I am a graduate student and I am trying to use this tool,
Hershelplus
(https://github.com/zk7/hershelplus/tree/master/multi-platform), for
OS fingerprinting.
The tool attempts to send an ARP request to destination MAC, but it
fails. The output is as follows:
ohmtrivedi@ohm-HP-ENVY:~/Documents/ms-thesis/hershelplus$ sudo \ ./hershelplus 420OS_db.txt 420OS_mapping.txt 186.32.55.31 80
Reading from 420OS_db.txt...
Stored 21000 signatures in map
Starting Live fingerprinting of 186.32.55.31:80...
Listing system adapters:
1. enx00e151b0014d at 10.15.15.111
2. lo at 127.0.0.1
Enter the adapter number between 1 and 2: 1
-----------------------------------------------
Opening device enx00e151b0014d
Adapter enx00e151b0014d opened successfully
Local MAC Address Is: 00--31-81--80-01-77
Local IP: 10.15.15.111
ioctl SIOCGARP failed! errno: 6
Creation of Send Packet failed
Error getting fingerprint
The error "ioctl SIOCGARP failed! errno: 6" is coming from file LiveFingerprinter.cpp, line# 600. (https://github.com/zk7/hershelplus/blob/master/multi-platform/LiveFingerprinter.cpp)
I can't find any resources on internet which can tell me what this
error is about. Hope someone can help me out here. I am not very
experienced in Linux/C++.
I am a graduate student and I am trying to use this tool, Hershelplus (https://github.com/zk7/hershelplus/tree/master/multi-platform), for OS fingerprinting.
The tool attempts to send an ARP request to destination MAC, but it fails. The output is as follows:
ohmtrivedi@ohm-HP-ENVY:~/Documents/ms-thesis/hershelplus$ sudo ./hershelplus 420OS_db.txt 420OS_mapping.txt 186.32.55.31 80
Reading from 420OS_db.txt...
Stored 21000 signatures in map
Starting Live fingerprinting of 186.32.55.31:80...
Listing system adapters:
1. enx00e151b0014d at 10.15.15.111
2. lo at 127.0.0.1
Enter the adapter number between 1 and 2: 1
-----------------------------------------------
Opening device enx00e151b0014d
Adapter enx00e151b0014d opened successfully
Local MAC Address Is: 00--31-81--80-01-77
Local IP: 10.15.15.111
ioctl SIOCGARP failed! errno: 6
Creation of Send Packet failed
Error getting fingerprint
The error "ioctl SIOCGARP failed! errno: 6" is coming from file LiveFingerprinter.cpp, line#
600. (https://github.com/zk7/hershelplus/blob/master/multi-platform/LiveFingerprinter.cpp)
On Fri, 2018-06-08, Ohm Trivedi wrote:
I am a graduate student and I am trying to use this tool,
Hershelplus (https://github.com/zk7/hershelplus/tree/master/multi-platform), for
OS fingerprinting.
The tool attempts to send an ARP request to destination MAC, but it
fails. The output is as follows:
ohmtrivedi@ohm-HP-ENVY:~/Documents/ms-thesis/hershelplus$ sudo \ ./hershelplus 420OS_db.txt 420OS_mapping.txt 186.32.55.31 80
Reading from 420OS_db.txt...
Stored 21000 signatures in map
Starting Live fingerprinting of 186.32.55.31:80...
Listing system adapters:
1. enx00e151b0014d at 10.15.15.111
2. lo at 127.0.0.1
Enter the adapter number between 1 and 2: 1
That's a weird user interface -- first accepting command-line options,
and then suddenly start prompting for more information. Did you try
the more mainstream 'nmap' utility for OS fingerprinting.
-----------------------------------------------
Opening device enx00e151b0014d
Adapter enx00e151b0014d opened successfully
Local MAC Address Is: 00--31-81--80-01-77
Local IP: 10.15.15.111
ioctl SIOCGARP failed! errno: 6
Creation of Send Packet failed
Error getting fingerprint
The error "ioctl SIOCGARP failed! errno: 6" is coming from file LiveFingerprinter.cpp, line# 600. (https://github.com/zk7/hershelplus/blob/master/multi-platform/LiveFingerprinter.cpp)
I can't find any resources on internet which can tell me what this
error is about. Hope someone can help me out here. I am not very experienced in Linux/C++.
This is the reason most software never prints the errno number, but
the corresponding text. After digging around on my system I found it
in /usr/include/asm-generic/errno-base.h:
#define ENXIO 6 /* No such device or address */
What this means in this context, I don't know ... additional clues can
be found
- by reading the arp(7) man page
- by running the tool inside strace to see (perhaps) that it's passing
garbage to the ioctl() function
I note that "enx00e151b0014d" seems to be at the limit for how long an interface name (if you can call that a name) can be:
struct arpreq {
struct sockaddr arp_pa; /* protocol address */
struct sockaddr arp_ha; /* hardware address */
int arp_flags; /* flags */
struct sockaddr arp_netmask; /* netmask of protocol address */
char arp_dev[16];
};
/Jorgen
--
// Jorgen Grahn <grahn@ Oo o. . .
\X/ snipabacken.se> O o .
I am a graduate student and I am trying to use this tool, Hershelplus (https://github.com/zk7/hershelplus/tree/master/multi-platform), for OS fingerprinting.
The tool attempts to send an ARP request to destination MAC, but it fails. The output is as follows:
ohmtrivedi@ohm-HP-ENVY:~/Documents/ms-thesis/hershelplus$ sudo ./hershelplus 420OS_db.txt 420OS_mapping.txt 186.32.55.31 80
Reading from 420OS_db.txt...
