Hot Downloads

Welcome, Guest
Username: Password: Remember me

TOPIC: Passive OS Fingerprinting

Passive OS Fingerprinting 13 years 2 months ago #857

  • sahirh
  • sahirh's Avatar
  • Offline
  • Honored Member
  • Posts: 1700
  • Karma: 0
Passive OS fingerprinting is a technique used to discover what OS is running on a host without actively probing it by sending packets. This is particularly useful when you're sniffing some traffic and need to know what OS a particular machine is using.

Here is the link to an absolutely stellar paper by Toby Miller. It includes sample sniffed output from various OS's. Be warned, you should have a firm understanding of networking and how a raw packet looks before reading this paper. Its not for the weak hearted.

www.incidents.org/papers/OSfingerprinting.php

This technique is different from what many port/vulnerability scanners such as nMap (www.insecure.org/nmap) use to 'fingerprint' a remote host. Here, no packets are sent to the host being interrogated, making this a particularly stealthy detection method.

Some admins use this technique to gather information on attackers.. more on this later.

Happy reading
Sahir Hidayatullah.
Firewall.cx Staff - Associate Editor & Security Advisor
tftfotw.blogspot.com
The administrator has disabled public write access.
Time to create page: 0.069 seconds

CCENT/CCNA

Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V

Linux

  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup