I’m working my way into learning some basic socket programming. I would
like to incorporate some sort of nmap-like functionality, namely, OS
fingerprinting. Is this possible to do without relying on the actual
nmap program? Is there a way to read TCP/IP stack fingerprints and
determine OS information in Ruby?
Thanks!
On Wed, Sep 16, 2009 at 12:00 PM, Joe M.
[email protected] wrote:
I’m working my way into learning some basic socket programming. I would
like to incorporate some sort of nmap-like functionality, namely, OS
fingerprinting. Is this possible to do without relying on the actual
nmap program? Is there a way to read TCP/IP stack fingerprints and
determine OS information in Ruby?
I’m not sure I would categorize OS fingerprinting as “basic socket
programming”. For that you need raw socket access (PF_PACKET under
Linux or BPF under OSX/*BSD). And to make it work you need to create
a database of tests and how different OS’s respond. It’s a lot of
work.
Anyways, yes it could be done in Ruby… although I don’t recall off
the top of my head if Ruby supports PF_PACKET/BPF, but you could
always use the Ruby/C bindings for libpcap for raw frame injection &
reading responses.
Aaron T. wrote:
Linux or BPF under OSX/*BSD). And to make it work you need to create
a database of tests and how different OS’s respond. It’s a lot of
work.
Anyways, yes it could be done in Ruby… although I don’t recall off
the top of my head if Ruby supports PF_PACKET/BPF, but you could
always use the Ruby/C bindings for libpcap for raw frame injection &
reading responses.
I don’t know about PF_PACKET in ruby either, but you can use raw sockets
in ruby with PF_INET to get to the level of IP headers, at least.
There’s an example of this in the examples/raw.rb in the bit-struct gem.
Maybe it can be adapted for PF_PACKET?