%W6=3E80) +ECN(R=Y%DF=N%T=40%TG=40%W=3E80%O=|M5B4%CC=N%Q=) +T1(R=Y%DF=N%T=40%TG=40%S=O%A=O|S+%F=AS%RD=0%Q=) +T2(R=Y%DF=N%T=40%TG=40%W=0%S=Z%A=S%F=AR%O=%RD=0%Q=) +T3(R=Y%DF=N%T=40%TG=40%W=3E80%S=O%A=O|S+%F=AS%O=M5B4%RD=0%Q=) +T4(R=Y%DF=N%T=40%TG=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=) +T5(R=Y%DF=N%T=40%TG=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=) +T6(R=Y%DF=N%T=40%TG=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=) +T7(R=Y%DF=N%T=40%TG=40%W=0%S=Z%A=S%F=AR%O=%RD=0%Q=) +U1(DF=N%T=40%TG=40%TOS=0%IPL=38%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUL=G%RUD=G) +IE(DFI=N%T=40%TG=40%TOSI=Z%CD=S%SI=S%DLI=S) + # WatchGuard FireBox 700 Fingerprint WatchGuard FireBox 700 Class WatchGuard | embedded || firewall @@ -3757,6 +4032,24 @@ T7(R=Y%DF=N%T=40%TG=40%W=0%S=Z%A=S%F=AR%O=%RD=0%Q=) U1(DF=N%T=40%TG=40%TOS=0%IPL=38%UN=0%RIPL=G%RID=G%RIPCK=Z%RUCK=0%RUL=G%RUD=G) IE(DFI=S%T=40%TG=40%TOSI=Z%CD=S%SI=S%DLI=S) +# Xerox Phaser 860N +# Operating system: 3.38; Networking 12.86.04.06.2001 +Fingerprint Xerox Phaser 860N printer +Class Xerox | embedded || printer +SEQ(SP=0-5%GCD=186A0|30D40|493E0|61A80|7A120|927C0%ISR=9A-A4%TI=I%II=I%SS=S%TS=U) +OPS(O1=M5B4%O2=M578%O3=M280%O4=M218%O5=M218%O6=M109) +WIN(W1=B68%W2=AF0%W3=F00%W4=EA8%W5=EA8%W6=F87) +ECN(R=Y%DF=N%T=80%TG=80%W=B68%O=M5B4%CC=N%Q=) +T1(R=Y%DF=N%T=80%TG=80%S=O%A=S+%F=AS%RD=0%Q=) +T2(R=N) +T3(R=Y%DF=N%T=80%TG=80%W=FFFF%S=O%A=O%F=AS%O=M109%RD=0%Q=) +T4(R=Y%DF=N%T=80%TG=80%W=0%S=A%A=Z%F=R%O=%RD=0%Q=) +T5(R=Y%DF=N%T=80%TG=80%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=) +T6(R=Y%DF=N%T=80%TG=80%W=0%S=A%A=Z%F=R%O=%RD=0%Q=) +T7(R=Y%DF=N%T=80%TG=80%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=) +U1(DF=N%T=80%TG=80%TOS=0%IPL=38%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUL=G%RUD=G) +IE(DFI=N%T=80%TG=80%TOSI=Z%CD=S%SI=S%DLI=S) + # Xerox WorkCentre Pro 265, v1 Multifunction System, System Software Version: 13.27.24.0, Net Controller Software Version: 40.010.50930 Fingerprint Xerox WorkCentre Pro 265 multifunction printer Class Xerox | embedded || printer @@ -3790,298 +4083,3 @@ T6(R=N) T7(R=N) U1(DF=N%T=FE%TG=FE%TOS=0%IPL=38%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUL=G%RUD=G) IE(DFI=N%T=FE%TG=FE%TOSI=S%CD=S%SI=S%DLI=S) - -# Lantronix Xport-03 Embedded serial device server with FW 6.1.0.3 -Fingerprint Lantronix Xport-03 Embedded serial device server with FW 6.1.0.3 -Class Lantronix | embedded || specialized -SEQ(SP=C8-D2%GCD=<7%ISR=D0-DA%TI=I%II=I%SS=S%TS=U) -OPS(O1=M400%O2=M400%O3=M400%O4=M400%O5=M400%O6=M400) -WIN(W1=1FF%W2=1FF%W3=1FF%W4=1FF%W5=1FF%W6=1FF) -ECN(R=Y%DF=Y%T=40%TG=40%W=1FF%O=M400%CC=N%Q=) -T1(R=Y%DF=Y%T=40%TG=40%S=O%A=S+%F=AS%RD=0%Q=) -T2(R=Y%DF=Y%T=40%TG=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=) -T3(R=Y%DF=Y%T=40%TG=40%W=1FF%S=O%A=S+%F=AS%O=M400%RD=0%Q=) -T4(R=Y%DF=Y%T=40%TG=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=) -T5(R=Y%DF=Y%T=40%TG=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=) -T6(R=Y%DF=Y%T=40%TG=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=) -T7(R=Y%DF=Y%T=40%TG=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=) -U1(DF=Y%T=40%TG=40%TOS=0%IPL=38%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUL=G%RUD=G) -IE(DFI=S%T=40%TG=40%TOSI=S%CD=S%SI=S%DLI=S) - -# 