Stored 21000 signatures in map
Starting Live fingerprinting of 186.32.55.31:80...
Listing system adapters:
1. enx00e151b0014d at 10.15.15.111
2. lo at 127.0.0.1
Enter the adapter number between 1 and 2: 1
-----------------------------------------------
Opening device enx00e151b0014d
Adapter enx00e151b0014d opened successfully
Local MAC Address Is: 00--31-81--80-01-77
Local IP: 10.15.15.111
ioctl SIOCGARP failed! errno: 6
Creation of Send Packet failed
Error getting fingerprint
The error "ioctl SIOCGARP failed! errno: 6" is coming from file LiveFingerprinter.cpp, line# 600. (https://github.com/zk7/hershelplus/blob/master/multi-platform/LiveFingerprinter.cpp)
I can't find any resources on internet which can tell me what this error is about. Hope someone can help me out here. I am not very experienced in Linux/C++.
On Friday, June 8, 2018 at 1:24:04 PM UTC-4, Ohm Trivedi wrote:
I am a graduate student and I am trying to use this tool, Hershelplus (https://github.com/zk7/hershelplus/tree/master/multi-platform), for OS fingerprinting.
The tool attempts to send an ARP request to destination MAC, but it fails. The output is as follows:
ohmtrivedi@ohm-HP-ENVY:~/Documents/ms-thesis/hershelplus$ sudo ./hershelplus 420OS_db.txt 420OS_mapping.txt 186.32.55.31 80
Reading from 420OS_db.txt...
Stored 21000 signatures in map
Starting Live fingerprinting of 186.32.55.31:80...
Listing system adapters:
1. enx00e151b0014d at 10.15.15.111
2. lo at 127.0.0.1
Enter the adapter number between 1 and 2: 1
-----------------------------------------------
Opening device enx00e151b0014d
Adapter enx00e151b0014d opened successfully
Local MAC Address Is: 00--31-81--80-01-77
Local IP: 10.15.15.111
ioctl SIOCGARP failed! errno: 6
Creation of Send Packet failed
Error getting fingerprint
The error "ioctl SIOCGARP failed! errno: 6" is coming from file LiveFingerprinter.cpp, line# 600. (https://github.com/zk7/hershelplus/blob/master/multi-platform/LiveFingerprinter.cpp)
I can't find any resources on internet which can tell me what this error is about. Hope someone can help me out here. I am not very experienced in Linux/C++.
Thanks for your help. After communicating with the developer of this
tool, it was found that there is a bug in the
tool. (https://github.com/zk7/hershelplus/issues/1)
On Friday, June 8, 2018 at 3:42:59 PM UTC-4, Jorgen Grahn wrote:...
On Fri, 2018-06-08, Ohm Trivedi wrote:
I am a graduate student and I am trying to use this tool,
Hershelplus
(https://github.com/zk7/hershelplus/tree/master/multi-platform), for
OS fingerprinting.
Did you try the more mainstream 'nmap' utility for OS
fingerprinting.
I have been using nmap as well. But nmap is not able to identify OS
for many IP addresses, so I am trying to find another tool to use
alongwith nmap.
On Fri, 2018-06-08, Ohm Trivedi wrote:
On Friday, June 8, 2018 at 3:42:59 PM UTC-4, Jorgen Grahn wrote:...
On Fri, 2018-06-08, Ohm Trivedi wrote:
I am a graduate student and I am trying to use this tool,
Hershelplus
(https://github.com/zk7/hershelplus/tree/master/multi-platform), for
OS fingerprinting.
Did you try the more mainstream 'nmap' utility for OS
fingerprinting.
I have been using nmap as well. But nmap is not able to identify OS
for many IP addresses, so I am trying to find another tool to use
alongwith nmap.
Make sure to use recent versions of nmap; fingerprinting is something
they have to tweak now and then.
Out of curiosity, why are you using OS fingerprinting? I have found
it interesting to use it now and then (and it illustrates that there
are different IP stack implementations out there with different characteristics) but for actual attacks surely it's the /services/
(and I guess the firewall) that are interesting?
BTW (and this should have occurred to me much earlier) it's odd that
ARP comes into the picture. ARP can only reach hosts on a local,
switched network, unlike IP which can reach all of the Internet.
/Jorgen
--
// Jorgen Grahn <grahn@ Oo o. . .
\X/ snipabacken.se> O o .
On Saturday, June 9, 2018 at 3:24:25 AM UTC-4, Jorgen Grahn wrote:...
BTW (and this should have occurred to me much earlier) it's odd that
ARP comes into the picture. ARP can only reach hosts on a local,
switched network, unlike IP which can reach all of the Internet.
The tool in question creates IP packets to send to a target. So in
the process of creating IP packet, it uses ARP for getting the MAC
address. That's my understanding so far.
On Saturday, June 9, 2018 at 3:24:25 AM UTC-4, Jorgen Grahn wrote:
BTW (and this should have occurred to me much earlier) it's odd that
ARP comes into the picture. ARP can only reach hosts on a local,
switched network, unlike IP which can reach all of the Internet.
The tool in question creates IP packets to send to a target. So in the process of creating IP packet, it uses ARP for getting the MAC
address. That's my understanding so far.
Sysop: | Keyop |
---|---|
Location: | Huddersfield, West Yorkshire, UK |
Users: | 296 |
Nodes: | 16 (2 / 14) |
Uptime: | 74:01:13 |
Calls: | 6,657 |
Calls today: | 3 |
Files: | 12,203 |
Messages: | 5,332,501 |
Posted today: | 1 |