Information Gathering

Greetings:

If an IP is /known/, what are the different methods one can use to gather information with regards to

1] What Operating System Is Running?
2] Version?
3] Open Ports?

What other Information do People gather? I'm asking this for purely educational purposes.

Thankyou

are you asking from the programer's aspect or from the user's aspect?

In any case, a good place to start would be insecure.org, home of the most advanced IP scanner that implements mostly every detection-fingerprinting technique out there and has actually documented/introduced some original techniques on it's own.

In example, to answer your questions:

1) www.insecure.org/nmap/nmap-fingerprinting-article.html
2) www.insecure.org/nmap/versionscan.html
3) man nmap (or www.insecure.org/nmap/data/nmap_manpage.html )

Of course that's just a place to start, to continue, grabbing keywords from these texts and googling around them should give you more info than you can handle

PS. People gather all that you and your software give away

Yep, nmap answers all your questions..

Bear in mind however that alot of people who are new to this stuff end up trying to scan an RFC 1918 IP address, or even worse.. the external interface of a NAT device of some poor ISP


Cheers,