On Wed, Sep 16, 2009 at 12:00 PM, Joe M.
[email protected] wrote:
I’m working my way into learning some basic socket programming. I would
like to incorporate some sort of nmap-like functionality, namely, OS
fingerprinting. Is this possible to do without relying on the actual
nmap program? Is there a way to read TCP/IP stack fingerprints and
determine OS information in Ruby?
I’m not sure I would categorize OS fingerprinting as “basic socket
programming”. For that you need raw socket access (PF_PACKET under
Linux or BPF under OSX/*BSD). And to make it work you need to create
a database of tests and how different OS’s respond. It’s a lot of
Anyways, yes it could be done in Ruby… although I don’t recall off
the top of my head if Ruby supports PF_PACKET/BPF, but you could
always use the Ruby/C bindings for libpcap for raw frame injection &