synscan - A TCP/IP network testing tool and active OS fingerprinter


synscan is a flexible, scriptable TCP/IP test tool for network testing and active OS

More verbosely, synscan is a userland TCP/IP stack that can be used to test
many aspects and edge-conditions of a remote TCP implementation and identify the
operating system. By modifying certain directives in the scripts, one can extract
different behavior from the remote implementation and use this to identify it.

Please read the paper (linked below) for complete information.


Required libraries: It is known to compile and run on OpenBSD, FreeBSD, and Linux (ONLY with ipchains, NOT iptables).
YMMV with other systems and probably even versions of the former.


Only source releases are available here.

latest release: synscan-0.1.tar.gz
current cvs:


synscan white paper: (Presented at CanSecWest 2004 in Vancouver B.C., Canada)
Taleck, G. "SYNSCAN: Towards Complete TCP/IP Fingerprinting", 2004.
pdf format, ps format


mailing lists

A couple project mailing lists exist:


The project homepage is here:

You might also be interested in these other fine tools:


synscan is copyrighted under the BSD license. Please see the LICENSE file
in the source distribution for more information.


Greg Taleck <>
Last modified: Mon Mar 29 21:27:02 EST 2004