TCP/IP stack fingerprinting

From Wikipedia, the free encyclopedia

You have new messages (last change).
Passive OS Fingerprinting method and diagram.
Passive OS Fingerprinting method and diagram.

OS fingerprinting is a process of determining the operating system used by the remote target.

There are two types of OS Fingerprinting; Active OS fingerprinting and Passive OS fingerprinting.

Contents

[edit] Passive OS Fingerprinting

Passive fingerprinting is undetectable by an IDS on the network. A passive fingerprinter (a person or an application) does not send any data across the network (wire); because of this nature it’s undetectable. The downside to passive fingerprinting is the fact that the fingerprinter must be on the same hub as the other servers and clients in order to capture any packets on the wire.

[edit] Active OS Fingerprinting

Active fingerprinting is aggressive in nature. An active fingerprinter transmits to and receives from the targeted device. It can be located anywhere in the network and with the active fingerprinting method you can learn more information about the target than passive OS fingerprinting. The downside to this method is that the fingerprinter can be identified by an IDS on the network.

[edit] Active Fingerprinting Methods

TCP Stack Querying:

Banner Grabbing

Port Probing

[edit] Protecting and Detecting Against Fingerprinting

Block all unnecessary outgoing ICMP traffic especially unusual ones like address mask and timestamp also block any ICMP echo replies. Watch for excessive TCP SYN packets.

[edit] Fingerprinting Tools

Nmap is a tool that performs active TCP/IP stack fingerprinting.

p0f and Ettercap are tools that perform passive TCP/IP stack fingerprinting.

[edit] External links

This computer network-related article is a stub. You can help Wikipedia by expanding it.
Retrieved from "http://en.wikipedia.org../../../t/c/p/TCP_IP_stack_fingerprinting_4b9a.html"
In other languages