OS Detection Tool Like Nmap

If C++ is your language then you are at the wrong forum

If C++ is your language then you are at the wrong forum

Please read Details carefully before your suggestion.

I want to develope a new tool like Nmap written in c++ and can be easily downloaded from wwwdotinsecuredotorg. Can any one knows how do i start. I know how to detect ports but how to map them with services.

No offence shaikh_mshariq but your post does realy sound like you wish to create your project in c++. You need not to respond to javaAddict as you did.

If you wish to do it in Java you may want to have look at some books like Java Network Programming 3e by E Harold
, An Introduction to Network Programming with Java by Jan Graba (at least first 6 chapters) and java2s.com has some interesting examples in their Network Protocol section

Please read Details carefully before your suggestion.

Your post does sound like you want to create it in c++. Don't berate others for your own failure to write something clearly.

I am very sorry about my behaviour and really apologize to javaaddict and all the community members. It was an misunderstanding by me. I am accepting my fault and posting this thread without any bug.

I want to develope a new tool in java like Nmap written in c++ and can be easily downloaded from wwwdotinsecuredotorg. Can any one knows how do i start. I know how to detect ports but how to map them with services.

Most such tools (maybe all) simply have a list of ports and the services they typically belong to.
For example port 80 is standardised for http, port 25 for smtp, 21 for ftp, and so on.

Others may try to determine what's running on a port by sending some packets to it and analysing the response.

In Nmap it uses os fingerprinting using tcp or udp packets. It described in its documentation. I am trying to know how can i do that same thing in java.

Very interesting project. I think your first step is to test open ports and then assume the service running on that port. Windows NT for example, have alota open ports and if enough of them are open then we can safely say that we have a Windows NT box. If you plan to take this path, then a site you should most certainly checkout is Microsoft :icon_biggrin:

Analysing network packets is a bit tricky... you'd likely have to use downloaded API on Linux (but Java tends to not be the choice when it comes to this kinda stuff). Windows tends to be restrictive when it comes to packet analysis :?:

An interesting tool to check out for anyone dealing with network security is dSniff.

I know it is tricky and that why i am going to make it in java and if it is very effective in c or cpp than it would be more powerful in java with ui. With this tool i want to test my own network and my networking concepts

you will have to look into the sockets API, you can either check if a port is open, then if it is assume that the corresponding service is ruinning on it. For instance if port 80 is open you could assume that http is running. The alternative to this is to attempt to figure out what protocal is running by analyzing the packets sent back from the server.

For UDP protocols you can only tell if a port is open if a. the server responds to a packet or b. the server sends a ICMP port unavailable when the UDP port is closed. ( since the TCP handshake does not happen with UDP ).

Anyhow, I don't know if this helps, But I hope it does

I agree with Paul; Plus it seems like the easiest way (plus I'm not really sure of any other way to test if a port is open!). But what extra information would you want from the packet? There is certainly no field that specifies the OS. It's still a matter of what services are likely to run on a particular OS. So if you do analyse the packets, it's only to attempt to verify that indeed the service that you think should be running on port x is indeed that service.

You still need a database with port, service and OS records. Of course certain services run on both while others don't. But I do believe that that is the only way.

Some services will send version information when requested. This should allow one to determine the OS running on different machines. For instance RFC 2616 for HTTP describes the server response header

The Server response-header field contains information about the software used by the origin server to handle the request. The field can contain multiple product tokens (section 3.8) and comments identifying the server and any significant subproducts. The product tokens are listed in order of their significance for identifying the application.

This may be used to find the operating system if it is listed in the header, Although there is no guarantee that it will be listed

yes, but such information is not specified in any specific format.
It's usually a free format string of some length.
There's also no guarantee that the software sending the information is telling you the truth.
I've made use of that myself to trick firewalls to let information pass by making it look like it was coming from for example Apache or Sendmail, or reverse to get strict servers to accept packages by making them look like they were coming from Internet Explorer or Netscape.

The header field does contain information related to the OS it gives user agent and os version but i want some extra information such as running process detail and its port no if it is possible through java or other java related technology. To get Header detail according to my knowledge client must request you. Is that true ? In my network i do have administrator permission and i want to check all my node's process status from a central server.

no, the header field is FREE FORMAT.
It MAY contain that information but there's no requirement.

And that's only for http, for other protocols there is no such information AT ALL.

Would Runtime.exec command would help in this case where i can get Detail about os and than use exec and run appropriate command for the particular os and get the result.

I have googled a lot and try to shift my code to partial java i have decided to use jni to get hardware and os information. Any one have the idea to get information via c or cpp programme.

Since you obviously have no clue about what you're trying to accomplish using JNI (which you apparently also have no clue about how to use) to call a program written in C or C++ (which you apparently don't know) isn't going to solve anything.

