From owner-freebsd-chat  Wed Nov 11 00:38:26 1998
Return-Path: <owner-freebsd-chat@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id AAA21234
          for freebsd-chat-outgoing; Wed, 11 Nov 1998 00:38:26 -0800 (PST)
          (envelope-from owner-freebsd-chat@FreeBSD.ORG)
Received: from ns.cityip.co.za (ns.cityip.co.za [196.25.223.140])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id AAA21215
          for <chat@freebsd.org>; Wed, 11 Nov 1998 00:38:18 -0800 (PST)
          (envelope-from wjv@cityip.co.za)
Received: from wjv by ns.cityip.co.za with local (Exim 2.05 #1)
	id 0zdVmC-00012I-00; Wed, 11 Nov 1998 10:37:20 +0200
Message-ID: <19981111103720.A3963@cityip.co.za>
Date: Wed, 11 Nov 1998 10:37:20 +0200
From: Johann Visagie <wjv@cityip.co.za>
To: Greg Lehey <grog@lemis.com>, chat@FreeBSD.ORG
Subject: Re: Interesting: Microsoft tried to move Hotmail to NT and failed.
References: <3647B9E7.BCC59A27@airnet.net> <Pine.SOL.3.96.981109231141.8762A-100000@bachue.usc.unal.edu.co> <19981110155600.B499@freebie.lemis.com> <19981110095540.A1100@cityip.co.za> <19981111103444.N18183@freebie.lemis.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 0.93.2i
In-Reply-To: <19981111103444.N18183@freebie.lemis.com>; from Greg Lehey on Wed, Nov 11, 1998 at 10:34:44AM +1030
X-PGP: ftp://ftp.cityip.co.za/users/wjv/pubkey.asc
Sender: owner-freebsd-chat@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Wed, 11 Nov 1998 at 10:34 SAST, Greg Lehey wrote:
> On Tuesday, 10 November 1998 at  9:55:40 +0200, Johann Visagie wrote:
> >
> > Now the question, _how_ do they do it?  They correctly identify my Web server
> > as running FreeBSD, and yet I didn't see any connections or attempted
> > connections, except for the expected "HEAD / HTTP/1.0" query to the httpd.
> 
> Right.  I saw this, too.  They *don't* identify the operating system
> for my web server.
> 
> > Let me dig deeper...
> 
> Please do, and publish your results.

My digging led me directly to "queso" (in the ports, category "net").  (I
_had_ heard of queso before, but its name escaped me when I made my posting
yesterday.)

The outline of queso's methodology is succinctly described on its home page
at:  http://www.apostols.org/projectz/queso/

Reading the above page, one can at least form a very clear picture as to how
the OS identification process works.  However, there are a number of queso
gateways on the Web (such as the one at http://mailsearch.particle.net/), and
these seem to indicate that queso _can't_ identify the very same server that
Netcraft did as running FreeBSD.

Errr...  gosh.  As I was typing the above I tried the gateway at
mailsearch.particle.net again, and whereas yesterday it said the machine ran
an unidentified OS, today it identifies it as "FreeBSD, NetBSD or OpenBSD".

Anyway, I would assume the Netcraft query engine uses similar methods as
queso.  Maybe it just does it a little better.

If anyone is interested I can send them a tcpdump of the transaction between
the Netcraft server and mine (and it seemed to connect solely to the HTTP
port), though it's easy enough for anyone to point Netcraft at one of their
own servers, of course.

-- V

Johann Visagie | wjv@CityIP.co.za | Tel: +27 21 419-7878 | ICQ: 20645559

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-chat" in the body of the message