Date: Sat, 24 Mar 2018 17:47:56 +0000 From: Jamie Landeg-Jones <jamie@catflap.org> To: rfg@tristatelogic.com, freebsd-net@freebsd.org Subject: Re: Same host or different? How can you tell "over the wire"? Message-ID: <201803241747.w2OHlupR069759@donotpassgo.dyslexicfish.net> In-Reply-To: <10556.1521752491@segfault.tristatelogic.com> References: <10556.1521752491@segfault.tristatelogic.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Have you thought of examining the TCP timestamp field? Not necessarily for accurate uptime, but a way to determine if the hosts are the same. Or some of the other fingerprinting methods? nmap has options for uptime and other fingerprinting : https://nmap.org/book/osdetect-usage.html Of course, all this assumes the hosts are connected directly without any load balancing or some sort of firewall/proxy that fiddles with the packet data... cheers, Jamie
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201803241747.w2OHlupR069759>