TCP/IP stack fingerprinting (or OS fingerprinting) is the process in computing of determining the identity of a remote host's operating system by analyzing packets from that host.
There are two different types, active and passive. Passive OS fingerprinting identifies the remote operating system with packets that are received, without sending any packets. Active OS fingerprinting, by contrast, sends packets and waits for a response (or lack of one). Active OS fingerprinting sometimes sends strange packets, because different implementations respond differently to such errors.
Nmap is a tool that performs active TCP/IP stack fingerprinting.
p0f and Ettercap are tools that performs passive TCP/IP stack fingerprinting.
External links
- p0f v2 signature contribution page
- Remote OS detection via TCP/IP Stack FingerPrinting (2nd Generation)
- Defeating TCP/IP Stack Fingerprinting
- Strange Attractors and TCP/IP Sequence Number Analysis - One Year Later
 | This computer networking article is a stub. You can help Wikipedia by expanding it. |