I have not seen nor heard about this before, for a network scanner, although the ideea may not be new ...
Because the packets are constructed from scratch I had the opportunity, and the will, and the power, to build them as I want. This is why I have implemented the Operating System Mimic Technology. This technology provides some stealth capabilities.
As an example at a higher level, the ping utility/command that is implemented in all the operating systems
that have network support sends ICMP Echo request packets with a different payload depending on the operating system that is implemented
in and tool's version, although the result is almost the same.
Of course, when I have implemented the operating system mimic capabilities I have gone deep down until the
Ethernet level.
Basically, the Operating System Mimic Tehnology means that the packets it sends emulates the comportament of various operating systems and/or their native tools
(where is the case).
Currently it emulates the following:
Emulation is done considering the variation of various fields from the:
ping utility);
ping6 utility);
nslookup and dig utilities).
Without many explanation, here is a short, not quite complete, list of emulated fileds:
Many of these depends of the IP version and of the protocol so there are many values that must be taken into account.
Because of the implementation method used, there are some scan methods when Operating System Mimic Tehnology is not applied. These scan methods are:
[ User Guide ]