synos − guess operating system from TCP SYN fingerprint


synos [−−mtu mtu] [−−db path] syn-fingerprint


synos takes a SYN fingerprint, in the format described for the CLIENT_SYNFP environment variable in the avenger(1) man page, and outputs a guess as to the type of the client operating system. synos makes use of the OpenBSD SYN fingerprint database (which is also repackaged with Mail Avenger).


Certain operating systems set the initial TCP window size based on the maximum transmission unit, or MTU , of the network. For such operating systems, synos usually checks the window size using both the client’s MSS option plus 40 bytes (for TCP and IP headers), or a hard-coded MTU , which defaults to 1,500 bytes. If either value works, the fingerprint is considered to match the operating system. You can change the value 1,500 by specifying this option. A value of 0 tells synos to use only the value derived from the MSS option.

−−db file

Specifies an alternate location for the SYN fingerprint database.



Default location of SYN fingerprint database.


avenger(1), asmtpd(8)

The Mail Avenger home page: <>.

The OpenBSD home page: <>.


The operating system type is determined by heuristics that are not always reliable. Moreover, not all operating systems can be distinguished. The database may not even contain a client’s particular operating system and version.

It is not hard to fool synos deliberately by changing TCP socket options or injecting raw packets onto the network.


David Mazieres