This is my time to learn and i am trying hard thanx for your suggestion you are right i dont know some of thing but tell me one person who knows every thing from his birth. Thanx again

I write this code to find out os type according to ttl value one of the field used to identify os in passive os fingerprinting. But this is not enough and 100% specific solution.Modify code for your platform it uses ping command and runs good on windows. Though i am writing the code here. At least i have started. Thanx to duckman

import java.io.*;
import java.util.*;
import java.net.*;


public class OsReader {
        public Vector Oses=null;
        public String Os=null;
        public File osfile=null;
        public FileInputStream freader=null;
        public BufferedReader breader=null;
        public BufferedReader inreader=null;
        public StringTokenizer strtoken=null;
        public OsReader()throws IOException
        {
            osfile=new File("OS.db");
            freader=new FileInputStream(osfile);
            breader=new BufferedReader(new InputStreamReader(freader));
            Oses=new Vector();
        }
        public Vector getOs(String host)throws Exception
            {
                //InetAddress hostAddr=InetAddress.getByName(host.trim());
                Process p=Runtime.getRuntime().exec("ping "+host.trim());
                inreader=new BufferedReader(new InputStreamReader(p.getInputStream()));
                System.out.println(inreader.readLine());
                System.out.println(inreader.readLine());
                System.out.println(inreader.readLine());
                System.out.println(inreader.readLine());
                System.out.println(inreader.readLine());
                System.out.println(inreader.readLine());

                String line=inreader.readLine();
                inreader.close();
                //System.out.println(line +"Line is");
                int l=line.indexOf("TTL=");
//              System.out.println(line.substring(l).trim());
                l=l+4;
                int ttl=Integer.parseInt(line.substring(l).trim());
                scan(ttl);
            return this.Oses;
            //return null;
            }
        public void scan(int ttl)throws Exception{
            String scanLine=null;
            while((scanLine=getNxtToken())!=null)
            {
                if(isMatch(ttl,scanLine))
                    addOs();
            }
        }
        public String getNxtToken() throws Exception
            {
                String line=breader.readLine();
                //System.out.println(line);
                if(line!=null)
                    return line;
                else
                    return null;
            }
        public void closeResource()throws IOException{
            breader.close();
        }
        public void addOs(){
            Oses.add(Os);
            }
        public boolean isMatch(int ttl,String Line)throws Exception{
            strtoken=new StringTokenizer(Line,"~");
            Os=strtoken.nextToken();
            strtoken.nextToken();
            String ttltoken=strtoken.nextToken();
            int osttl=Integer.parseInt(ttltoken.trim());
            if(osttl==ttl)
                return true;
            else
                return false;
        }
        public static void main(String s[]){
        try{
        OsReader Os=null;
            if(s.length>0)
                Os=new OsReader();
                Vector v=Os.getOs(s[0].trim());
                Os.closeResource();
                if(v!=null)
            {
            System.out.println("Expected OSes");    
            for(int i=0;i<v.size();i++)
                    System.out.println("Os : "+i+" "+v.elementAt(i).toString());

            }
            }catch(Exception e){e.printStackTrace();}

        }
}

OS.db file

AIX                   ~ n   ~ 60     ~  30       
DEC Pathworks V5      ~ n   ~ 30     ~  30
FreeBSD 2.1R          ~ y   ~ 64     ~  64
HP/UX    9.0x         ~ n   ~ 30     ~  30        
HP/UX   10.01         ~ y   ~ 64     ~  64        
Irix 5.3              ~ y   ~ 60     ~  60
Irix 6.x              ~ y   ~ 60     ~  60
Linux                 ~ y   ~ 64     ~  64
MacOS/MacTCP 2.0.x    ~ y   ~ 60     ~  60
OS/2 TCP/IP 3.0       ~ y   ~ 64     ~  64
OSF/1 V3.2A           ~ n   ~ 60     ~  30
Solaris 2.x           ~ y  ~ 255     ~ 255
SunOS 4.1.3/4.1.4     ~ y   ~ 60     ~  60
Ultrix V4.1/V4.2A     ~ n   ~ 60     ~  30
VMS/Multinet          ~ y   ~ 64     ~  64
VMS/TCPware           ~ y   ~ 60     ~  64
VMS/Wollongong        ~ n   ~ 128    ~  30
VMS/UCX (latest rel.) ~ y   ~ 128    ~ 128  
MS WfW                ~ n   ~ 32     ~  32
MS Windows 95         ~ n   ~ 32     ~  32
MS Windows NT 3.51    ~ n   ~ 32     ~ 32
MS Windows NT 4.0     ~ y   ~ 128    ~ 128

trying to get solid solutions sorry for inconvenience

I really don't know how that is going to help you. Even if the information is correct "HP/UX 10.01", "Linux", "OS/2 TCP/IP 3.0", and "VMS/Multinet" all have the same values. So, when you see those values, which one is it? And that's if the system even answers a ping. In many environments, all unneccessary network protocols (and that includes answering pings) are "shut off".

yest its true. Passive Os Fingerprinting incluedes passive port scanning. It uses ttl value,window size and dont fragment bit for analysis. I got this way to get ttl value and finding other good solutions, this is not the end.This is the first step to get informed about os. This is a small part of passive os fingerprinting and i am trying to findout how much (How many methods or techniques can be implemented in java where c and cpp are very powerful.

After lot of googling I have a clear idea that java alone cannot do the job i required for my work. So my logical work would be done in c or cpp and I will communicate with it using jni. Anyone have better idea ?