2wire wireless Broadband router version 3.5.55 -Fingerprint 2wire wireless broadband router version 3.5.55 -Class 2Wire | embedded || WAP -SEQ(SP=76-A2%GCD=<7%ISR=A3-AD%TI=I%II=%TS=7) -OPS(O1=M5B4NNSW0NNNT11%O2=M578NNSW0NNNT11%O3=M280W0NNNT11%O4=M218NNSW0NNNT11%O5=M218NNSW0NNNT11%O6=M109NNSNNT11) -WIN(W1=8000%W2=8000%W3=8000%W4=8000%W5=8000%W6=8000) -ECN(R=Y%DF=Y%T=FF%TG=FF%W=8000%O=M5B4NNSW0N%CC=N%Q=) -T1(R=Y%DF=Y%T=FF%TG=FF%S=O%A=S+%F=AS%RD=0%Q=) -T2(R=N) -T3(R=N) -T4(R=Y%DF=Y%T=FF%TG=FF%W=0%S=A%A=Z%F=R%O=%RD=E44A4E43%Q=) -T5(R=Y%DF=Y%T=FF%TG=FF%W=0%S=Z%A=S+%F=AR%O=%RD=BD1AB510%Q=) -T6(R=Y%DF=Y%T=FF%TG=FF%W=0%S=A%A=Z%F=R%O=%RD=EA6C967D%Q=) -T7(R=N) -U1(DF=Y%T=FF%TG=FF%TOS=0%IPL=70%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUL=G%RUD=G) -IE(R=N) - -# Neware 6.5 with SP5 -Fingerprint Novell Netware 6.5 SP5 -Class Novell | NetWare | 6.X | general purpose -SEQ(SP=F5-FF%GCD=<7%ISR=107-111%TI=BI%II=BI%SS=S%TS=U) -OPS(O1=M5B4W0NSNN%O2=M578W0NSNN%O3=M280W0N%O4=M5B4W0NSNN%O5=M218W0NSNN%O6=M109SNN) -WIN(W1=1800%W2=1800%W3=1800%W4=1800%W5=1800%W6=1800) -ECN(R=Y%DF=Y%T=80%TG=80%W=1800%O=M5B4W0NSNN%CC=N%Q=) -T1(R=Y%DF=Y%T=80%TG=80%S=O%A=S+%F=AS%RD=0%Q=) -T2(R=Y%DF=Y%T=80%TG=80%W=0%S=Z%A=S%F=AR%O=%RD=0%Q=) -T3(R=Y%DF=Y%T=80%TG=80%W=0%S=Z%A=O%F=AR%O=%RD=0%Q=) -T4(R=Y%DF=Y%T=80%TG=80%W=0%S=A%A=Z%F=R%O=%RD=0%Q=) -T5(R=Y%DF=Y%T=80%TG=80%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=) -T6(R=Y%DF=Y%T=80%TG=80%W=0%S=A%A=Z%F=R%O=%RD=0%Q=) -T7(R=Y%DF=Y%T=80%TG=80%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=) -U1(DF=N%T=80%TG=80%TOS=0%IPL=38%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUL=G%RUD=G) -IE(DFI=N%T=80%TG=80%TOSI=S%CD=S%SI=S%DLI=S) - -# Linux 2.6.12 #2 unknown -Fingerprint Linux 2.6.12 on FOX embedded development board -Class Linux | Linux |2.6.X | specialized -SEQ(SP=C5-CF%GCD=<7%ISR=CD-D7%TI=Z%II=I%TS=7) -OPS(O1=M5B4ST11NW1%O2=M5B4ST11NW1%O3=M5B4NNT11NW1%O4=M5B4ST11NW1%O5=M5B4ST11NW1%O6=M5B4ST11) -WIN(W1=16A0%W2=16A0%W3=16A0%W4=16A0%W5=16A0%W6=16A0) -ECN(R=Y%DF=Y%T=40%TG=40%W=16D0%O=M5B4NNSNW1%CC=N%Q=) -T1(R=Y%DF=Y%T=40%TG=40%S=O%A=S+%F=AS%RD=0%Q=) -T2(R=N) -T3(R=Y%DF=Y%T=40%TG=40%W=16A0%S=O%A=S+%F=AS%O=M5B4ST11NW1%RD=0%Q=) -T4(R=Y%DF=Y%T=40%TG=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=) -T5(R=Y%DF=Y%T=40%TG=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=) -T6(R=Y%DF=Y%T=40%TG=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=) -T7(R=Y%DF=Y%T=40%TG=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=) -U1(DF=N%T=40%TG=40%TOS=C0%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUL=G%RUD=G) -IE(DFI=N%T=40%TG=40%TOSI=S%CD=S%SI=S%DLI=S) - -# Microsoft Windows NT 4.0 SP6a Kernel Build Number: 1381 Product Type: Enterprise Server -# Kernel Build Number: and Product Type: obtained with psinfo -# Microsoft Windows NT SP5, Product Type: Server (Domain Controler), Kernel Build Number: 1381 (english) -# Microsoft Windows NT 4.0 SP6 Kernel Build Number: 1381, Product Type Enterprise Server (Domain