You know, most of this could be done by (at least a first approximation)
by using the OS fingerprinting code that nmap uses.


For example, here's what nmap reported for www.bsdcounter.org:

# nmap -Ovvv www.bsdcounter.org

Starting nmap V. 2.53 by fyodor@insecure.org ( www.insecure.org/nmap/ )
No tcp,udp, or ICMP scantype specified, assuming vanilla tcp connect() scan. Use -sP if you really don't want to portscan (and just want to see what hosts are up).
Host bsdcounter.org (205.166.121.34) appears to be up ... good.

<Snip list of open ports>

Sequence numbers: 7A6B01CC 7A6C3AD4 7A6D7A72 7A6E8E76 7A6FBB54 7A706D05

No OS matches for host (If you know what OS is running on it, see http://www.insecure.org/cgi-bin/nmap-submit.cgi).

Nmap run completed -- 1 IP address (1 host up) scanned in 16 seconds

   (nmap usually has a decent guess, but this time it did not.)


If you go to <http://uptime.netcraft.com/up/graph> and type in
www.bsdcounter.org you get:

  The site www.bsd-counter.org is running Apache/1.3.14 (Unix) on FreeBSD.


So, the project to survey OS usage would be to go through the 32-bit
IP address space and figure out what the machine is running.


Sometimes, the DNS will have an entry like this:

foo.net.       IN      HINFO   "PentiumPro 150/64MB/4GB" "BSD/OS UNIX 4.0"

which "nslookup" reports.


With these techniques, it should be possible to do an independent "first
approximation" survey.  (Yes, I know, if stuff is behind firewalls or
otherwise hidden, you won't be able to tell.  But this technique still has
a few advantages:  It's automatic; you can split the scanning among
thousands of machines; it's objective - although you must be careful what
you are claiming from the results.  Heck, if you merely took a random
sample of the 32-bit IP address space, you could produce probabilities that
project the likely population of the various OSs in the "visible" internet
within known bounds of precision.)


-Mike



On Wed, 4 Jul 2001, Josef Grosch wrote:

>Date: Wed, 4 Jul 2001 13:30:44 -0700
>From: Josef Grosch <jgrosch@mooseriver.com>
>To: Herb Peyerl <hpeyerl@beer.org>
>Cc: jchacon@genuity.net, Bob Bernstein <torxhead@ruptured-duck.com>,
>     netbsd-advocacy@netbsd.org
>Subject: Re: *BSD Counter Project
>
>On Wed, Jul 04, 2001 at 02:15:48PM -0600, Herb Peyerl wrote:
>>jchacon@genuity.net  wrote:
>> >>>A child could see that your data is hopelessly skewed.
>> >>
>> >>I did start the counters at zero. The current count represents people who
>> >>have declared themselves to be a user of a given OS or a mix of OSs.
>> >
>> >"I'll set all the counters to zero and then fill in OS data for everything
>> >initially based on data that only measures FreeBSD counts.". Yep, I'd say
>> >that about sums it up. It's fairly obvious to anyone looking at this that's
>> >it's skewed heavily in one direction arbitrarily. To claim otherwise (and
>> >expect anyone to beleive it) is ridiculous.
>>
>>
>>I don't get this anyway.  The whole thing is so completely meaningless
>>that it's a disservice to even bother trying.  Basically, it requires
>>people to pro-actively do something in order to make it count.  I have
>>better things to do than to go register my 100+ NetBSD machines, so in
>>the end, he seems to be counting how many people are running whateverBSD
>>and who have nothing better to do with themselves.
>>
>>Since FreeBSD is so much higher, maybe we can summarize that FreeBSD
>>users have nothing better to do with their time.
>>
>><punt>
>>
>
>I'm working on a script that when run, will cause the machine to register
>itself. You may choose to do this or you may choose to do nothing. Either
>way its your call.