synscan - A TCP/IP network testing tool and active OS fingerprinter
abstract
synscan is a flexible, scriptable TCP/IP test tool for network
testing and active OS
fingerprinting.
More verbosely, synscan is a userland TCP/IP stack that can be used to test
many aspects and edge-conditions of a remote TCP implementation and identify the
operating system. By modifying certain directives in the scripts, one can extract
different behavior from the remote implementation and use this to identify it.
Please read the paper (linked below) for complete information.
requirements
Required libraries:
- libdnet - best to use version 1.7 as future versions
might not work properly.
Used for its firewalling interface primarily.
- libevent - is used for event loop coordination.
- libpcap - for raw packet capture.
It is known to compile and run on OpenBSD, FreeBSD, and Linux (ONLY with ipchains, NOT iptables).
YMMV with
other systems and probably even versions of the former.
download
Only source releases are available here.
latest release: synscan-0.1.tar.gz
current cvs: http://sourceforge.net/cvs/?group_id=92199
documentation
synscan white paper: (Presented at CanSecWest 2004 in Vancouver B.C., Canada)
Taleck, G. "SYNSCAN: Towards Complete TCP/IP Fingerprinting",
2004.
pdf format,
ps format
Manpages:
mailing lists
A couple project mailing lists exist:
links
The project homepage is here: http://www.sourceforge.net/projects/synscan/
You might also be interested in these other fine tools:
- nmap - the swiss-army-knife-like portscanner and OS fingerprinting tool
- p0f - A passive OS fingerprinter
- xprobe2 - an ICMP-based OS fingerprinting tool
- activemap - an Active Mapper for IDS Ambiguity Resolution
- tbit - The TCP Behavioral Inference Tool
- fragroute - An IDS evasion testing tool
- cron-os - an extension to NMAP to perform timing based tests
- ip personality - a linux kernel module for adding network personalitieS
license
synscan is copyrighted under the BSD
license. Please see the LICENSE file
in the source distribution
for more information.
author
Greg Taleck <taleck@oz.net>
Last modified: Mon Mar 29 21:27:02 EST 2004