synscan - A TCP/IP network testing tool and active OS fingerprinter
synscan is a flexible, scriptable TCP/IP test tool for network
testing and active OS
More verbosely, synscan is a userland TCP/IP stack that can be used to test
many aspects and edge-conditions of a remote TCP implementation and identify the
operating system. By modifying certain directives in the scripts, one can extract
different behavior from the remote implementation and use this to identify it.
Please read the paper (linked below) for complete information.
It is known to compile and run on OpenBSD, FreeBSD, and Linux (ONLY with ipchains, NOT iptables).
- libdnet - best to use version 1.7 as future versions
might not work properly.
Used for its firewalling interface primarily.
- libevent - is used for event loop coordination.
- libpcap - for raw packet capture.
other systems and probably even versions of the former.
Only source releases are available here.
latest release: synscan-0.1.tar.gz
current cvs: http://sourceforge.net/cvs/?group_id=92199
synscan white paper: (Presented at CanSecWest 2004 in Vancouver B.C., Canada)
Taleck, G. "SYNSCAN: Towards Complete TCP/IP Fingerprinting",
A couple project mailing lists exist:
The project homepage is here: http://www.sourceforge.net/projects/synscan/
You might also be interested in these other fine tools:
- nmap - the swiss-army-knife-like portscanner and OS fingerprinting tool
- p0f - A passive OS fingerprinter
- xprobe2 - an ICMP-based OS fingerprinting tool
- activemap - an Active Mapper for IDS Ambiguity Resolution
- tbit - The TCP Behavioral Inference Tool
- fragroute - An IDS evasion testing tool
- cron-os - an extension to NMAP to perform timing based tests
- ip personality - a linux kernel module for adding network personalitieS
synscan is copyrighted under the BSD
license. Please see the LICENSE file
in the source distribution
for more information.
Greg Taleck <email@example.com>
Last modified: Mon Mar 29 21:27:02 EST 2004