OS Fingerprinting is a process of determining the Operating System used by the remote target.
There are two types of OS Fingerprinting:
Active OS Fingerprinting and Passive OS Fingerprinting
Passive OS Fingerprinting
Passive fingerprinting is undetectable by IDS on the network. Passive fingerprinter (a person or an application) will not be sending any data across the network (wire) because of this nature it’s undetectable. The down side to passive fingerprinting the fingerprinter must be on the same Hub as the other servers and clients in order to capture any packets on the wire.
Edited by: Apuvirajpius
Active OS Fingerprinting
Active fingerprinting is aggressive in nature. Active fingerprinter will transmits and receive from the targeted device. It can be located anywhere in the network and with the active fingerprinting method you can learn more information about the target then passive OS fingerprinting. The down side to this method fingerprinter can be identified by IDS on the network.
Active Fingerprinting Methods
• TCP Stack Querying:
o ICMP o TCP o SNMP
• Banner Grabbing
o FTP o Telnet o HTTP
• Port Probing
Protecting and Detecting Against Fingerprinting
Block all unnecessary outgoing ICMP traffic especially unusual ones like address mask and timestamp also block any ICMP echo replies. watch for excessive TCP SYN packets.
Fingerprinting Tools
Nmap is a tool that performs active TCP/IP stack fingerprinting.
p0f and Ettercap are tools that performs passive TCP/IP stack fingerprinting.
External links
- p0f v2 signature contribution page
- Remote OS detection via TCP/IP Stack FingerPrinting (2nd Generation)
- Defeating TCP/IP Stack Fingerprinting
- Strange Attractors and TCP/IP Sequence Number Analysis - One Year Later
 | This computer networking article is a stub. You can help Wikipedia by expanding it. |