TCP/IP stack fingerprinting (or OS fingerprinting) is the process in computing of determining the identity of a remote host's operating system by analyzing packets from that host.
There are two different types, active and passive. Passive OS fingerprinting identifies the remote operating system with packets that are received, without sending any packets. Active OS fingerprinting, by contrast, sends packets and waits for a response (or lack of one). Active OS fingerprinting sometimes sends strange packets, because different implementations respond differently to such errors.
p0f is the most famous passive OS fingerprinting tool.
Nmap is a common tool that performs TCP/IP stack fingerprinting.
External links
- Remote OS detection via TCP/IP Stack FingerPrinting
- Defeating TCP/IP Stack Fingerprinting
- Strange Attractors and TCP/IP Sequence Number Analysis - One Year Later
 | This computer networking article is a stub. You can help Wikipedia by expanding it. |