- Posts: 1700
- Thank you received: 0
Passive OS Fingerprinting
21 years 2 months ago #857
by sahirh
Sahir Hidayatullah.
Firewall.cx Staff - Associate Editor & Security Advisor
tftfotw.blogspot.com
Passive OS Fingerprinting was created by sahirh
Passive OS fingerprinting is a technique used to discover what OS is running on a host without actively probing it by sending packets. This is particularly useful when you're sniffing some traffic and need to know what OS a particular machine is using.
Here is the link to an absolutely stellar paper by Toby Miller. It includes sample sniffed output from various OS's. Be warned, you should have a firm understanding of networking and how a raw packet looks before reading this paper. Its not for the weak hearted.
www.incidents.org/papers/OSfingerprinting.php
This technique is different from what many port/vulnerability scanners such as nMap ( www.insecure.org/nmap ) use to 'fingerprint' a remote host. Here, no packets are sent to the host being interrogated, making this a particularly stealthy detection method.
Some admins use this technique to gather information on attackers.. more on this later.
Happy reading
Here is the link to an absolutely stellar paper by Toby Miller. It includes sample sniffed output from various OS's. Be warned, you should have a firm understanding of networking and how a raw packet looks before reading this paper. Its not for the weak hearted.
www.incidents.org/papers/OSfingerprinting.php
This technique is different from what many port/vulnerability scanners such as nMap ( www.insecure.org/nmap ) use to 'fingerprint' a remote host. Here, no packets are sent to the host being interrogated, making this a particularly stealthy detection method.
Some admins use this technique to gather information on attackers.. more on this later.
Happy reading
Sahir Hidayatullah.
Firewall.cx Staff - Associate Editor & Security Advisor
tftfotw.blogspot.com
Time to create page: 0.120 seconds