Definition update (what is the functional difference between "mercury" and "pmercury")?

[IrPgFKS0]

It is not clear (at least to me) after looking at the output from both tools what the major difference is, can you elaborate in the documentation please?

[arunppsg]

I was also not sure about the functional difference between mercury and pmercury - both has similar functionalities and work on command line.

[IrPgFKS0]

Also confusing; What is the difference between the files below, the one in "resources.tgz" seems to be more accurate...

/resources/resources.tgz/fingerprint_db.json.gz (used by mercury)
/resources/fingerprint_db.json.gz (used by pmercury)

[banderson84]

Sorry about the confusion. pmercury was intended to prototype new functionality and provide a sanity check for mercury's output. I haven't had time to devote towards pmercury development, which is why there is some divergence between mercury/pmercury w.r.t. resources files/etc.

resources/fingerprint_db.json.gz hasn't been updated recently, but resources/resources.tgz has, which would definitely lead to some differences in analysis output. The structure of the two fingerprint_db.json.gz files are the same, and you could point pmercury to the newer file if you extracted/gzipped it.

These are all good points, and I will work on updating the documentation and restructuring the resources directory to make things more clear.

[IrPgFKS0]

Thank you for the clarification and yes, pointing pmercury to the file in resources.tgz works like a charm. Does mercury fingerprint TCP as does "pmercury"?

[banderson84]

Both mercury and pmercury will produce TCP fingerprints. But, there isn't much analysis that happens for a given TCP fingerprint (at least right now there isn't). pmercury has a built in OS classifier that uses TCP fingerprints. mercury has a standalone header library with similar functionality in src/os-identification, but it isn't currently integrated.

[IrPgFKS0]

ok, thank you for that clarification