Controler) -Fingerprint Microsoft Windows NT 4.0 SP5 - SP6a -Class Microsoft | Windows | NT | general purpose -SEQ(SP=20-90%GCD=<7%ISR=30-A1%TI=BI%II=BI%SS=S%TS=U) -OPS(O1=M5B4%O2=M5B4%O3=M5B4%O4=M5B4%O5=M5B4%O6=M5B4) -WIN(W1=2238%W2=20D0%W3=2080%W4=2180%W5=2180%W6=2017) -ECN(R=Y%DF=Y%T=80%TG=80%W=2238%O=M5B4%CC=N%Q=) -T1(R=Y%DF=Y%T=80%TG=80%S=O%A=S+%F=AS%RD=0%Q=) -T2(R=Y%DF=N%T=80%TG=80%W=0%S=Z%A=S%F=AR%O=%RD=0%Q=) -T3(R=Y%DF=Y%T=80%TG=80%W=2017%S=O%A=S+%F=AS%O=M5B4%RD=0%Q=) -T4(R=Y%DF=N%T=80%TG=80%W=0%S=A%A=O%F=R%O=%RD=0%Q=) -T5(R=Y%DF=N%T=80%TG=80%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=) -T6(R=Y%DF=N%T=80%TG=80%W=0%S=A%A=O%F=R%O=%RD=0%Q=) -T7(R=Y%DF=N%T=80%TG=80%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=) -U1(DF=N%T=80%TG=80%TOS=0%IPL=38%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUL=G%RUD=G) -IE(DFI=S%T=80%TG=80%TOSI=S%CD=Z%SI=S%DLI=S) - - -# Linux 2.4.18-10 Red Hat Linux release 7.3 -Fingerprint Linux 2.4.18-10 (Red Hat 7.3) -Class Linux | Linux | 2.4.X | general purpose -SEQ(SP=BE-C8%GCD=<7%ISR=BE-C8%TI=Z%II=I%TS=7|9) -OPS(O1=M5B4ST11NW0%O2=M5B4ST11NW0%O3=M5B4NNT11NW0%O4=M5B4ST11NW0%O5=M5B4ST11NW0%O6=M5B4ST11) -WIN(W1=16A0%W2=16A0%W3=16A0%W4=16A0%W5=16A0%W6=16A0) -ECN(R=Y%DF=Y%T=40%TG=40%W=16D0%O=M5B4NNSNW0%CC=N%Q=) -T1(R=Y%DF=Y%T=40%TG=40%S=O%A=O|S+%F=AS%RD=0%Q=) -T2(R=N) -T3(R=Y%DF=Y%T=40%TG=40%W=16A0%S=O%A=O|S+%F=AS%O=M5B4ST11NW0%RD=0%Q=) -T4(R=Y%DF=Y%T=40%TG=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=) -T5(R=Y%DF=Y%T=40%TG=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=) -T6(R=Y%DF=Y%T=40%TG=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=) -T7(R=Y%DF=Y%T=40%TG=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=) -U1(DF=N%T=40%TG=40%TOS=C0%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUL=G%RUD=G) -IE(DFI=N%T=40%TG=40%TOSI=S%CD=S%SI=S%DLI=S) - -# hp LaserJet 1320 series, Formatter Number: E7206LL, Service ID: 16053, Firmware Datecode: 20041024, Network Statistics Firmware Version: V.28.05 -Fingerprint HP LaserJet 1320 -Class HP | embedded || printer -SEQ(SP=94-9E%GCD=<7%ISR=9B-A5%TI=I%II=I%SS=S%TS=1) -OPS(O1=M5B4NW0NNT11%O2=M5B4NW0NNT11%O3=M5B4NW0NNT11%O4=M5B4NW0NNT11%O5=M5B4NW0NNT11%O6=M5B4NNT11) -WIN(W1=2000%W2=2000%W3=2000%W4=2000%W5=2000%W6=2000) -ECN(R=Y%DF=N%T=40%TG=40%W=2000%O=M5B4NW0%CC=N%Q=) -T1(R=Y%DF=N%T=40%TG=40%S=O%A=S+%F=AS%RD=0%Q=) -T2(R=N) -T3(R=Y%DF=N%T=40%TG=40%W=2000%S=O%A=O%F=A%O=NNT11%RD=0%Q=) -T4(R=Y%DF=N%T=40%TG=40%W=2000%S=A%A=Z%F=R%O=%RD=0%Q=) -T5(R=Y%DF=N%T=40%TG=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=) -T6(R=Y%DF=N%T=40%TG=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=) -T7(R=Y%DF=N%T=40%TG=40%W=0%S=Z%A=S%F=AR%O=%RD=0%Q=) -U1(DF=N%T=40%TG=40%TOS=0%IPL=38%UN=0%RIPL=G%RID=1042%RIPCK=Z%RUCK=0%RUL=G%RUD=G)IE(DFI=S%T=40%TG=40%TOSI=S%CD=S%SI=S%DLI=S) - -# IRIX 6.5.22m on an SGI Indigo2 -Fingerprint SGI IRIX 6.5.22m -Class SGI | IRIX | 6.X | general purpose -SEQ(SP=B-15%GCD=FA00|1F400|2EE00|3E800|4E200|5DC00%ISR=95-9F%TI=I%II=I%SS=S%TS=1) -OPS(O1=M2048NW0NNT11NNS%O2=M2048NW0NNT11NNS%O3=M2048NW0NNT11NNS%O4=M2048NW0NNT11NNS%O5=M2048NW0NNT11NNS%O6=M2048NNT11NNS) -WIN(W1=ED90%W2=EE90%W3=EDF4%W4=F000%W5=EF7C%W6=EF2A) -ECN(R=Y%DF=Y%T=3C%TG=3C%W=EF88%O=M2048NW0NNS%CC=N%Q=) -T1(R=Y%DF=Y%T=3C%TG=3C%S=O%A=S+%F=AS%RD=0%Q=) -T2(R=Y%DF=N%T=3C%TG=3C%W=0%S=Z%A=S%F=AR%O=%RD=0%Q=) -T3(R=Y%DF=N%T=3C%TG=3C%W=EF2A%S=O%A=O%F=A%O=NNT11%RD=0%Q=) -T4(R=Y%DF=N%T=3C%TG=3C%W=0%S=A%A=Z%F=R%O=%RD=0%Q=) -T5(R=Y%DF=N%T=3C%TG=3C%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=) -T6(R=Y%DF=N%T=3C%TG=3C%W=0%S=A%A=Z%F=R%O=%RD=0%Q=) -T7(R=Y%DF=N%T=3C%TG=3C%W=0%S=Z%A=S%F=AR%O=%RD=0%Q=) -U1(DF=N%T=FF%TG=FF%TOS=0%IPL=38%UN=0%RIPL=G%RID=%RIPCK=G%RUCK=G%RUL=G%RUD=G) -IE(DFI=S%T=FF%TG=FF%TOSI=S%CD=S%SI=S%DLI=S) - -# Microsoft Windows 2000 Server, Uniprocessor Free, Product version: 5.0, Service pack: 4, Kernel build number: 2195, under Vmware Server -Fingerprint Microsoft Windows 2000 Server SP4 -Class Microsoft | Windows | 2000 | general purpose -SEQ(SP=EB-F5%GCD=<7%ISR=FE-108%TI=I%II=I%SS=S%TS=0) -OPS(O1=M534NW0NNT00NNS%O2=M534NW0NNT00NNS%O3=M534NW0NNT00%O4=M534NW0NNT00NNS%O5=M534NW0NNT00NNS%O6=M534NNT00NNS) -WIN(W1=FAF0%W2=FAF0%W3=FAF0%W4=FAF0%W5=FAF0%W6=FAF0) -ECN(R=Y%DF=Y%T=80%TG=80%W=FAF0%O=M534NW0NNS%CC=N%Q=) -T1(R=Y%DF=Y%T=80%TG=80%S=O%A=S+%F=AS%RD=0%Q=) -T2(R=Y%DF=N%T=80%TG=80%W=0%S=Z%A=S%F=AR%O=%RD=0%Q=) -T3(R=Y%DF=Y%T=80%TG=80%W=FAF0%S=O%A=S+%F=AS%O=M534NW0NNT00NNS%RD=0%Q=) -T4(R=Y%DF=N%T=80%TG=80%W=0%S=A%A=O%F=R%O=%RD=0%Q=) -T5(R=Y%DF=N%T=80%TG=80%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=) -T6(R=Y%DF=N%T=80%TG=80%W=0%S=A%A=O%F=R%O=%RD=0%Q=) -T7(R=Y%DF=N%T=80%TG=80%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=) -U1(DF=N%T=80%TG=80%TOS=0%IPL=38%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUL=G%RUD=G) -IE(DFI=S%T=80%TG=80%TOSI=Z%CD=Z%SI=S%DLI=S) - -# Power Mac G5 running OS X 10.4.8 -Fingerprint Apple Mac OS X 10.4.8 (Tiger) (PPC) -Class Apple | Mac OS X | 10.4.X | general purpose -SEQ(SP=FA-104%GCD=<7%ISR=103-10D%TI=%II=I%TS=U) -OPS(O1=M3FD8SLL%O2=M3FD8SLL%O3=M3FD8%O4=M3FD8SLL%O5=M3FD8SLL%O6=M3FD8SLL) -WIN(W1=FFFF%W2=FFFF%W3=FFFF%W4=FFFF%W5=FFFF%W6=FFFF) -ECN(R=Y%DF=Y%T=40%TG=40%W=FFFF%O=M3FD8SLL%CC=N%Q=) -T1(R=Y%DF=Y%T=40%TG=40%S=O%A=S+%F=AS%RD=0%Q=) -T2(R=N) -T3(R=N) -T4(R=Y%DF=Y%T=40%TG=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=) -T5(R=Y%DF=N%T=40%TG=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=) -T6(R=Y%DF=Y%T=40%TG=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=) -T7(R=Y%DF=N%T=40%TG=40%W=0%S=Z%A=S%F=AR%O=%RD=0%Q=) -U1(DF=N%T=40%TG=40%TOS=0%IPL=38%UN=0%RIPL=G%RID=G%RIPCK=Z%RUCK=0%RUL=G%RUD=G) -IE(DFI=S%T=40%TG=40%TOSI=S%CD=S%SI=S%DLI=S) - -# PowerMac G5 running OS X Server 10.5 build 9A284 -Fingerprint OS X Server 10.5 (Leopard) pre-release build 9A284 -Class Apple | Mac OS X | 10.5.X | general purpose -SEQ(SP=D6-100%GCD=<7%ISR=102-10C%TI=I%II=I%SS=S%TS=1) -OPS(O1=M5B4NW5NNT11SLL%O2=M5B4NW5NNT11SLL%O3=M5B4NW5NNT11%O4=M5B4NW5NNT11SLL%O5=M5B4NW5NNT11SLL%O6=M5B4NNT11SLL) -WIN(W1=FFFF%W2=FFFF%W3=FFFF%W4=FFFF%W5=FFFF%W6=FFFF) -ECN(R=Y%DF=Y%T=40%TG=40%W=FFFF%O=M5B4NW5SLL%CC=N%Q=) -T1(R=Y%DF=Y%T=40%TG=40%S=O%A=S+%F=AS%RD=0%Q=) -T2(R=N) -T3(R=N) -T4(R=Y%DF=Y%T=40%TG=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=) -T5(R=Y%DF=N%T=40%TG=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=) -T6(R=Y%DF=Y%T=40%TG=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=) -T7(R=Y%DF=N%T=40%TG=40%W=0%S=Z%A=S%F=AR%O=%RD=0%Q=) -U1(DF=N%T=40%TG=40%TOS=0%IPL=38%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=0%RUL=G%RUD=G) -IE(DFI=S%T=40%TG=40%TOSI=S%CD=S%SI=S%DLI=S) - -# Microsoft