[Snort-users] What machine is that... Anyway?
chris at ...2949...
Mon Sep 3 01:23:03 EDT 2001
On Monday, September 3, 2001, at 12:33 AM, Niek Jongerius wrote:
>> Well, it would seem to me that if it has an unknown address on your
>> network, you've already spotted it. You would really need something
>> like nmap to make a stab at what type of OS is running on it.
> There is another tool for fingerprinting, that often does a better job
> than nmap. Check out http://www.sys-security.com/html/projects/X.html.
> Impressive stack analysis!
xprobe has better depth than nmap on the Microsoft stacks but doesn't
have anything like the breadth of coverage for different operating
systems. It might be interesting to write a script which uses several of
the available tools to double-check any guesses.
More information about the Snort-users