mercury
mercury copied to clipboard
cisco
Definition update (what is the functional difference between "mercury" and "pmercury")?
It is not clear (at least to me) after looking at the output from both tools what the major difference is, can you elaborate in the documentation please?
I was also not sure about the functional difference between mercury and pmercury - both has similar functionalities and work on command line.
Also confusing; What is the difference between the files below, the one in "resources.tgz" seems to be more accurate...
/resources/resources.tgz/fingerprint_db.json.gz (used by mercury)
/resources/fingerprint_db.json.gz (used by pmercury)
Sorry about the confusion. pmercury was intended to prototype new functionality and provide a sanity check for mercury's output. I haven't had time to devote towards pmercury development, which is why there is some divergence between mercury/pmercury w.r.t. resources files/etc.
resources/fingerprint_db.json.gz hasn't been updated recently, but resources/resources.tgz has, which would definitely lead to some differences in analysis output. The structure of the two fingerprint_db.json.gz files are the same, and you could point pmercury to the newer file if you extracted/gzipped it.
These are all good points, and I will work on updating the documentation and restructuring the resources directory to make things more clear.
Thank you for the clarification and yes, pointing pmercury to the file in resources.tgz works like a charm. Does mercury fingerprint TCP as does "pmercury"?
Both mercury and pmercury will produce TCP fingerprints. But, there isn't much analysis that happens for a given TCP fingerprint (at least right now there isn't). pmercury has a built in OS classifier that uses TCP fingerprints. mercury has a standalone header library with similar functionality in src/os-identification, but it isn't currently integrated.