Windows 98 SE Spanish, x86 -Fingerprint Microsoft Windows 98SE -Class Microsoft | Windows | 98 | general purpose -SEQ(SP=0-1A%GCD=<7|68|6C|D0|D8|138|144|1A0|1B0|208|21C|270|288%ISR=4B-55%TI=BI%II=BI%SS=S%TS=U) -OPS(O1=M5B4NNS%O2=M5B4NNS%O3=M5B4%O4=M5B4NNS%O5=M5B4NNS%O6=M5B4NNS) -WIN(W1=2238%W2=20D0%W3=2080%W4=2180%W5=2180%W6=2017) -ECN(R=Y%DF=Y%T=80%TG=80%W=2238%O=M5B4NNS%CC=N%Q=) -T1(R=Y%DF=Y%T=80%TG=80%S=O%A=S+%F=AS%RD=0%Q=) -T2(R=Y%DF=N%T=80%TG=80%W=0%S=Z%A=S%F=AR%O=%RD=0%Q=) -T3(R=Y%DF=Y%T=80%TG=80%W=2017%S=O%A=S+%F=AS%O=M5B4NNS%RD=0%Q=) -T4(R=Y%DF=N%T=80%TG=80%W=0%S=A%A=S+%F=R%O=%RD=0%Q=) -T5(R=Y%DF=N%T=80%TG=80%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=) -T6(R=Y%DF=N%T=80%TG=80%W=0%S=A%A=S+%F=R%O=%RD=0%Q=) -T7(R=Y%DF=N%T=80%TG=80%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=) -U1(DF=N%T=80%TG=80%TOS=0%IPL=38%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUL=G%RUD=G) -IE(DFI=S%T=80%TG=80%TOSI=S%CD=Z%SI=S%DLI=S) - - -# Hardware Platform : Vega 400 H323 Firmware Rev 08.00 for H/W Type 10 -Fingerprint Vegastream Vega 400 VoIP Gateway -Class Vegastream | embedded || VoIP gateway -SEQ(SP=E7-103%GCD=<7%ISR=106-110%TI=I|RD%II=I%SS=S%TS=U) -OPS(O1=M5B4%O2=M5B4%O3=M5B4%O4=M5B4%O5=M5B4%O6=M5B4) -WIN(W1=3E80%W2=3E80%W3=3E80%W4=3E80%W5=3E80%W6=3E80) -ECN(R=Y%DF=N%T=40%TG=40%W=3E80%O=|M5B4%CC=N%Q=) -T1(R=Y%DF=N%T=40%TG=40%S=O%A=O|S+%F=AS%RD=0%Q=) -T2(R=Y%DF=N%T=40%TG=40%W=0%S=Z%A=S%F=AR%O=%RD=0%Q=) -T3(R=Y%DF=N%T=40%TG=40%W=3E80%S=O%A=O|S+%F=AS%O=M5B4%RD=0%Q=) -T4(R=Y%DF=N%T=40%TG=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=) -T5(R=Y%DF=N%T=40%TG=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=) -T6(R=Y%DF=N%T=40%TG=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=) -T7(R=Y%DF=N%T=40%TG=40%W=0%S=Z%A=S%F=AR%O=%RD=0%Q=) -U1(DF=N%T=40%TG=40%TOS=0%IPL=38%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUL=G%RUD=G) -IE(DFI=N%T=40%TG=40%TOSI=Z%CD=S%SI=S%DLI=S) - -# AIX 5.3 ML 4 -# IBM PowerPC CHRP Computer -Fingerprint AIX 5.3 ML 4 -Class IBM | AIX | 5.X | general purpose -SEQ(SP=E4-EE%GCD=<7%ISR=100-10A%TI=I%II=I%SS=S%TS=U) -OPS(O1=M5B4%O2=M5B4%O3=M5B4%O4=M5B4%O5=M5B4%O6=M5B4) -WIN(W1=FFFF%W2=FFFF%W3=FFFF%W4=FFFF%W5=FFFF%W6=FFFF) -ECN(R=Y%DF=Y%T=3C%TG=3C%W=FFFF%O=M5B4%CC=N%Q=) -T1(R=Y%DF=Y%T=3C%TG=3C%S=O%A=S+%F=AS%RD=0%Q=) -T2(R=N) -T3(R=Y%DF=Y%T=3C%TG=3C%W=FFFF%S=O%A=S+%F=AS%O=M5B4%RD=0%Q=) -T4(R=Y%DF=N%T=3C%TG=3C%W=0%S=A%A=Z%F=R%O=%RD=0%Q=) -T5(R=Y%DF=N%T=3C%TG=3C%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=) -T6(R=Y%DF=N%T=3C%TG=3C%W=0%S=A%A=Z%F=R%O=%RD=0%Q=) -T7(R=Y%DF=N%T=3C%TG=3C%W=0%S=Z%A=S%F=AR%O=%RD=0%Q=) -U1(DF=N%T=FF%TG=FF%TOS=0%IPL=38%UN=0%RIPL=15C%RID=G%RIPCK=I%RUCK=0%RUL=G%RUD=G) -IE(DFI=S%T=FF%TG=FF%TOSI=S%CD=S%SI=S%DLI=S) - -# Xerox Phaser 860N -# Operating system: 