You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@httpd.apache.org by Ge...@iacnet.com on 1998/01/23 12:35:47 UTC
Re: NL: IBM Pays Million To Sponsor Super Bowl Site (fwd)
Speaking of monitoring thing like
Server: Apache/1.3b4-dev
Are there any "artifacts of implementation" for the TCP implementations from
the major vendors which can be used to heuristically determine which
operating system is being run on a web server machine?
For example,
$ http-get http://www.lotus.com/ :header=only
HTTP/1.0 200 OK
Server: Lotus-Domino/4.5
Date: Friday, 23-Jan-98 11:29:42 GMT
Content-Type: text/html
Content-Length: 931
Simple enough, but I'm curious as to if this is running on an NT or Solaris
or some other box.
Of course if the thing is behind a firewall then any TCP artifacts
would pertain to the firewall.
-gjc
Re: NL: IBM Pays Million To Sponsor Super Bowl Site (fwd)
Posted by Marc Slemko <ma...@worldgate.com>.
On Fri, 23 Jan 1998, Dean Gaudet wrote:
> I wonder if you could characterize tcp responses... that would at least
> put it into various classes... NT, solaris, linux, *bsd all have different
> tcp behaviour. But that'd be one heck of a tool to write.
See mumble's paper on tcpanl(y?) (or whatever it is called) when they
tried to build something and failed miserabely and became resigned to
doing it by hand.
The paper is at home, can't remember the author's name.
>
> Dean
>
> On Fri, 23 Jan 1998, Marc Slemko wrote:
>
> > On Fri, 23 Jan 1998 George_Carrette@iacnet.com wrote:
> >
> > > Speaking of monitoring thing like
> > > Server: Apache/1.3b4-dev
> > >
> > > Are there any "artifacts of implementation" for the TCP implementations from
> > > the major vendors which can be used to heuristically determine which
> > > operating system is being run on a web server machine?
> >
> > Yes, but it is extremely difficult to automate and subject to errors such
> > as certain types of firewalls.
> >
> > eg. www.zdnet.com (at the same IP address) is running either Netscape
> > Commerce or Open-Market-Secure-WebServer/2.0.5.RC0 depending on which time
> > you ask it.
> >
> > >
> > > For example,
> > > $ http-get http://www.lotus.com/ :header=only
> > > HTTP/1.0 200 OK
> > > Server: Lotus-Domino/4.5
> > > Date: Friday, 23-Jan-98 11:29:42 GMT
> > > Content-Type: text/html
> > > Content-Length: 931
> > >
> > > Simple enough, but I'm curious as to if this is running on an NT or Solaris
> > > or some other box.
> > >
> > > Of course if the thing is behind a firewall then any TCP artifacts
> > > would pertain to the firewall.
> > >
> > > -gjc
> > >
> >
> >
>
Re: NL: IBM Pays Million To Sponsor Super Bowl Site (fwd)
Posted by Dean Gaudet <dg...@arctic.org>.
I wonder if you could characterize tcp responses... that would at least
put it into various classes... NT, solaris, linux, *bsd all have different
tcp behaviour. But that'd be one heck of a tool to write.
Dean
On Fri, 23 Jan 1998, Marc Slemko wrote:
> On Fri, 23 Jan 1998 George_Carrette@iacnet.com wrote:
>
> > Speaking of monitoring thing like
> > Server: Apache/1.3b4-dev
> >
> > Are there any "artifacts of implementation" for the TCP implementations from
> > the major vendors which can be used to heuristically determine which
> > operating system is being run on a web server machine?
>
> Yes, but it is extremely difficult to automate and subject to errors such
> as certain types of firewalls.
>
> eg. www.zdnet.com (at the same IP address) is running either Netscape
> Commerce or Open-Market-Secure-WebServer/2.0.5.RC0 depending on which time
> you ask it.
>
> >
> > For example,
> > $ http-get http://www.lotus.com/ :header=only
> > HTTP/1.0 200 OK
> > Server: Lotus-Domino/4.5
> > Date: Friday, 23-Jan-98 11:29:42 GMT
> > Content-Type: text/html
> > Content-Length: 931
> >
> > Simple enough, but I'm curious as to if this is running on an NT or Solaris
> > or some other box.
> >
> > Of course if the thing is behind a firewall then any TCP artifacts
> > would pertain to the firewall.
> >
> > -gjc
> >
>
>
Re: NL: IBM Pays Million To Sponsor Super Bowl Site (fwd)
Posted by Marc Slemko <ma...@worldgate.com>.
On Fri, 23 Jan 1998 George_Carrette@iacnet.com wrote:
> Speaking of monitoring thing like
> Server: Apache/1.3b4-dev
>
> Are there any "artifacts of implementation" for the TCP implementations from
> the major vendors which can be used to heuristically determine which
> operating system is being run on a web server machine?
Yes, but it is extremely difficult to automate and subject to errors such
as certain types of firewalls.
eg. www.zdnet.com (at the same IP address) is running either Netscape
Commerce or Open-Market-Secure-WebServer/2.0.5.RC0 depending on which time
you ask it.
>
> For example,
> $ http-get http://www.lotus.com/ :header=only
> HTTP/1.0 200 OK
> Server: Lotus-Domino/4.5
> Date: Friday, 23-Jan-98 11:29:42 GMT
> Content-Type: text/html
> Content-Length: 931
>
> Simple enough, but I'm curious as to if this is running on an NT or Solaris
> or some other box.
>
> Of course if the thing is behind a firewall then any TCP artifacts
> would pertain to the firewall.
>
> -gjc
>