Skip to main content

Passive OS Fingerprinting

More
21 years 2 months ago #857 by sahirh
Passive OS fingerprinting is a technique used to discover what OS is running on a host without actively probing it by sending packets. This is particularly useful when you're sniffing some traffic and need to know what OS a particular machine is using.

Here is the link to an absolutely stellar paper by Toby Miller. It includes sample sniffed output from various OS's. Be warned, you should have a firm understanding of networking and how a raw packet looks before reading this paper. Its not for the weak hearted.

www.incidents.org/papers/OSfingerprinting.php

This technique is different from what many port/vulnerability scanners such as nMap ( www.insecure.org/nmap ) use to 'fingerprint' a remote host. Here, no packets are sent to the host being interrogated, making this a particularly stealthy detection method.

Some admins use this technique to gather information on attackers.. more on this later.

Happy reading

Sahir Hidayatullah.
Firewall.cx Staff - Associate Editor & Security Advisor
tftfotw.blogspot.com
Time to create page: 0.120 seconds