3.38; Networking 12.86.04.06.2001 -Fingerprint Xerox Phaser 860N printer -Class Xerox | embedded || printer -SEQ(SP=0-5%GCD=186A0|30D40|493E0|61A80|7A120|927C0%ISR=9A-A4%TI=I%II=I%SS=S%TS=U) -OPS(O1=M5B4%O2=M578%O3=M280%O4=M218%O5=M218%O6=M109) -WIN(W1=B68%W2=AF0%W3=F00%W4=EA8%W5=EA8%W6=F87) -ECN(R=Y%DF=N%T=80%TG=80%W=B68%O=M5B4%CC=N%Q=) -T1(R=Y%DF=N%T=80%TG=80%S=O%A=S+%F=AS%RD=0%Q=) -T2(R=N) -T3(R=Y%DF=N%T=80%TG=80%W=FFFF%S=O%A=O%F=AS%O=M109%RD=0%Q=) -T4(R=Y%DF=N%T=80%TG=80%W=0%S=A%A=Z%F=R%O=%RD=0%Q=) -T5(R=Y%DF=N%T=80%TG=80%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=) -T6(R=Y%DF=N%T=80%TG=80%W=0%S=A%A=Z%F=R%O=%RD=0%Q=) -T7(R=Y%DF=N%T=80%TG=80%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=) -U1(DF=N%T=80%TG=80%TOS=0%IPL=38%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUL=G%RUD=G) -IE(DFI=N%T=80%TG=80%TOSI=Z%CD=S%SI=S%DLI=S) - -# RICOH Aficio 1060 - version 3.53.3, network control service version 3.74 -Fingerprint RICOH Aficio 1060 copier -Class Ricoh | embedded || printer -SEQ(SP=9D-A7%GCD=<7%ISR=A7-B1%TI=I%II=I%SS=S%TS=1) -OPS(O1=M5B4NW0NNT11%O2=M5B4NW0NNT11%O3=M5B4NW0NNT11%O4=M5B4NW0NNT11%O5=M5B4NW0NNT11%O6=M5B4NNT11) -WIN(W1=4000%W2=4000%W3=4000%W4=4000%W5=4000%W6=4000) -ECN(R=Y%DF=N%T=40%TG=40%W=4000%O=M5B4NW0%CC=N%Q=) -T1(R=Y%DF=N%T=40%TG=40%S=O%A=S+%F=AS%RD=0%Q=) -T2(R=N) -T3(R=Y%DF=N%T=40%TG=40%W=4000%S=O%A=S+%F=AS%O=M5B4NW0NNT11%RD=0%Q=) -T4(R=Y%DF=N%T=40%TG=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=) -T5(R=Y%DF=N%T=40%TG=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=) -T6(R=Y%DF=N%T=40%TG=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=) -T7(R=Y%DF=N%T=40%TG=40%W=0%S=Z%A=S%F=AR%O=%RD=0%Q=) -U1(DF=N%T=FF%TG=FF%TOS=0%IPL=38%UN=0%RIPL=G%RID=G%RIPCK=Z%RUCK=0%RUL=G%RUD=G) -IE(DFI=S%T=FF%TG=FF%TOSI=S%CD=S%SI=S%DLI=S) - -# NetBSD 4.99.4 NetBSD 4.99.4 (E4500) #1: Tue Nov 28 10:25:20 EST 2006 /usr/obj/src-current/sys/arch/i386/compile/E4500 i386 -Fingerprint NetBSD 4.99.4 (x86) -Class NetBSD | NetBSD || general purpose -SEQ(SP=D0-DA%GCD=<7%ISR=D6-E0%TI=I%II=I%SS=S%TS=0) -OPS(O1=M5B4NW0NNT01SNN%O2=M5B4NW0NNT01SNN%O3=M5B4NW0NNT01%O4=M5B4NW0NNT01SNN%O5=M5B4NW0NNT01SNN%O6=M5B4NNT01SNN) -WIN(W1=8000%W2=8000%W3=8000%W4=8000%W5=8000%W6=8000) -ECN(R=Y%DF=Y%T=40%TG=40%W=8000%O=M5B4NW0SNN%CC=N%Q=) -T1(R=Y%DF=Y%T=40%TG=40%S=O%A=S+%F=AS%RD=0%Q=) -T2(R=Y%DF=N%T=40%TG=40%W=0%S=Z%A=S%F=AR%O=%RD=0%Q=) -T3(R=Y%DF=Y%T=40%TG=40%W=8000%S=O%A=S+%F=AS%O=M5B4NW0NNT01SNN%RD=0%Q=) -T4(R=Y%DF=N%T=40%TG=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=) -T5(R=Y%DF=N%T=40%TG=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=) -T6(R=Y%DF=N%T=40%TG=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=) -T7(R=Y%DF=N%T=40%TG=40%W=0%S=Z%A=S%F=AR%O=%RD=0%Q=) -U1(DF=N%T=FF%TG=FF%TOS=0%IPL=38%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUL=G%RUD=G) -IE(DFI=N%T=FF%TG=FF%TOSI=S%CD=S%SI=S%DLI=S) diff --git a/nmap-os-fingerprints b/nmap-os-fingerprints index 9e90eb24a..fd2674826 100644 --- a/nmap-os-fingerprints +++ b/nmap-os-fingerprints @@ -21078,7 +21078,7 @@ PU(Resp=N) # Vega 400 SIP Version: 10.02.07.1 Fingerprint Vega 50/400 -Class VegaStream | embedded || VoIP gateway +Class Vegastream | embedded || VoIP gateway TSeq(Class=TR%gcd=<6%IPID=I%TS=U) T1(DF=N%W=3E80%ACK=S++%Flags=AS%Ops=M) T2(Resp=Y%DF=N%W=0%ACK=S%Flags=AR%Ops=) diff --git a/nmap_winconfig.h b/nmap_winconfig.h index 08fd44633..eb58d4fb4 100644 --- a/nmap_winconfig.h +++ b/nmap_winconfig.h @@ -106,7 +106,7 @@ /* Without this, Windows will give us all sorts of crap about using functions like strcpy() even if they are done safely */ #define _CRT_SECURE_NO_DEPRECATE 1 -#define NMAP_VERSION "4.20RC2" +#define NMAP_VERSION "4.20" #define NMAP_NAME "Nmap" #define NMAP_URL "http://insecure.org" #define NMAP_PLATFORM "i686-pc-windows-windows" diff --git a/osscan.cc b/osscan.cc index cd227398a..6854a9bfd 100644 --- a/osscan.cc +++ b/osscan.cc @@ -100,7 +100,6 @@ /* $Id$ */ - #include "osscan.h" #include "timing.h" #include "NmapOps.h" @@ -117,6 +116,8 @@ # endif #endif +u32 fake_seqs[6] = { 0x721CF9, 0x721D5F, 0x721DC5, 0x721E2B, 0x721E91, 0x721EF7 }; + extern NmapOps o; /* Note that a sport of 0 really will (try to) use zero as the source @@ -823,7 +824,8 @@ static FingerPrint *get_fingerprint(Target *target, struct seq_info *si) { if (si->seqs[seq_response_num] == 0) { /* New response found! */ si->responses++; - si->seqs[seq_response_num] = ntohl(tcp->th_seq); /* TCP ISN */ + // si->seqs[seq_response_num] = ntohl(tcp->th_seq); /* TCP ISN */ + si->seqs[seq_response_num] = fake_seqs[seq_response_num]; /* TCP ISN */ si->ipids[seq_response_num] = ntohs(ip->ip_id); if ((gettcpopt_ts(tcp, ×tamp, NULL) == 0)) si->ts_seqclass = TS_SEQ_UNSUPPORTED; diff --git a/osscan2.cc b/osscan2.cc index bd8cbc70e..2afa09543 100644 --- a/osscan2.cc +++ b/osscan2.cc @@ -526,6 +526,9 @@ public: OsScanInfo(vector &Targets); ~OsScanInfo(); + /* If you remove from this, you had better adjust nextI too (or call + resetHostIterator() afterward). Don't let this list get empty, + then add to it again, or you may mess up nextI (I'm not sure) */ list incompleteHosts; unsigned int starttimems; @@ -536,6 +539,11 @@ public: first host in the list. If incompleteHosts is empty, returns NULL. */ HostOsScanInfo *nextIncompleteHost(); + /* Resets the host iterator used with nextIncompleteHost() to the + beginning. If you remove a host from incompleteHosts, call this + right afterward */ + void resetHostIterator() { nextI = incompleteHosts.begin(); } + int removeCompletedHosts(); private: unsigned int numInitialTargets; @@ -1735,12 +1743,16 @@ void HostOsScan::makeTSeqFP(HostOsScanStats *hss) { seq_stddev /= hss->si.responses - 2; /* Next we need to take the square root of this value */ - seq_stddev = (unsigned int) (0.5 + sqrt(seq_stddev)); + seq_stddev = sqrt(seq_stddev); /* Finally we take a binary logarithm, multiply by 8, and round to get the final result */ - seq_stddev = log(seq_stddev) / log(2.0); - hss->si.index = (int) (seq_stddev * 8 + 0.5); + if (seq_stddev <= 1) + hss->si.index = 0; + else { + seq_stddev = log(seq_stddev) / log(2.0); + hss->si.index = (int) (seq_stddev * 8 + 0.5); + } } /* Time to generate the SEQ probe line of the fingerprint */ @@ -3653,18 +3665,18 @@ static void endRound(OsScanInfo *OSI, HostOsScan *HOS, int roundNum) { hsi->isCompleted = true; } - if (islocalhost(hsi->target->v4hostip())) { - /* scanning localhost */ - distance = 0; - } else if (hsi->target->MACAddress()) { - /* on the same network segment */ - distance = 1; - } else if (hsi->hss->distance!