Same host or different? How can you tell "over the wire"?
Ronald F. Guilmette
rfg at tristatelogic.com
Sat Mar 24 18:38:15 UTC 2018
In message <201803241747.w2OHlupR069759 at donotpassgo.dyslexicfish.net>,
Jamie Landeg-Jones <jamie at catflap.org> wrote:
>Have you thought of examining the TCP timestamp field? Not necessarily
>for accurate uptime, but a way to determine if the hosts are the same.
No, I certainly didn't, but that appears to be the exact kind of thing
I was looking for, so thanks! (I will have to look into it some more.
I have just skimmed RFC 1323 for the very first time ever, and it will
take me awhile to fully grok this stuff.)
>Or some of the other fingerprinting methods? nmap has options for uptime
>and other fingerprinting : https://nmap.org/book/osdetect-usage.html
I'm not seeing a separate option just for the uptime, apart from the
full blown OS detection. Did I just miss it?
More information about the freebsd-net
mailing list