Date: Sat, 24 Mar 2018 11:38:05 -0700 From: "Ronald F. Guilmette" <rfg@tristatelogic.com> To: freebsd-net@freebsd.org, Jamie Landeg-Jones <jamie@catflap.org> Subject: Re: Same host or different? How can you tell "over the wire"? Message-ID: <22999.1521916685@segfault.tristatelogic.com> In-Reply-To: <201803241747.w2OHlupR069759@donotpassgo.dyslexicfish.net>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <201803241747.w2OHlupR069759@donotpassgo.dyslexicfish.net>, Jamie Landeg-Jones <jamie@catflap.org> wrote: >Have you thought of examining the TCP timestamp field? Not necessarily >for accurate uptime, but a way to determine if the hosts are the same. No, I certainly didn't, but that appears to be the exact kind of thing I was looking for, so thanks! (I will have to look into it some more. I have just skimmed RFC 1323 for the very first time ever, and it will take me awhile to fully grok this stuff.) >Or some of the other fingerprinting methods? nmap has options for uptime >and other fingerprinting : https://nmap.org/book/osdetect-usage.html I'm not seeing a separate option just for the uptime, apart from the full blown OS detection. Did I just miss it?
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?22999.1521916685>