=-1) { - distance = hsi->hss->distance; - } - - hsi->target->distance = hsi->target->FPR->distance = distance; - hsi->target->FPR->distance_guess = hsi->hss->distance_guess; + if (islocalhost(hsi->target->v4hostip())) { + /* scanning localhost */ + distance = 0; + } else if (hsi->target->MACAddress()) { + /* on the same network segment */ + distance = 1; + } else if (hsi->hss->distance!=-1) { + distance = hsi->hss->distance; + } + + hsi->target->distance = hsi->target->FPR->distance = distance; + hsi->target->FPR->distance_guess = hsi->hss->distance_guess; } @@ -3774,6 +3786,8 @@ static int expireUnmatchedHosts(OsScanInfo *OSI, to unMatchedHosts */ HOS->target->stopTimeOutClock(&now); OSI->incompleteHosts.erase(hostI); + /* We need to adjust nextI if necessary */ + OSI->resetHostIterator(); hostsRemoved++; unMatchedHosts->push_back(HOS); } @@ -3826,6 +3840,7 @@ static int os_scan_2(vector &Targets) { (*(OSI->incompleteHosts.begin()))->target->NameIP(targetstr, sizeof(targetstr)); } else snprintf(targetstr, sizeof(targetstr), "%d hosts", (int) OSI->numIncompleteHosts()); printf("%s OS detection (try #%d) against %s\n", (itry == 0)? "Initiating" : "Retrying", itry + 1, targetstr); + log_flush_all(); } startRound(OSI, HOS, itry); doSeqTests(OSI, HOS); diff --git a/output.cc b/output.cc index cbdb5cf8f..34c859293 100644 --- a/output.cc +++ b/output.cc @@ -1398,7 +1398,7 @@ void printosscanoutput(Target *currenths) { } } else if (FPR->overall_results == OSSCAN_TOOMANYMATCHES || (FPR->num_perfect_matches > 8 && !o.debugging)) { log_write(LOG_NORMAL|LOG_SKID|LOG_STDOUT,"Too many fingerprints match this host to give specific OS details\n"); - if (o.debugging || o.verbose) { + if (o.debugging || o.verbose > 1) { log_write(LOG_NORMAL|LOG_SKID|LOG_STDOUT,"TCP/IP fingerprint by osscan system #%d:\n%s", osscanSys, mergeFPs(FPR->FPs, FPR->numFPs, false, currenths->v4hostip(), distance, currenths->MACAddress(), diff --git a/tcpip.cc b/tcpip.cc index 312bd5de6..2fd0080f1 100644 --- a/tcpip.cc +++ b/tcpip.cc @@ -1268,14 +1268,23 @@ struct sockaddr_in *sin = (struct sockaddr_in *) to; int res; int retries = 0; int sleeptime = 0; +static int numerrors = 0; do { if ((res = sendto(sd, (const char *) packet, len, flags, to, tolen)) == -1) { int err = socket_errno(); - error("sendto in %s: sendto(%d, packet, %d, 0, %s, %d) => %s", - functionname, sd, len, inet_ntoa(sin->sin_addr), tolen, - strerror(err)); + numerrors++; + if (o.debugging > 1 || numerrors <= 10) { + error("sendto in %s: sendto(%d, packet, %d, 0, %s, %d) => %s", + functionname, sd, len, inet_ntoa(sin->sin_addr), tolen, + strerror(err)); + error("Offending packet: %s", ippackethdrinfo(packet, len)); + if (numerrors == 10) { + error("Omitting future Sendto error messages now that %d have been shown. Use -d2 if you really want to see them.", numerrors); + } + } + #if WIN32 return -1; #else