Failing to get any scan results #16
Description
I'm trying to get lzr to fingerprint anything, and I'm failing. I'm running the following command, using the latest release of lzr, from a debian 12 host:
$ echo "192.168.1.1:22" | sudo ./lzr \
--handshakes ssh \
-sendSYNs \
-sourceIP 192.168.1.71 \
-sendInterface wlp0s20f3 \
-gatewayMac 30:89:4a:11:71:eb \
-f -The json it outputs, contains "fingerprint: unknown":
{
"saddr": "192.168.1.1",
"daddr": "192.168.1.71",
"sport": 22,
"dport": 42472,
"seqnum": 2052859966,
"acknum": 0,
"window": 65535,
"ttl": 0,
"Counter": 1,
"ACK": false,
"ACKed": false,
"SYN": true,
"RST": false,
"FIN": false,
"PUSH": false,
"HandshakeNum": 0,
"fingerprint": "unknown",
"Timestamp": "2024-04-11T15:25:37.616496178+01:00",
"expectedRToLZR": "sa"
}The host I am scanning from has this network interface
wlp0s20f3: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.1.71 netmask 255.255.255.0 broadcast 192.168.1.255
inet6 fe80::3289:4aff:fe11:71eb prefixlen 64 scopeid 0x20<link>
ether 30:89:4a:11:71:eb txqueuelen 1000 (Ethernet)
RX packets 147663603 bytes 169865914024 (158.1 GiB)
RX errors 0 dropped 73712 overruns 0 frame 0
TX packets 44722281 bytes 59451909408 (55.3 GiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
The IP and port I am trying to scan is open (below run from the scanning host):
$ telnet 192.168.1.1 22
Trying 192.168.1.1...
Connected to 192.168.1.1.
Escape character is '^]'.
SSH-2.0-OpenSSH_7.9p1 Debian-10+deb10u4Can you suggest what I am doing wrong?