Saturday, 15 June 2013

OS FINGERPRINTING

OS FINGERPRINTING




OS (Operating System) Fingerprinting is a process to find out victim's Operating System(Windows, Linux, UNIX)Certain parameters within the TCP protocol definition are left up to the implementation.  Different operating systems, and different versions of the same operating system, set different defaults for these values.  By collecting and examining these values, one may differentiate among various operating systems, and implementations of TCP/IP. The TCP/IP fields that may vary include the following:

Initial packet size (16 bits)
Initial TTL (8 bits)
Window size (16 bits)
Max segment size (16 bits)
Window scaling value (8 bits)
"don't fragment" flag (1 bit)
"sackOK" flag (1 bit)
"nop" flag (1 bit)
These values may be combined to form a 67-bit signature, or fingerprint, for the target machine.
Tools: nmap, NetScanTools Pro, P0f.

1 comment: