CS Enterprise // cloudshark.org

• Guest upload is turned off
• Log In

3 Capture Files

		File name	Packets	Size
		nmap_os_detection_capture_fresh_boot.pcapng	43	5.4 KB
		nmap_os_detection_capture_fresh_boot_test.pcapng	3168	332.7 KB
		nmap_os_detection_capture_up_9_days.pcapng	43	5.4 KB

### Uptime Guessing It used to be that TCP Timestamps could be used to [guess how long a system had been up for!](https://nmap.org/book/osdetect-usage.html) Imagine the situation where the clock starts at zero on reboot. When a client connects to the host, it sees the value used in TSval. A subsequent connection would make it possible to deduce the clock frequency, and from there simple math to determine when the timer started! Today however, the TCP timer is typically initialized to a value other than zero at boot time which reduces the effectiveness of this potential fingerprinting technique. We’ve [created this collection of 3 captures](https://www.cloudshark.org/collections/6Y242gqtatqj12ASjphhQw) to illustrate this point.

Support: support@qacafe.com | Twitter: @cloudshark
CS Enterprise v3.15.0 ge05f57cb (CaaS-release)
© 2024 QA Cafe