[Snort-users] What machine is that... Anyway?

Chris Adams chris at ...2949...
Mon Sep 3 01:23:03 EDT 2001

On Monday, September 3, 2001, at 12:33 AM, Niek Jongerius wrote:

>> Well, it would seem to me that if it has an unknown address on your
>> network, you've already spotted it.  You would really need something
>> like nmap to make a stab at what type of OS is running on it.
> There is another tool for fingerprinting, that often does a better job
> than nmap. Check out http://www.sys-security.com/html/projects/X.html.
> Impressive stack analysis!

xprobe has better depth than nmap on the Microsoft stacks but doesn't 
have anything like the breadth of coverage for different operating 
systems. It might be interesting to write a script which uses several of 
the available tools to double-check any guesses.


More information about the Snort-users mailing list