Nmap vs SinFp
So I'd previously looked into the differences between Nmap and SinFP... I decided to do something a little more organized and readable. The results are available in two formats: XLS Results and HTML Results
Some of the results were expected, some where interesting...Some were unexpected. I can't wait to see nmap 4.20 once the fingerprint database is as populated as the previous one. As it did have a lot of unknowns. I did manage to flood both Fyodor and Gomor with fingerprints though... Hopefully they'll have fun incorporating them into their products.
As a note, I also attempted to bring my Nintendo DS Lite online and scan it...While I manually assigned the IP, neither of the products were able to scan it.. both returned nothing for results.. I may play with it a bit more and see if I can come up with anything, but for now here's the results.
Peace,
HT
Update: I just spoke with Fyodor via email and he had a question that I realized I should have addressed.. So here we go...
Options used for the various scans:
Nmap 4.03: nmap -O
Nmap 4.20: nmap -O
SinFP: sinfp.pl -H -i
I had forgotten to enable --osscan-guess for 4.20 until about halfway through and then realized it... so I just left it out for the remaining tests. As for the port used with SinFP, it varied depending on host, however for the most part I stuck to ports 22, 80 and 445.
If you have time, I would love to have you check out prads -
http://gamelinux.github.com/prads/
Its in early development, so fingerprints needs update, but it is easy
to add fingerprints. Its based on p0f fingerprints for syn and syn+ack fingerprinting.
Any thoughts are also very welcome
E