how to identify GPL software on embedded device?

Patrick Büker Patrick at Patrick-Bueker.de
Sat May 13 16:44:10 CEST 2006 

Hi,
I have bought a device. The manufacturer is a large and well
known company.

The device has a status page which i can reach through http.

There also is some kind of software to change some settings
of the device, eg. Name, IP (I have not installed it).
With the software you can also register the device.

Now I want to know what OS the device is running.
So ( I don't know if it makes any sense) I used nmap to
scan it.
Does
SInfo(V=3.81%P=i686-pc-linux-gnu%D=5/13%Tm=4465EEA1%O=80%C=1%M=00C0B7)
mean it runs linux?
How can I investigate further?

nmap -v -O shows the following output:
-------------------------------------------------------------------
Starting nmap 3.81 ( http://www.insecure.org/nmap/ ) at 2006-05-13 16:34
CEST
Initiating SYN Stealth Scan against [IP-Address] [1663 ports] at 16:34
Discovered open port 80/tcp on [IP-Address]
Increasing send delay for [IP-Address] from 0 to 5 due to 28 out of 93
dropped probes since last increase.
The SYN Stealth Scan took 12.86s to scan 1663 total ports.
For OSScan assuming port 80 is open, 1 is closed, and neither are firewalled
For OSScan assuming port 80 is open, 1 is closed, and neither are firewalled
For OSScan assuming port 80 is open, 1 is closed, and neither are firewalled
Host [IP-Address] appears to be up ... good.
Interesting ports on [IP-Address]:
(The 1662 ports scanned but not shown below are in state: closed)
PORT   STATE SERVICE
80/tcp open  http
MAC Address: [Device's MAC] ([Manufacturer Name])
No exact OS matches for host (If you know what OS is running on it, see
http://www.insecure.org/cgi-bin/nmap-submit.cgi).
TCP/IP fingerprint:
SInfo(V=3.81%P=i686-pc-linux-gnu%D=5/13%Tm=4465EEA1%O=80%C=1%M=00C0B7)
TSeq(Class=TD%gcd=1%SI=0%IPID=I%TS=U)
T1(Resp=Y%DF=N%W=400%ACK=S++%Flags=AS%Ops=M)
T2(Resp=Y%DF=N%W=400%ACK=S%Flags=R%Ops=)
T3(Resp=Y%DF=N%W=400%ACK=S++%Flags=AS%Ops=M)
T4(Resp=Y%DF=N%W=400%ACK=S%Flags=R%Ops=)
T5(Resp=Y%DF=N%W=400%ACK=S%Flags=R%Ops=)
T6(Resp=Y%DF=N%W=400%ACK=S%Flags=R%Ops=)
T7(Resp=Y%DF=N%W=400%ACK=S%Flags=R%Ops=)
PU(Resp=N)


TCP Sequence Prediction: Class=trivial time dependency
                          Difficulty=0 (Trivial joke)
IPID Sequence Generation: Incremental

Nmap finished: 1 IP address (1 host up) scanned in 25.632 seconds
                Raw packets sent: 1732 (70KB) | Rcvd: 1703 (85.2KB)

-------------------------------------------------------------------

More information about the tech mailing list